containerd无法拉取阿里云的私有仓库
来源:7-1 定时任务迁移kubernetes
汤同学丶
2023-01-05
老师您好,我不想自己装harbor,想把镜像直接放到阿里云的仓库里,但是目前我遇到了一些问题。
问题如下:
我显示修改了config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."aliyun".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."aliyun".auth]
username = "tangtan****@126.com"
password = "xxxx"
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://ltqaivfs.mirror.aliyuncs.com", "https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."aliyun"]
endpoint = ["https://registry.cn-hangzhou.aliyuncs.com"]
$ systemctl daemon-reload
$ systemctl restart containerd
然后进行拉取测试
ctr i pull registry.cn-hangzhou.aliyuncs.com/fulintang/cronjob:v1
报错如下:
[root@localhost containerd]# ctr i pull registry.cn-hangzhou.aliyuncs.com/fulintang/cronjob:v1
registry.cn-hangzhou.aliyuncs.com/fulintang/cronjob:v1: resolving |--------------------------------------|
elapsed: 0.6 s total: 0.0 B (0.0 B/s)
INFO[0000] trying next host error="pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" host=registry.cn-hangzhou.aliyuncs.com
ctr: failed to resolve reference "registry.cn-hangzhou.aliyuncs.com/fulintang/cronjob:v1": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
我将仓库设置的状态是私有的时候一直报这个错,我设置成公有就没有问题了。
但是以后生产环境我不可能把库设置成公有的,请问这种设置了账号密码还无法拉取镜像的情况如何解决呢?
最后我发现pull的时候用-user属性能下载下来
ctr i pull -user tangtaxxx@126.com:txxxx registry.cn-hangzhou.aliyuncs.com/fulintang/cronjob:v1
K8S的话是不是设置一个imagePullSecrets就行了呢?请问该怎么设置呢?
写回答
1回答
-
刘果国
2023-01-06
确实没这么用过,镜像仓库一般都用自建的。走公网带宽成本太高。
00
相似问题