3344/hubproxy
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 12 Wiki Activity

拉取registry.k8s.io 部分镜像失败 #92

New Issue
Closed
opened 2026-01-07 11:41:34 +08:00 by muwn · 10 comments
muwn commented 2026-01-07 11:41:34 +08:00 (Migrated from github.com)
Copy Link
cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server = "https://registry.k8s.io" # 原地址

[host."https://proxy.lll.com"] # 加速地址
  capabilities = ["pull", "resolve", "push"] # 支持能力
  skip_verify = true # 是否跳过证书验证, 加速地址为http时 false

通过配置containerd cert.d 配置后,拉取镜像
nerdctl pull registry.k8s.io/metrics-server/metrics-server:v0.8.0 失败
nerdctl pull registry.k8s.io/nginx 可以成功

日志

请求IP: 171.xxx.122 (提纯后: 171.xxx.122), X-Forwarded-For: 171.xxx.122, 162.xxx.98, X-Real-IP: 162.xxx.98
HEAD请求失败: HEAD https://registry-1.docker.io/v2/metrics-server/metrics-server/manifests/v0.8.0: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
[GIN] 2026/01/07 - 03:26:48 | 404 |  917.282778ms | 171.xxx.122 | HEAD     "/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io"
请求IP: 20.xxx.242 (提纯后: 20.xxx.242), X-Forwarded-For: 20.xxx.242, X-Real-IP: 20.xxx.242
[GIN] 2026/01/07 - 03:36:17 | 403 |      50.655µs |   20.xxx.242 | GET      "/version"
请求IP: 20.xxx.203 (提纯后: 20.xxx.203), X-Forwarded-For: 20.xxx.203, X-Real-IP: 20.xxx.203
[GIN] 2026/01/07 - 03:37:07 | 403 |     310.222µs |   20.xxx.203 | GET      "/owa/auth/x.js"
``` cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml server = "https://registry.k8s.io" # 原地址 [host."https://proxy.lll.com"] # 加速地址 capabilities = ["pull", "resolve", "push"] # 支持能力 skip_verify = true # 是否跳过证书验证, 加速地址为http时 false ``` 通过配置containerd cert.d 配置后,拉取镜像 nerdctl pull registry.k8s.io/metrics-server/metrics-server:v0.8.0 失败 nerdctl pull registry.k8s.io/nginx 可以成功 日志 ``` 请求IP: 171.xxx.122 (提纯后: 171.xxx.122), X-Forwarded-For: 171.xxx.122, 162.xxx.98, X-Real-IP: 162.xxx.98 HEAD请求失败: HEAD https://registry-1.docker.io/v2/metrics-server/metrics-server/manifests/v0.8.0: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details) [GIN] 2026/01/07 - 03:26:48 | 404 | 917.282778ms | 171.xxx.122 | HEAD "/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io" 请求IP: 20.xxx.242 (提纯后: 20.xxx.242), X-Forwarded-For: 20.xxx.242, X-Real-IP: 20.xxx.242 [GIN] 2026/01/07 - 03:36:17 | 403 | 50.655µs | 20.xxx.242 | GET "/version" 请求IP: 20.xxx.203 (提纯后: 20.xxx.203), X-Forwarded-For: 20.xxx.203, X-Real-IP: 20.xxx.203 [GIN] 2026/01/07 - 03:37:07 | 403 | 310.222µs | 20.xxx.203 | GET "/owa/auth/x.js" ```
sky22333 commented 2026-01-07 12:16:20 +08:00 (Migrated from github.com)
Copy Link

加速地址应该是这样的格式https://proxy.lll.com/registry.k8s.io

加速地址应该是这样的格式`https://proxy.lll.com/registry.k8s.io`
muwn commented 2026-01-07 13:36:49 +08:00 (Migrated from github.com)
Copy Link

加速地址应该是这样的格式https://proxy.lll.com/registry.k8s.io

不加前缀,通过配置 docker、containerd的代理加速可以吗

> 加速地址应该是这样的格式`https://proxy.lll.com/registry.k8s.io` 不加前缀,通过配置 docker、containerd的代理加速可以吗
sky22333 commented 2026-01-07 13:38:55 +08:00 (Migrated from github.com)
Copy Link

我的意思就是配置里使用这个格式

我的意思就是配置里使用这个格式
muwn commented 2026-01-07 13:44:41 +08:00 (Migrated from github.com)
Copy Link

我的意思就是配置里使用这个格式

同配置加速地址为

server = "https://registry.k8s.io" # 原地址

[host."https://proxy.lll.com/registry.k8s.io"] # 加速地址
  capabilities = ["pull", "resolve", "push"] # 支持能力
  skip_verify = true # 是否跳过证书验证, 加速地址为http时 false

nerdctl --debug=true pull registry.k8s.io/metrics-server/metrics-server:v0.8.0
拉取镜像时,日志如下,仍然不可用

DEBU[0000] verifying process skipped                    
DEBU[0000] The image will be unpacked for platform {"amd64" "linux" "" [] ""}, snapshotter "overlayfs". 
DEBU[0000] fetching                                      image="registry.k8s.io/metrics-server/metrics-server:v0.8.0"
DEBU[0000] remote introspection plugin filters           filters="[type==io.containerd.snapshotter.v1, id==overlayfs]"
DEBU[0000] loading host directory                        dir=/etc/containerd/certs.d/registry.k8s.io
DEBU[0000] resolving                                     host=proxy.lll.com
