K8S containerd配置跳过Harbor镜像仓库https验证

K8S containerd配置跳过Harbor镜像仓库https验证

使用容器命令ctr拉取镜像

#ctr -n=k8s.io images pull  harbor.your_group.com/kubernetesui/dashboard:v2.7.0

提示443异常，docker pull拉取正常

INFO[0000] trying next host                              error="failed to do request: Head \"https://harbor.your_group.com/v2/kubernetesui/dashboard/manifests/v2.7.0\": dial tcp your_ip:443: connect: connection refused" host=harbor.your_group.com
ctr: failed to resolve reference "harbor.your_group.com/kubernetesui/dashboard:v2.7.0": failed to do request: Head "https://harbor.your_group.com/v2/kubernetesui/dashboard/manifests/v2.7.0": dial tcp your_ip:443: connect: connection refused

加参数--plain-http, 这样就能下载下来了

# ctr -n=k8s.io images pull  harbor.your_group.com/kubernetesui/dashboard:v2.7.0 --plain-http
harbor.your_group.com/kubernetesui/dashboard:v2.7.0:                         resolved       |++++++++++++++++++++++++++++++++++++++|

配置文件

vi /etc/containerd/config.toml

    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.your_group.com".tls]
            insecure_skip_verify = true

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.your_group.com"]
            endpoint = ["http://harbor.your_group.com"]

          [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
                   endpoint = ["http://hub-mirror.c.163.com"]
    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]

参考：https://www.cnblogs.com/chen2ha/p/18498428