I'm currently setting up a Kubernetes cluster and using containerd as the container runtime. I have a Harbor registry with a proxy cache project set up to cache images from an external registry (specifically, registry.k8s.io). The Harbor instance is hosted and accessible via https://harbor.private.com, and the proxy cache project is named kubernetes-cache.
However, I'm encountering an issue when trying to pull images through this setup. The pull request for an image (e.g., registry.k8s.io/kube-proxy:v1.26.5) is redirected correctly to my Harbor proxy cache (this works: docker pull harbor.private.com/kubernetes-cache/kube-proxy:v1.26.5), but it fails with a 400 Bad Request error, indicating a problem with the GET request to /v2/proxy.kubernetes-cache/. Here is the error log from containerd:
level=error msg="PullImage \"registry.k8s.io/kube-proxy:v1.26.5\" failed" error="failed to pull and unpack image \"registry.k8s.io/kube-proxy:v1.26.5\": failed to resolve reference \"registry.k8s.io/kube-proxy:v1.26.5\": pulling from host harbor.private.com failed with status code [manifests v1.26.5]: 400 Bad Request"
I suspect this has something to do with how I've configured the registry endpoint in containerd. Currently, my configuration looks like this:
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
endpoint = ["https://harbor.private.com/kubernetes-cache"]
Here are my questions:
What is the correct format for the registry endpoint in this scenario? Should it include the project name (
kubernetes-cache), or should it just be the base URL of the Harbor instance?Is there a specific way the pull request should be formatted to work correctly with the Harbor proxy cache? For instance, should the image name in the pull request include the project name or any additional path?
Are there any additional configurations needed in containerd or Harbor to ensure the requests are routed correctly and recognized by the Harbor instance?
I appreciate any insights or suggestions on how to correct this configuration for a successful pull through the proxy cache. Thanks in advance!