How to overwrite the Docker Hub default registry in the ContainerD Runtime

Photo by Jonas Smith on Unsplash

How to overwrite the Docker Hub default registry in the ContainerD Runtime

To configure a new default registry that will be used to pull images that do not have fully qualified image paths, modify the containerd configuration (/etc/containerd/config.toml) as follows:


version = 2
[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
        endpoint = ["https://private.registry.com:443"]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"]
        endpoint = ["https://private.registry.com:443"]

Please note, that due to an unexpected behaviour of containerd it is currently necessary to explicitely define a mirror for the docker.io registry in addition to defining the default registry (using the wildcard).

Additional note:
nerdctl does not use the CRI API and as such disregards any registry configuration defined in /etc/containerd/config.toml.