2025/12/24...小于 1 分钟
为 Containerd 配置 Harbor 无证书镜像站
目录结构要求
在 /etc/containerd 下需要有如下结构:
root@node1:/etc/containerd# tree .
.
├── certs.d
│ └── 11.0.1.143
│ └── hosts.toml
└── config.tomlv3 风格配置示例
1. hosts.toml 配置
路径:/etc/containerd/certs.d/11.0.1.143/hosts.toml
version = 3
server = "http://11.0.1.143"
[host."http://11.0.1.143"]
capabilities = ["pull", "push"]
skip_verify = true2. config.toml 中启用 certs.d 目录
路径:/etc/containerd/config.toml
只看与镜像相关的关键片段(v3 写法):
[plugins."io.containerd.cri.v1.images"]
# 拉取镜像相关的通用配置
concurrent_downloads = 3
concurrent_layer_downloads = 3
concurrent_layer_fetch_buffer = 0
image_pull_progress_timeout = "5m0s"
image_pull_with_sync_fs = false
stats_collect_period = 10
use_local_image_pull = false
[plugins."io.containerd.cri.v1.images".pinned_images]
sandbox = "registry.k8s.io/pause:3.10"
# 关键:指定 registry 配置目录(v3 推荐方式)
[plugins."io.containerd.cri.v1.images".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.cri.v1.images".image_decryption]
key_model = "node"更新日志
2025/12/24 15:15
查看所有更新日志
cd54d-于