Skip to content

Configure Containerd Private Repository

As Kubernetes is deprecating docker as container runtime after version 1.20, we decided to choose Containerd as our Kubernetes runtime. Our Kubernetes cluster is running on the Aliyun Cloud, with 3 master nodes and 6 worker nodes.

This post documented how to configure a private repository in Containerd. compared with Docker, I feel that client tools like crlctl is not powerful as the Docker client.

Configure private repository

To configure image registries create/modify the /etc/containerd/config.toml as follows

    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      max_conf_num = 1

    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io"]

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."devhub.devops.xxx.com"]
          endpoint = ["https://devhub.devops.xxx.com"]
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."devhub.devops.xxx.com".auth]
          username = "robot"
          password = "5UPu2MVzC"

The endpoint is a list that can contain multiple image registry URLs split by commas.
The auth is the credentials that login

Restart contained to take effect

systemctl restart containerd

Verify

perform the command to check the configuration.

crlctl info
image

Pull Image

image 2

Summary

You will be able to know how to configure a private in Containerd and how to use client – crictl to pull images or do other actions. for a heavily-docker user, the client crictl is not friendly, especially pulling images. no idea it is pulling or is stuck there for network connection reason or other reasons.

Leave a Reply