Quick note on adding mirror registry to Aliyun Kubernetes Container Services (ACK)
Briefly

In mainland China, access to docker.io for pulling images is hindered by the Great Firewall, thus requiring the use of mirror registries. Running a Kubernetes cluster on Aliyun with both Kubernetes and containerd versions at 1.2x complicates updates, as direct SSH access is unavailable, relying on scheduling jobs. A solution involving the creation of a hosts.toml file at /etc/containerd/certs.d/docker.io facilitates mirroring without altering Kubernetes configurations. Modifications observed in /etc/containerd/config.toml reflect this change, indicating system adjustments.
Pulling Docker images from docker.io appears blocked by the Great Firewall in mainland China, necessitating the use of mirrored registries for image retrieval.
Aliyun's Kubernetes cluster encounters image pulling issues due to containerd and Kubernetes versions being 1.2x and reliance on shell scripts for updates.
Creating a host mapping file at /etc/containerd/certs.d/docker.io/hosts.toml allows configuration of mirror servers for container images without changing Kubernetes config files.
Upon creating the hosts.toml file, the config_path in /etc/containerd/config.toml shifts to /etc/containerd/cert.d, indicating a change in registry settings.
Read at Medium
[
|
]