containerd에서 insecure registry 설정

김건호·2025년 1월 3일

개요

containerd를 사용하는 쿠버네티스 클러스터에서 이미지를 pull 할 때, 로컬 레지스트리를 쓰는 바람에 인증서가 없어서 pull이 안 되는 상황이였다

어차피 테스트 서버니까.. insecure_registry 설정으로 후려치겠다 !

containerd 버전

# ctr version
Client:
  Version:  v1.7.23
  Revision: 57f17b0a6295a39009d861b89e3b3b87b005ca27
  Go version: go1.22.8

config 설정

/etc/containerd/config.toml
containerd는 이 파일을 수정하면 된다

[plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"

보통 처음 설치하면 이렇게 되어 있는데 config_path = "/etc/containerd/certs.d" 줄을 지우고 아래와 같이 추가하면 된다

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."레지스트리주소"]
      endpoint = ["http://레지스트리주소"]

crio는 /etc/crio/crio.conf/

주의사항 !

[plugins."io.containerd.grpc.v1.cri".registry]
  config_path = "/etc/containerd/certs.d"
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."레지스트리주소"]
        endpoint = ["https://레지스트리주소"]

처음에는 config_path 를 안 지우고 내용을 추가 했더니 node가 아래 event가 뜨면서 notReady가 됐다 ㅡ,.ㅡ

Events:
  Type     Reason             Age                       From     Message
  ----     ------             ----                      ----     -------
  Warning  ContainerGCFailed  4m19s (x8146 over 5d15h)  kubelet  rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService

kubelet 로그

➜  ~ systemctl status kubelet
● kubelet.service - Kubernetes Kubelet Server
     Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-12-23 16:00:19 KST; 1 weeks 2 days ago
       Docs: https://github.com/GoogleCloudPlatform/kubernetes
   Main PID: 1705049 (kubelet)
      Tasks: 17 (limit: 19086)
     Memory: 55.2M
     CGroup: /system.slice/kubelet.service
             └─1705049 /usr/local/bin/kubelet --v=2 --node-ip= --hostname-override=worker01 --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/etc/kubernetes/kubelet-config.yaml --kubeconfig=/etc/ku>

Jan 02 09:19:34 worker01 kubelet[1705049]: E0102 09:19:34.257726 1705049 kubelet.go:2345] "Skipping pod synchronization" err="[container runtime is down, PLEG is not healthy: pleg was last seen active 135h54m15.249900675s ago; thre>
Jan 02 09:19:34 worker01 kubelet[1705049]: E0102 09:19:34.789428 1705049 log.go:32] "ListPodSandbox with filter from runtime service failed" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService" fil>
Jan 02 09:19:34 worker01 kubelet[1705049]: E0102 09:19:34.789480 1705049 kuberuntime_sandbox.go:305] "Failed to list pod sandboxes" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
Jan 02 09:19:34 worker01 kubelet[1705049]: E0102 09:19:34.789495 1705049 generic.go:238] "GenericPLEG: Unable to retrieve pods" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
Jan 02 09:19:35 worker01 kubelet[1705049]: E0102 09:19:35.790287 1705049 log.go:32] "ListPodSandbox with filter from runtime service failed" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService" fil>
Jan 02 09:19:35 worker01 kubelet[1705049]: E0102 09:19:35.790369 1705049 kuberuntime_sandbox.go:305] "Failed to list pod sandboxes" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
Jan 02 09:19:35 worker01 kubelet[1705049]: E0102 09:19:35.790385 1705049 generic.go:238] "GenericPLEG: Unable to retrieve pods" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
Jan 02 09:19:36 worker01 kubelet[1705049]: E0102 09:19:36.791032 1705049 log.go:32] "ListPodSandbox with filter from runtime service failed" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService" fil>
Jan 02 09:19:36 worker01 kubelet[1705049]: E0102 09:19:36.791090 1705049 kuberuntime_sandbox.go:305] "Failed to list pod sandboxes" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
Jan 02 09:19:36 worker01 kubelet[1705049]: E0102 09:19:36.791105 1705049 generic.go:238] "GenericPLEG: Unable to retrieve pods" err="rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService

해결법

config_path = "/etc/containerd/certs.d"[plugins."io.containerd.grpc.v1.cri".registry.mirrors] 같이 쓰면 에러가 나니 둘 중 하나만 사용해야 한다

profile
김건호
네.. 뭐.. 김건호입니다...
이전 포스트

kubespray로 k8s로 설치할 때, etcd를 pod로 실행하는 법

다음 포스트

K8S NodeRestriction

0개의 댓글