Containerd with Harbor 30 December 2021

Containerd with Harbor

Previously we explained how to install a Harbor server and how to configure CRI-O to use it.

In this case we will see how the configuration is if our container runtime is Containerd.

Containerd

To carry out this configuration, you will have to access the nodes and there create or modify the file /etc/containerd/config.toml:

version = 2

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
    endpoint = ["https://harbor-cache.example.com/v2/proxy.docker.io/"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
    endpoint = ["https://harbor-cache.example.com/v2/proxy.gcr.io/"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
    endpoint = ["https://harbor-cache.example.com/v2/proxy.k8s.gcr.io/"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
    endpoint = ["https://harbor-cache.example.com/v2/proxy.quay.io/"]
    # [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor-cache.example.com".tls]
    # ca_file   = "/etc/containerd/harbor.pem"

In this case, four of the most used registries are configure

  • docker.io: The official Docker registry.
  • gcr.io: Google Container Registry, official images from Google.
  • k8s.gcr.io: Google Kubernetes Engine Container Registry, the main Kubernetes image-serving system.
  • quay.io: a private Docker registry operated by the Red Hat organization.

These were the four projects defined at Harbor earlier. You will have to add a similar line in this file for each extra project you want to add.

Remember that for the configuration to take effect, the containerd service must be restarted:

systemctl daemon-reload
systemctl restart containerd