Add registry.k8s.io as a containerd registry endpoint.

[ameukam]

Related:

• [Umbrella issue] Migrate from k8s.gcr.io to registry.k8s.io k8s.io#3411

The Kubernetes project is moving away from k8s.gcr.io to registry.k8s.io

registy.k8s.io is currently redirecting to k8s.gcr.io. Each time
minikube is started using containerd as a runtime, the container images
from k8s.gcr.io will be pulled through registry.k8s.io.

Annonce: https://groups.google.com/g/kubernetes-sig-testing/c/U7b_im9vRrM/m/7qywJeUTBQAJ

Signed-off-by: Arnaud Meukam [email protected]

[minikube-bot]

Can one of the admins verify this patch?

[ameukam]

/assign @spowelljr @afbjorklund

[afbjorklund]

Surely this will be handled by containerd anyway, and fixed when kubeadm changes the URL ?

• switch the default kubeadm image registry to registry.k8s.io kubeadm#2671

[afbjorklund]

the default was supposed to be whatever the containerd config defaultspits out

we added it, so that it was easier to see which config was added by minikube

@@ -49,14 +49,14 @@
     startup_delay = "100ms"
   [plugins."io.containerd.grpc.v1.cri"]
     disable_tcp_service = true
-    stream_server_address = "127.0.0.1"
-    stream_server_port = "0"
+    stream_server_address = ""
+    stream_server_port = "10010"
     stream_idle_timeout = "4h0m0s"
     enable_selinux = false
     selinux_category_range = 1024
     sandbox_image = "k8s.gcr.io/pause:3.2"
     stats_collect_period = 10
-    systemd_cgroup = false
+    systemd_cgroup = true
     enable_tls_streaming = false
     max_container_log_line_size = 16384
     disable_cgroup = false

Then of course we forgot to update it after containerd version was upgraded.

But it shouldn't have any non-standard configuration, only upstream default.

[ameukam]

Surely this will be handled by containerd anyway, and fixed when kubeadm changes the URL ?

* [switch the default kubeadm image registry to registry.k8s.io kubeadm#2671](https://github.com/kubernetes/kubeadm/issues/2671)

It's unclear when containerd will do the switch. Possible it get introduced in 1.7. We want to add a transparent way to use the new endpoint without major impact.

[afbjorklund]

If the idea is to deprecate "k8s.gcr.io" at some point, then we need solutions for all container runtimes

Similar to how minikube provides image mirrors for people that don't have direct access to GCR at all

      --image-mirror-country string       Country code of the image mirror to be used. Leave empty to use the global one. For Chinese mainland users, set it to cn.
      --image-repository string           Alternative image repository to pull docker images from. This can be used when you have limited access to gcr.io. Set it to "auto" to let minikube decide one for you. For Chinese mainland users, you may use local gcr.io mirrors such as registry.cn-hangzhou.aliyuncs.com/google_containers

[afbjorklund]

Note that most of the minikube traffic goes to storage.googleapis.com

      --preload=true: If set, download tarball of preloaded images if available to improve start time. Defaults to true.

There should be no need to hit the registry, for anything included in k8s

Especially it does not need pulling new images for every new cluster ?

      --cache-images=true: If true, cache docker images for the current bootstrapper and load them into the machine.

These can be cached on the host, and re-used for new clusters without download.

[ameukam]

Currently registry.k8s.io is a pure redirect to k8s.gcr.io with no modification on the http requests sent by the container runtimes. The same buckets will be hit by any minikube instance. containerd will redirect the request to k8s.gcr.io if registry.k8s.io is inaccessible.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ameukam
To complete the pull request process, please ask for approval from afbjorklund after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@ameukam: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ameukam]

will be replaced by containerd/containerd#7038.
/close

[k8s-ci-robot]

@ameukam: Closed this PR.

In response to this:

will be replaced by containerd/containerd#7038.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.