containerd配置私有harbor镜像仓库

root@shawn-virtual-machine:/etc/containerd# crictl -version
crictl version v1.24.0

containerd拉取私有仓库镜像报错 x509: certificate signed by unknown authority。

在配置文件/etc/containerd/config.toml中增加以下配置

[plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        # 内部私有仓库认证信息
        [plugins."io.containerd.grpc.v1.cri".registry.configs."10.4.xx.xx:5443".tls]
            insecure_skip_verify = true
        [plugins."io.containerd.grpc.v1.cri".registry.configs."10.4.xx.xx:5443".auth]
            username = "admin" # 在harbor里单独创建的用户，授权访问指定项目
            password = "password"

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        # 内部私有仓库配置
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.4.xx.xx:5443"]
            endpoint = ["https://10.4.xx.xx:5443/"]

重启containerd服务以使配置生效

#重新加载配置
systemctl daemon-reload
#重启containerd
systemctl restart containerd

仍拉取失败，报如下错误。

failed to unpack image on snapshotter overlayfs: unexpected media type text/html for sha256:fe29cb63644f0d85a0e8abd7c494c1a350d652a0f2962fbf1b12102ac6cf75b6: not found

参考https://github.com/containerd/containerd/issues/6984 将endpoint由https://10.4.xx.xx:5443/改为https://10.4.xx.xx:5443。
测试pull成功。

https://github.com/containerd/containerd/