文章目录

现象描述

通过nerdctl工具无法拉取镜像(已配置containerd镜像加速地址,crictl image pull正常)

~# nerdctl pull redis:latest
docker.io/library/redis:latest: resolving      |--------------------------------------| 
elapsed: 29.9s                  total:   0.0 B (0.0 B/s)                                         
INFO[0030] fetch failed                                  error="failed to do request: Head \"https://registry-1.docker.io/v2/library/redis/manifests/latest\": dial tcp 182.50.139.56:443: i/o timeout" host=registry-1.docker.io
ERRO[0030] active check failed                           error="context canceled"
FATA[0030] failed to resolve reference "docker.io/library/redis:latest": failed to do request: Head "https://registry-1.docker.io/v2/library/redis/manifests/latest": dial tcp 182.50.139.56:443: i/o timeout

环境概览

组件名称 组件版本
containerd v1.7.13
kubernetes v1.30.6
crictl v1.29.0
nerdctl 2.0.2

调整containerd镜像加速配置

原镜像加速配置:

...
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]

        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.md-sh.com"]

          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.md-sh.com".auth]
            auth = ""
            identitytoken = ""
            password = "xxxxxxxx"
            username = "md"

          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.md-sh.com".tls]
            ca_file = ""
            cert_file = ""
            insecure_skip_verify = true
            key_file = ""

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.m.daocloud.io", "https://docker.ketches.cn", "https://proxy.1panel.live"]

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.md-sh.com"]
          endpoint = ["https://harbor.md-sh.com"]

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."nvcr.io"]
          endpoint = ["https://nvcr.mirrorify.net"]

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
          endpoint = ["https://k8s.monlor.com"]

调整后的配置:

1、编辑/etc/containerd/config.toml,调整config_path
...
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"
...

2、创建镜像加速器配置文件
mkdir /etc/containerd/certs.d/docker.io -p

tee  /etc/containerd/certs.d/docker.io/hosts.toml << 'EOF'
server = "https://docker.io"

[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]

[host."https://hub.mirrorify.net"]
  capabilities = ["pull", "resolve", "push"]

[host."https://proxy.1panel.live"]
  capabilities = ["pull", "resolve", "push"]
EOF

3、重启containerd测试
systemctl restart containerd.service 

nerdctl pull redis:latest
docker.io/library/redis:latest:                                                   resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:05f99264e2928ad472f2751b3a8d1f65c9c2cc1819be04548b2261c08e2e026b:    done           |++++++++++++++++++++++++++++++++++++++| manifest-sha256:18077322db9506f5df37db3e0f7080574853d593bcd23a4d42d551a3127b55fd: done           |++++++++++++++++++++++++++++++++++++++| config-sha256:2724e40d4303391e1a46884134da358e20a6d0b03f32ee6c412079ddb4ac6783:   done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:fd674058ff8f8cfa7fb8a20c006fc0128541cbbad7f7f7f28df570d08f9e4d92:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:4c9c306fe0ac78b240423fb9c7933cfccfb970be4f789b072243e78f58db9da4:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:76f0f8a4aae4c12c94163c6bfa2a0a8718a9e4504f86bd3aacccc7cc097b5849:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:d334c6665cc1a47885608cbec05a935eaea0cecf6183313b4ecd96a70ebb7a2e:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:f3615eb0792b5465c4c67421699a5e42bc4a02fc3dcccc5b5fc73a6b1d4b99d2:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:e0b2e54213f58e928ab3b0cd2fd524650df6d79d0bcce5050e4b3e2497e4f839:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:47cee545c70a2f5e034c7ba42554655724c5151f14a5b48b6dd9e9d66f47b0c3:    done           |++++++++++++++++++++++++++++++++++++++| elapsed: 76.8s                                                                    total:  42.9 M (572.4 KiB/s)
附1:安装nerdctl

下载链接:https://github.com/containerd/nerdctl/releases/tag/v2.0.2

nerdctl 官方发布包含两个安装版本:

  • Minimal (nerdctl-2.0.2-linux-amd64.tar.gz): nerdctl only
  • Full (nerdctl-full-2.0.2-linux-amd64.tar.gz): Includes dependencies such as containerd, runc, and CNI

nerdctl bash自动补全

~# nerdctl completion bash > /etc/bash_completion.d/nerdctl
~# source /etc/bash_completion.d/nerdctl
附2:其他镜像加速需要逐一添加

传送门:https://github.com/Hugh-yw/Mirror-acceleration

参考资料:
https://help.aliyun.com/zh/acr/user-guide/accelerate-the-pulls-of-docker-official-images#4766fe99e4g5f

# kubernetes
Logo
EazyDevelop社区

一站式 AI 云服务平台

更多推荐

cover

国内低代码平台:2025 年国内主流平台盘点

avatar EazyDevelop社区
cover

5分钟搞定!MySQL/PostgreSQL 到 Elasticsearch 的实时同步

avatar EazyDevelop社区
cover

从零开始搭建个人RAG知识库:RAGFlow+DeepSeek保姆级教程!

avatar EazyDevelop社区