46 lines
1.8 KiB
Markdown
46 lines
1.8 KiB
Markdown
# Configure Image Registry
|
|
This document describes the method to configure the image registry for `containerd` for use with the `cri` plugin.
|
|
|
|
## Configure Registry Endpoint
|
|
With containerd, `docker.io` is the default image registry. You can also set up other image registries similar to docker.
|
|
|
|
To configure image registries create/modify the `/etc/containerd/config.toml` as follows:
|
|
```toml
|
|
[plugins.cri.registry.mirrors]
|
|
[plugins.cri.registry.mirrors."docker.io"]
|
|
endpoint = ["https://registry-1.docker.io"]
|
|
[plugins.cri.registry.mirrors."test.secure-registry.io"]
|
|
endpoint = ["https://HostIP1:Port1"]
|
|
[plugins.cri.registry.mirrors."test.insecure-registry.io"]
|
|
endpoint = ["http://HostIP2:Port2"]
|
|
```
|
|
|
|
The default configuration can be generated by `containerd config default > /etc/containerd/config.toml`.
|
|
|
|
The endpoint is a list that can contain multiple image registry URLs split by commas. When pulling an image
|
|
from a registry, containerd will try these endpoint URLs one by one, and use the first working one.
|
|
|
|
After modify this config, you need restart the `containerd` service.
|
|
|
|
## Configure Registry Credentials
|
|
|
|
`cri` plugin also supports docker like registry credential config.
|
|
|
|
To configure a credential for a specific registry endpoint, create/modify the
|
|
`/etc/containerd/config.toml` as follows:
|
|
```toml
|
|
[plugins.cri.registry.auths]
|
|
[plugins.cri.registry.auths."https://gcr.io"]
|
|
username = ""
|
|
password = ""
|
|
auth = ""
|
|
identitytoken = ""
|
|
```
|
|
The meaning of each field is the same with the corresponding field in `.docker/config.json`.
|
|
|
|
Please note that auth config passed by CRI takes precedence over this config.
|
|
The registry credential in this config will only be used when auth config is
|
|
not specified by Kubernetes via CRI.
|
|
|
|
After modify this config, you need restart the `containerd` service.
|