Containerd 镜像加速方案
1.5 之前用 mirrors,1.5 及以后用 hosts.toml 目录化配置。
如何确认版本?执行如下命令,根据版本选择
containerd --version
一、Containerd < 1.5
1.1 containerd 镜像源配置
编辑 containerd 配置文件:
vim /etc/containerd/config.toml
1.2 containerd 镜像源配置
1.2.1 在配置文件中添加以下内容,配置镜像源地址:
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://docker.1ms.run"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://k8s.1ms.run"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
endpoint = ["https://gcr.1ms.run"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."ghcr.io"]
endpoint = ["https://ghcr.1ms.run"]
注意:请将 https://xxxxxx.d.1ms.run 替换为您的专属免登录域名
1.2.2 重启 containerd 服务
配置完成后,重启 containerd 服务使配置生效:
systemctl restart containerd
验证服务状态:
systemctl status containerd
二、Containerd >= 1.5
- 1.5+ 支持 热加载,改完
hosts.toml无需重启也可在 30 s 内自动生效。- 若后续官方地址变动,只需改
server字段;若镜像站新增节点,再追加一段[[host."https://new.xx"]]即可。
1. 确认 config.toml 里已经指定了 config_path
# /etc/containerd/config.toml 片段
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
修改后记得重启 containerd:
systemctl restart containerd
2. 批量建目录
BASE=/etc/containerd/certs.d
for r in docker.io ghcr.io gcr.io registry.k8s.io nvcr.io quay.io mcr.microsoft.com docker.elastic.co; do
mkdir -p $BASE/$r
done
目录树
/etc/containerd/certs.d/
├── docker.io
│ └── hosts.toml # 免费/付费
├── ghcr.io
│ └── hosts.toml # 免费/付费
├── gcr.io
│ └── hosts.toml # 付费/废弃(官方停止服务)
├── registry.k8s.io
│ └── hosts.toml # 付费
├── nvcr.io
│ └── hosts.toml # 付费
├── quay.io
│ └── hosts.toml # 付费
├── mcr.microsoft.com
│ └── hosts.toml # 付费
└── docker.elastic.co
└── hosts.toml # 付费
3. 配置镜像
docker.io
# /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://registry-1.docker.io"
[host."https://docker.1ms.run"]
capabilities = ["pull", "resolve"]
ghcr.io
# /etc/containerd/certs.d/ghcr.io/hosts.toml
server = "https://ghcr.io"
[host."https://ghcr.1ms.run"]
capabilities = ["pull", "resolve"]
nvcr.io
# /etc/containerd/certs.d/nvcr.io/hosts.toml
server = "https://nvcr.io"
[host."https://nvcr.1ms.run"]
capabilities = ["pull", "resolve"]
quay.io
# /etc/containerd/certs.d/quay.io/hosts.toml
server = "https://quay.io"
[host."https://quay.1ms.run"]
capabilities = ["pull", "resolve"]
mcr.microsoft.com
# /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml
server = "https://mcr.microsoft.com"
[host."https://mcr.1ms.run"]
capabilities = ["pull", "resolve"]
docker.elastic.co
# /etc/containerd/certs.d/docker.elastic.co/hosts.toml
server = "https://docker.elastic.co"
[host."https://elastic.1ms.run"]
capabilities = ["pull", "resolve"]
registry.k8s.io
# /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server = "https://registry.k8s.io"
[host."https://k8s.1ms.run"]
capabilities = ["pull", "resolve"]
gcr.io
# /etc/containerd/certs.d/gcr.io/hosts.toml
server = "https://gcr.io"
[host."https://gcr.1ms.run"]
capabilities = ["pull", "resolve"]
4. 使配置生效
systemctl restart containerd
5. 验证(任选一条)
# 免费
crictl pull docker.io/library/redis:7-alpine
# 付费(需确保账号已开通)
crictl pull k8s.gcr.io/pause:3.9