ctr
does not read the /etc/containerd/config.toml
config file, this config is used by cri, which means kubectl
or crictl
would use it.
The error log http: server gave HTTP response to HTTPS client
, shows that the registry is using http, but ctr
is trying to connect it using https. So if you want to pull the image from http, you should add the param --plain-http
with ctr
like this:
$ ctr i pull --plain-http <image>
The registry config doc is here.
You should be able to pull the image with crictl
, remember to restart containerd.
$ sudo crictl -r /run/containerd/containerd.sock pull <image>
# or config runntime once for all
$ sudo crictl config runtime-endpoint /run/containerd/containerd.sock
$ sudo crictl pull <image>
Config example:
# /etc/containerd/config.toml
# change <IP>:5000 to your registry url
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."<IP>:5000"]
endpoint = ["http://<IP>:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."<IP>:5000".tls]
insecure_skip_verify = true
Restart the service after configuration modification.
$ sudo systemctl restart containerd