Photo by Jonas Smith on Unsplash
How to overwrite the Docker Hub default registry in the ContainerD Runtime
To configure a new default registry that will be used to pull images that do not have fully qualified image paths, modify the containerd configuration (/etc/containerd/config.toml
) as follows:
version = 2
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://private.registry.com:443"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"]
endpoint = ["https://private.registry.com:443"]
Please note, that due to an unexpected behaviour of containerd it is currently necessary to explicitely define a mirror for the docker.io
registry in addition to defining the default registry (using the wildcard).
Additional note:nerdctl
does not use the CRI API and as such disregards any registry configuration defined in /etc/containerd/config.toml
.