[英]Why does crictl pull from private registry not need account/password?
I init the latest kube.netes v1.25.2 with kubeadm, containerd as runtime.我使用 kubeadm、containerd 作为运行时初始化最新的 kube.netes v1.25.2。
Then config /etc/containerd/certs.d/my_registry:5000/hosts.toml in order to pull images from the private registry.然后配置 /etc/containerd/certs.d/my_registry:5000/hosts.toml 以便从私有注册表中提取图像。
Command like this:像这样的命令:
$ crictl pull my_registry:5000/hello-world:latest
The result is successful.结果成功了。 But my registry requires account/password when using 'docker pull'.但是我的注册表在使用“docker pull”时需要帐户/密码。
Why does this happen?为什么会这样?
crictl
is only using your container runtime. crictl
仅使用您的容器运行时。 In your case, it is using containerd to actually do the pull.在您的情况下,它使用 containerd 来实际进行拉动。 That means if you already have the configuration for containerd to authenticate, that will work out of the box with crictl.这意味着,如果您已经拥有用于 containerd 进行身份验证的配置,那么它将与 crictl 开箱即用。
How authentication for containerd works is lined out here and you can check if that is what you are actually using with the following command: 此处列出了 containerd 的身份验证工作原理,您可以使用以下命令检查这是否是您实际使用的内容:
cat /etc/crictl.yaml
If that file does not exist, you will use the defaults, which are deprecated.如果该文件不存在,您将使用已弃用的默认值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.