This message was deleted.
# generala
adamant-kite-43734
11/29/2022, 5:25 PMThis message was deleted.
d
damp-painting-69352
11/29/2022, 5:26 PMLook into rke2/k3s registries.yaml in the /etc/rancher/rke2 directory
damp-painting-69352
11/29/2022, 5:27 PMa
able-wall-25846
11/29/2022, 5:28 PMya that's how I got to
able-wall-25846
11/29/2022, 5:28 PM Copy code
root@knode03:~# cat /etc/rancher/rke2/registries.yaml
mirrors:
<http://registry01.sys.nc4.iad0.nsscloud.net|registry01.sys.nc4.iad0.nsscloud.net>:
endpoint:
- "<http://registry01.sys.nc4.iad0.nsscloud.net:5000>"
root@knode03:~#able-wall-25846
11/29/2022, 5:28 PMbut that doesn't seem to be working
d
damp-painting-69352
11/29/2022, 5:28 PMyou may need to add a config for that to allow insecure
damp-painting-69352
11/29/2022, 5:28 PMa
able-wall-25846
11/29/2022, 5:29 PMI don't have any auth
able-wall-25846
11/29/2022, 5:29 PMand it doesn't have TLS
d
damp-painting-69352
11/29/2022, 5:29 PMas far as my testing this config is super finicky/buggy give the
insecure_skip_verifya
able-wall-25846
11/29/2022, 5:30 PMI will try that
d
damp-painting-69352
11/29/2022, 5:30 PMyou can check the kubelet and containerd logs after and see what errors are being thrown
damp-painting-69352
11/29/2022, 5:32 PMyou shouldn't set the domain as a mirror to iteself that is recursive
a
able-wall-25846
11/29/2022, 5:33 PMI shouldn't use the fqdn for the key?
d
damp-painting-69352
11/29/2022, 5:35 PMThat is ment for mirrors like docker.io to your registry
damp-painting-69352
11/29/2022, 5:36 PMyou shouldn't need this file if you are specifically calling this registry in the container image invocation. You would use this to direct containerd to check other mirrors for the same image path
a
able-wall-25846
11/29/2022, 5:38 PMok then how can I pull from a private registry then? cause I always get this error
able-wall-25846
11/29/2022, 5:38 PMeven if the image is the full path
d
damp-painting-69352
11/29/2022, 5:38 PMwhich error
a
able-wall-25846
11/29/2022, 5:39 PM Copy code
root@knode03:~# export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
root@knode03:~# export PATH=$PATH:/var/lib/rancher/rke2/bin/
root@knode03:~# crictl pull <http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>
FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "<http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>": failed to resolve reference "<http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>": failed to do request: Head "<https://registry01.sys.nc4.iad0.nsscloud.net:5000/v2/ns-ubuntu-20-04-qemu/manifests/latest>": http: server gave HTTP response to HTTPS client
root@knode03:~#able-wall-25846
11/29/2022, 5:39 PMit's trying to connect with HTTPS to my HTTP registry
d
damp-painting-69352
11/29/2022, 5:39 PMit is
a
able-wall-25846
11/29/2022, 5:40 PMif I'm just using continerd outside rke2
able-wall-25846
11/29/2022, 5:40 PM Copy code
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."198.18.0.157:5000".tls]
insecure_skip_verify = trueable-wall-25846
11/29/2022, 5:40 PMis working for me
able-wall-25846
11/29/2022, 5:41 PMI can pull the image no issue
able-wall-25846
11/29/2022, 5:41 PMbut if I'm using the rke2 socket for containerd I cannot pull the image
d
damp-painting-69352
11/29/2022, 5:42 PMI can't say i have ever tried to pull from a HTTP endpoint, sorry
a
able-wall-25846
11/29/2022, 5:44 PMwhat would happen if I manually updated this file
Copy code
/var/lib/rancher/rke2/agent/etc/containerd/config.tomlable-wall-25846
11/29/2022, 5:44 PMdoes that file get created every time I restart rke2-server?
d
damp-painting-69352
11/29/2022, 5:48 PMit would get replaced yes
5 Views