Why does crictl pull from private registry not need account/password?

4.5k Views Asked by wujinbin At 20 October 2024 at 01:33

I init the latest kubernetes v1.25.2 with kubeadm, containerd as runtime.

Then config /etc/containerd/certs.d/my_registry:5000/hosts.toml in order to pull images from the private registry.

Command like this:

$ crictl pull my_registry:5000/hello-world:latest

The result is successful! But my registry requires account/password when using 'docker pull'.

Why does this happen?

Original Q&A

There are 1 best solutions below

Rick Rackow On 04 October 2022 at 13:56

crictl is only using your container runtime. In your case, it is using containerd to actually do the pull. That means if you already have the configuration for containerd to authenticate, that will work out of the box with crictl.

How authentication for containerd works is lined out here and you can check if that is what you are actually using with the following command:

cat /etc/crictl.yaml

If that file does not exist, you will use the defaults, which are deprecated.

Why does crictl pull from private registry not need account/password?

There are 1 best solutions below

Related Questions in KUBERNETES

Related Questions in CONTAINERD

Related Questions in CRICTL

Trending Questions

Popular # Hahtags

Popular Questions