This message was deleted.
# general
a
This message was deleted.
d
Look into rke2/k3s registries.yaml in the /etc/rancher/rke2 directory
a
ya that's how I got to
Copy code
root@knode03:~# cat /etc/rancher/rke2/registries.yaml
mirrors:
  <http://registry01.sys.nc4.iad0.nsscloud.net|registry01.sys.nc4.iad0.nsscloud.net>:
    endpoint:
      - "<http://registry01.sys.nc4.iad0.nsscloud.net:5000>"
root@knode03:~#
but that doesn't seem to be working
d
you may need to add a config for that to allow insecure
a
I don't have any auth
and it doesn't have TLS
d
as far as my testing this config is super finicky/buggy give the
insecure_skip_verify
flag a try
a
I will try that
d
you can check the kubelet and containerd logs after and see what errors are being thrown
you shouldn't set the domain as a mirror to iteself that is recursive
a
I shouldn't use the fqdn for the key?
d
That is ment for mirrors like docker.io to your registry
you shouldn't need this file if you are specifically calling this registry in the container image invocation. You would use this to direct containerd to check other mirrors for the same image path
a
ok then how can I pull from a private registry then? cause I always get this error
even if the image is the full path
d
which error
a
Copy code
root@knode03:~# export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
root@knode03:~# export PATH=$PATH:/var/lib/rancher/rke2/bin/
root@knode03:~# crictl pull <http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>
FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "<http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>": failed to resolve reference "<http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>": failed to do request: Head "<https://registry01.sys.nc4.iad0.nsscloud.net:5000/v2/ns-ubuntu-20-04-qemu/manifests/latest>": http: server gave HTTP response to HTTPS client
root@knode03:~#
it's trying to connect with HTTPS to my HTTP registry
d
it is
a
if I'm just using continerd outside rke2
Copy code
[plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."198.18.0.157:5000".tls]
      insecure_skip_verify = true
is working for me
I can pull the image no issue
but if I'm using the rke2 socket for containerd I cannot pull the image
d
I can't say i have ever tried to pull from a HTTP endpoint, sorry
a
what would happen if I manually updated this file
Copy code
/var/lib/rancher/rke2/agent/etc/containerd/config.toml
does that file get created every time I restart rke2-server?
d
it would get replaced yes