文章目录
- 1. 预备条件
- 2. 配置镜像仓库
1. 预备条件
安装rke2:
2. 配置镜像仓库
Containerd 可以配置为连接到私有镜像仓库,并使用仓库在每个节点上拉取私有镜像。
启动时,RKE2 会检查 /etc/rancher/rke2/
中是否存在 registries.yaml
文件,并指示 containerd 使用该文件中定义的镜像仓库。
$ vim /etc/rancher/rke2/registries.yaml
mirrors:
docker.io:
endpoint:
- "https://harbor.ghostwritten.com"
configs:
"harbor.ghostwritten.com":
auth:
username: admin
password: Harbor12345
tls:
insecure_skip_verify: true
重启 rke2-server
systemctl restart rke2-server.service && systemctl status rke2-server.service
重启后/etc/rancher/rke2/registries.yaml
的仓库配置会传递到/var/lib/rancher/rke2/agent/etc/containerd/config.toml
。
cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml
# File generated by rke2. DO NOT EDIT. Use config.toml.tmpl instead.
version = 2
[plugins."io.containerd.internal.v1.opt"]
path = "/var/lib/rancher/rke2/agent/containerd"
[plugins."io.containerd.grpc.v1.cri"]
stream_server_address = "127.0.0.1"
stream_server_port = "10010"
enable_selinux = false
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
sandbox_image = "index.docker.io/rancher/pause:3.6"
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
disable_snapshot_annotations = true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://harbor.ghostwritten.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ghostwritten.com".auth]
username = "admin"
password = "Harbor12345"
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ghostwritten.com".tls]
insecure_skip_verify = true
参考: