Containerd容器运行时的私有仓库镜像推送push和镜像拉取问题解决

Bulut0907

已于 2022-09-26 11:29:36 修改

阅读量9.3k

点赞数 1

分类专栏： Docker/Containerd 文章标签： containerd 私有仓库镜像 push镜像 pull镜像推送拉取

于 2022-09-23 08:59:39 首次发布

本文链接：https://blog.youkuaiyun.com/yy8623977/article/details/125009466

版权

Docker/Containerd 专栏收录该内容

18 篇文章

订阅专栏

本文记录了在使用Contanerd时遇到的私有仓库镜像推送push和拉取pull的问题及解决方案。在推送镜像时，nerdctl命令出现错误，通过修改containerd配置并使用ctr命令可以成功推送。而在拉取镜像时，crictl命令报错，同样通过更新containerd配置后，crictl能够正常拉取镜像。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

1. 镜像推送push问题

问题记录如下

使用nerdctl命令往私有仓库推送镜像，出现的问题如下

[root@k8s-master ~]# nerdctl push 192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount
manifest-sha256:23a421d7ea703af6c659c09d5abefe9f8c629493649c096483688a19bb266610: waiting        |--------------------------------------| 
layer-sha256:9fb5b36aafb93bcc52f03dd17cf420f6be4b081172eb13164563f5b20b374a59:    waiting        |--------------------------------------| 
config-sha256:8c6b3c27cc675895f9c28934a311ed8974202056b0564855e6960efc5bd22f6e:   waiting        |--------------------------------------| 
layer-sha256:67e8aa6c8bbc76b1f2bccb3864b0887671833b8667dc1f6c965fcb0eac7e6402:    waiting        |--------------------------------------| 
layer-sha256:627e6c1e105548ea4a08354eea581f137cf368d91aeb0ad47dcb706fca54fd8b:    waiting        |--------------------------------------| 
layer-sha256:0670968926f6461e3135c82ba2c0ad3ebdedc0d0f41b18bda4a1e41104b8be8a:    waiting        |--------------------------------------| 
layer-sha256:65e458027cc21c1550d8d2ca4b36cd45889abb22dc7945f460014254e4276c6a:    waiting        |--------------------------------------| 
layer-sha256:6e07b100903dfabd0c5ee512f754810fee8af4d6189459d873c8753a98663ad7:    waiting        |--------------------------------------| 
layer-sha256:bbf92622a61b817a7696e452f66d238710c0e7722f6fed7d0d8f4e224762a0a5:    waiting        |--------------------------------------| 
layer-sha256:e10b6fee624561f4f50bf5fd09c7734c75f559c8ba430bad0b6d756c62bb8e9e:    waiting        |--------------------------------------| 
layer-sha256:9f2d839593974441b014c89a092d74a6ed980bd8a5e558f29dce564926329620:    waiting        |--------------------------------------| 
layer-sha256:7a37825ce891ec0855e3992d806c99d2d9205b506e08b87d7ff466f805f3649a:    waiting        |--------------------------------------| 
layer-sha256:ddd741668e8e73c8ea5740c2a3a629f9b02b27e7ccb3de2eed1c990b6e0c48f1:    waiting        |--------------------------------------| 
layer-sha256:b4bbe30ab5e7a617dd4a2bedb493aa64be2da5ef624a6866b4d98be4aa832704:    waiting        |--------------------------------------| 
layer-sha256:e18ab33fd60ec489b647dc68b1f4250de47b21f35c96af95d47c175e2224abf7:    waiting        |--------------------------------------| 
layer-sha256:42daf0f51ba307f3cca3912bb9728600f197db66d624c2f60bc0077e056755c3:    waiting        |--------------------------------------| 
elapsed: 0.1 s                                                                    total:   0.0 B (0.0 B/s)                                         
FATA[0000] failed to do request: Head "https://192.168.23.160:5000/v2/flink/blobs/sha256:9fb5b36aafb93bcc52f03dd17cf420f6be4b081172eb13164563f5b20b374a59": http: server gave HTTP response to HTTPS client 
[root@k8s-master ~]#

向/etc/containerd/config.toml配置添加如下新的endpoint配置，然后重启containerd服务。也无法解决

......省略部分......
    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          #endpoint = ["https://registry-1.docker.io"]
          # 注释上面那行，添加下面两行
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.23.160:5000"]
          endpoint = ["http://192.168.23.160:5000"]
    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = ""
    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
......省略部分......

