1.25.0+k3s1生效

离线安装v1.25.0+k3s1

mv k3s /usr/local/bin
chmod +x /usr/local/bin/k3s
mkdir -p /var/lib/rancher/k3s/agent/images/
cp ./k3s-airgap-images-amd64.tar.gz /var/lib/rancher/k3s/agent/images/
chmod +x install.sh
INSTALL_K3S_SKIP_DOWNLOAD=true ./install.sh

配置镜像仓库v1.25.0+k3s1-生效

ps -ef | grep containerd
cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
  docker.io:
    endpoint:
      - "https://fsp2sfpr.mirror.aliyuncs.com/"
      - "https://registry.cn-hangzhou.aliyuncs.com/"
EOF
systemctl restart k3s
crictl info | grep -A 5 "registry"
/usr/local/bin/k3s-uninstall.sh

25.PNG843×671 82.8 KB

v1.28.7k3s1失败

在线安装 v1.28.7k3s1

curl –sfL \
     https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | \
     sed 's/rancher.cn/oss-cn-beijing.aliyuncs.com/g' | \
     INSTALL_K3S_MIRROR=cn sh -

配置镜像仓库v1.28.7k3s1-失败1

ps -ef | grep containerd
cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
  docker.io:
    endpoint:
      - "https://fsp2sfpr.mirror.aliyuncs.com/"
      - "https://registry.cn-hangzhou.aliyuncs.com/"
EOF
systemctl restart k3s
crictl info | grep -A 5 "registry"

图片1395×565 68.8 KB

配置镜像仓库v1.28.7k3s1-失败2

cp /var/lib/rancher/k3s/agent/etc/containerd/config.toml /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl
vi /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl #追加
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
    endpoint = ["https://fsp2sfpr.mirror.aliyuncs.com/","https://registry.cn-hangzhou.aliyuncs.com/"]
systemctl restart k3s
crictl info | grep -A 5 registry 

图片1676×313 70.1 KB

配置镜像仓库v1.28.7k3s1-configs可以 mirros不行

rm -rf /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl
cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
  docker.io:
    endpoint:
      - "https://fsp2sfpr.mirror.aliyuncs.com/"
      - "https://registry.cn-hangzhou.aliyuncs.com/"
  registry.my.io: # 这里并不是像官方写的那样，docker.io 为 key endpoint 为私有仓库其实是一种镜像加速的意思
    endpoint:
      - "http://registry.my.io"
configs:
  "registry.my.io": # 如果仓库是完全开放没有私有项目的则不需要配置 configs 
    auth:
      username: admin
      password: Harbor12345
EOF
systemctl restart k3s
crictl info | grep -A 5 registry

28-2786×468 390 KB

参考文档：

在K3s中配置镜像仓库

创建pod, 拉取registry 私有库镜像 报错:x509

k3s 私有仓库问题

K3s Server 配置参考

Private Registry Configuration

貌似一个 bug，我在确认下，多谢反馈

[root@k8s-worker01 ~]# cat > /etc/rancher/k3s/registries.yaml <<EOF
> mirrors:
>   docker.io:
>     endpoint:
>       - "https://fsp2sfpr.mirror.aliyuncs.com/"
>       - "https://registry.cn-hangzhou.aliyuncs.com/"
>   192.168.46.170:5000:
>     endpoint:
>       - "http://192.168.46.170:5000"
> EOF
[root@k8s-worker01 ~]# systemctl restart k3s
[root@k8s-worker01 ~]# crictl info | grep -A 5 "registry"
    "registry": {
      "configPath": "/var/lib/rancher/k3s/agent/etc/containerd/certs.d",
      "mirrors": null,
      "configs": null,
      "auths": null,
      "headers": null
[root@k8s-worker01 ~]# crictl pull 192.168.46.170:5000/ruoyi-ui:v3.8
Image is up to date for sha256:bd94927f11e2779dde2e0ee8112880f5b8f966891734c2b01697f456978ef70e
[root@k8s-worker01 ~]# crictl images
IMAGE                                        TAG                    IMAGE ID            SIZE
192.168.46.170:5000/ruoyi-ui                 v3.8                   bd94927f11e27       60.4MB
[root@k8s-worker01 ~]# uname -a
Linux k8s-worker01 5.4.271-1.el7.elrepo.x86_64 #1 SMP Wed Mar 6 14:47:25 EST 2024 x86_64 x86_64 x86_64 GNU/Linux

image804×352 165 KB

虽然不生效，但是确能从私有仓库中拉取镜像。

可参考：Mirrors configured in /etc/rancher/k3s/registries.yaml do not take effect · Issue #9626 · k3s-io/k3s · GitHub