github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

update config syntax in registry.md

Browse Source 
Signed-off-by: Yecheng Fu <fuyecheng@pingcap.com>
This commit is contained in:
Yecheng Fu 2020-01-09 16:05:45 +08:00
parent 522a056fe6
commit ef7f327f2a
1 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docs/registry.md
View File

@ -1,20 +1,27 @@
# Configure Image Registry # Configure Image Registry
This document describes the method to configure the image registry for `containerd` for use with the `cri` plugin. This document describes the method to configure the image registry for `containerd` for use with the `cri` plugin.
NOTE: The configuration syntax used in this doc is in version 2 which is the
recommended since `containerd` 1.3. If your configuration is still in version 1,
you can replace `"io.containerd.grpc.v1.cri"` with `cri`.
## Configure Registry Endpoint ## Configure Registry Endpoint
With containerd, `docker.io` is the default image registry. You can also set up other image registries similar to docker. With containerd, `docker.io` is the default image registry. You can also set up other image registries similar to docker.
To configure image registries create/modify the `/etc/containerd/config.toml` as follows: To configure image registries create/modify the `/etc/containerd/config.toml` as follows:
```toml ```toml
[plugins.cri.registry.mirrors] # explicitly use v2 config format
[plugins.cri.registry.mirrors."docker.io"] version = 2
[plugin."io.containerd.grpc.v1.cri".registry.mirrors]
[plugin."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"] endpoint = ["https://registry-1.docker.io"]
[plugins.cri.registry.mirrors."test.https-registry.io"] [plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.https-registry.io"]
endpoint = ["https://HostIP1:Port1"] endpoint = ["https://HostIP1:Port1"]
[plugins.cri.registry.mirrors."test.http-registry.io"] [plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.http-registry.io"]
endpoint = ["http://HostIP2:Port2"] endpoint = ["http://HostIP2:Port2"]
# wildcard matching is supported but not required. # wildcard matching is supported but not required.
[plugins.cri.registry.mirrors."*"] [plugin."io.containerd.grpc.v1.cri".registry.mirrors."*"]
endpoint = ["https://HostIP3:Port3"] endpoint = ["https://HostIP3:Port3"]
``` ```
@ -38,9 +45,12 @@ After modify this config, you need restart the `containerd` service.
To configure the TLS settings for a specific registry, create/modify the `/etc/containerd/config.toml` as follows: To configure the TLS settings for a specific registry, create/modify the `/etc/containerd/config.toml` as follows:
```toml ```toml
# explicitly use v2 config format
version = 2
# The registry host has to be a domain name or IP. Port number is also # The registry host has to be a domain name or IP. Port number is also
# needed if the default HTTPS or HTTP port is not used. # needed if the default HTTPS or HTTP port is not used.
[plugins.cri.registry.configs."my.custom.registry".tls] [plugin."io.containerd.grpc.v1.cri".registry.configs."my.custom.registry".tls]
ca_file = "ca.pem" ca_file = "ca.pem"
cert_file = "cert.pem" cert_file = "cert.pem"
key_file = "key.pem" key_file = "key.pem"
@ -52,13 +62,19 @@ In the config example shown above, TLS mutual authentication will be used for co
`cert_file` and `key_file` are not needed when TLS mutual authentication is unused. `cert_file` and `key_file` are not needed when TLS mutual authentication is unused.
```toml ```toml
[plugins.cri.registry.configs."my.custom.registry".tls] # explicitly use v2 config format
version = 2
[plugin."io.containerd.grpc.v1.cri".registry.configs."my.custom.registry".tls]
ca_file = "ca.pem" ca_file = "ca.pem"
``` ```
To skip the registry certificate verification: To skip the registry certificate verification:
``` ```toml
[plugins.cri.registry.configs."my.custom.registry".tls] # explicitly use v2 config format
version = 2
[plugin."io.containerd.grpc.v1.cri".registry.configs."my.custom.registry".tls]
insecure_skip_verify = true insecure_skip_verify = true
``` ```
@ -69,9 +85,12 @@ To skip the registry certificate verification:
To configure a credential for a specific registry, create/modify the To configure a credential for a specific registry, create/modify the
`/etc/containerd/config.toml` as follows: `/etc/containerd/config.toml` as follows:
```toml ```toml
# explicitly use v2 config format
version = 2
# The registry host has to be a domain name or IP. Port number is also # The registry host has to be a domain name or IP. Port number is also
# needed if the default HTTPS or HTTP port is not used. # needed if the default HTTPS or HTTP port is not used.
[plugins.cri.registry.configs."gcr.io".auth] [plugin."io.containerd.grpc.v1.cri".registry.configs."gcr.io".auth]
username = "" username = ""
password = "" password = ""
auth = "" auth = ""