解决办法

可以通过ctr命令进行镜像推送，这样推送就不会出现问题了

[root@k8s-master ~]# ctr images push --plain-http=true 192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount
manifest-sha256:23a421d7ea703af6c659c09d5abefe9f8c629493649c096483688a19bb266610: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:9fb5b36aafb93bcc52f03dd17cf420f6be4b081172eb13164563f5b20b374a59:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:8c6b3c27cc675895f9c28934a311ed8974202056b0564855e6960efc5bd22f6e:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:67e8aa6c8bbc76b1f2bccb3864b0887671833b8667dc1f6c965fcb0eac7e6402:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:627e6c1e105548ea4a08354eea581f137cf368d91aeb0ad47dcb706fca54fd8b:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:0670968926f6461e3135c82ba2c0ad3ebdedc0d0f41b18bda4a1e41104b8be8a:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:65e458027cc21c1550d8d2ca4b36cd45889abb22dc7945f460014254e4276c6a:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:6e07b100903dfabd0c5ee512f754810fee8af4d6189459d873c8753a98663ad7:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:bbf92622a61b817a7696e452f66d238710c0e7722f6fed7d0d8f4e224762a0a5:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:e10b6fee624561f4f50bf5fd09c7734c75f559c8ba430bad0b6d756c62bb8e9e:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:9f2d839593974441b014c89a092d74a6ed980bd8a5e558f29dce564926329620:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:7a37825ce891ec0855e3992d806c99d2d9205b506e08b87d7ff466f805f3649a:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:ddd741668e8e73c8ea5740c2a3a629f9b02b27e7ccb3de2eed1c990b6e0c48f1:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:b4bbe30ab5e7a617dd4a2bedb493aa64be2da5ef624a6866b4d98be4aa832704:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:e18ab33fd60ec489b647dc68b1f4250de47b21f35c96af95d47c175e2224abf7:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:42daf0f51ba307f3cca3912bb9728600f197db66d624c2f60bc0077e056755c3:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 5.9 s                                                                    total:  537.3  (91.1 MiB/s)                                      
[root@k8s-master ~]#

2. 镜像拉取pull问题

问题记录

通过crictl为k8s拉取镜像，会出现rpc错误，如下所示

[root@k8s-master ~]# crictl pull 192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount
E0527 19:13:48.191793   32946 remote_image.go:218] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount\": failed to resolve reference \"192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount\": failed to do request: Head \"https://192.168.23.160:5000/v2/flink/manifests/1.15.0-scala_2.12-wordcount\": http: server gave HTTP response to HTTPS client" image="192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount"
FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount": failed to resolve reference "192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount": failed to do request: Head "https://192.168.23.160:5000/v2/flink/manifests/1.15.0-scala_2.12-wordcount": http: server gave HTTP response to HTTPS client 
[root@k8s-master ~]#

解决办法
向/etc/containerd/config.toml配置添加如下新的endpoint配置，然后重启containerd服务

......省略部分......
    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          #endpoint = ["https://registry-1.docker.io"]
          # 注释上面那行，添加下面两行
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.23.160:5000"]
          endpoint = ["http://192.168.23.160:5000"]
    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = ""
    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
......省略部分......

再次拉取镜像，就可以拉取了，如下所示：

[root@k8s-master ~]# crictl pull 192.168.23.160:5000/flink:1.15.0-scala_2.12-wordcount
Image is up to date for sha256:8c6b3c27cc675895f9c28934a311ed8974202056b0564855e6960efc5bd22f6e
[root@k8s-master ~]#