DEBU[0000] do request                                    host=proxy.lll.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/2.2.0+unknown request.method=HEAD url="https://proxy.lll.com/registry.k8s.io/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io"
registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving      |--------------------------------------| 
elapsed: 1.6 s                                        total:   0.0 B (0.0 B/s)                                         
DEBU[0001] fetch response received                       host=proxy.lll.com response.header.alt-svc="h3=\":443\"; ma=86400" response.header.cf-cache-status=DYNAMIC response.header.cf-ray=9ba121a0bed08e2b-AMS response.header.connection=keep-alive response.header.content-length=12 response.header.content-type="text/plain; charset=utf-8" response.header.date="Wed, 07 Jan 2026 05:42:22 GMT" response.header.nel="{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}" response.header.report-to="{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mqHgV5v4QWvh6wnMWIN3jnw%2B9WJydGLXD5Qu383Y0K80JtaHmUPU99nhzOKxTjYyU6Tty8TpLd5Gx2yVQJOQ%2F9H%2FT%2BkpYSHoN1pjJvBG\"}]}" response.header.server=cloudflare response.status="403 Forbidden" url="https://proxy.lll.com/registry.k8s.io/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io"
INFO[0001] trying next host after status: 403 Forbidden  host=proxy.lll.com
DEBU[0001] resolving                                     host=registry.k8s.io
registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving      |--------------------------------------| 
elapsed: 32.6s                                        total:   0.0 B (0.0 B/s)                                         
INFO[0032] fetch failed                                  error="failed to do request: Head \"https://europe-west3-docker.pkg.dev/v2/k8s-artifacts-prod/images/metrics-server/metrics-server/manifests/v0.8.0\": dial tcp 173.194.202.82:443: i/o timeout" host=registry.k8s.io
FATA[0032] failed to resolve reference "registry.k8s.io/metrics-server/metrics-server:v0.8.0": unexpected status from HEAD request to https://proxy.lll.com/registry.k8s.io/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io: 403 Forbidden
> 我的意思就是配置里使用这个格式 同配置加速地址为 ``` server = "https://registry.k8s.io" # 原地址 [host."https://proxy.lll.com/registry.k8s.io"] # 加速地址 capabilities = ["pull", "resolve", "push"] # 支持能力 skip_verify = true # 是否跳过证书验证, 加速地址为http时 false ``` nerdctl --debug=true pull registry.k8s.io/metrics-server/metrics-server:v0.8.0 拉取镜像时,日志如下,仍然不可用 ``` DEBU[0000] verifying process skipped DEBU[0000] The image will be unpacked for platform {"amd64" "linux" "" [] ""}, snapshotter "overlayfs". DEBU[0000] fetching image="registry.k8s.io/metrics-server/metrics-server:v0.8.0" DEBU[0000] remote introspection plugin filters filters="[type==io.containerd.snapshotter.v1, id==overlayfs]" DEBU[0000] loading host directory dir=/etc/containerd/certs.d/registry.k8s.io DEBU[0000] resolving host=proxy.lll.com DEBU[0000] do request host=proxy.lll.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/2.2.0+unknown request.method=HEAD url="https://proxy.lll.com/registry.k8s.io/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io" registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving |--------------------------------------| elapsed: 1.6 s total: 0.0 B (0.0 B/s) DEBU[0001] fetch response received host=proxy.lll.com response.header.alt-svc="h3=\":443\"; ma=86400" response.header.cf-cache-status=DYNAMIC response.header.cf-ray=9ba121a0bed08e2b-AMS response.header.connection=keep-alive response.header.content-length=12 response.header.content-type="text/plain; charset=utf-8" response.header.date="Wed, 07 Jan 2026 05:42:22 GMT" response.header.nel="{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}" response.header.report-to="{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mqHgV5v4QWvh6wnMWIN3jnw%2B9WJydGLXD5Qu383Y0K80JtaHmUPU99nhzOKxTjYyU6Tty8TpLd5Gx2yVQJOQ%2F9H%2FT%2BkpYSHoN1pjJvBG\"}]}" response.header.server=cloudflare response.status="403 Forbidden" url="https://proxy.lll.com/registry.k8s.io/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io" INFO[0001] trying next host after status: 403 Forbidden host=proxy.lll.com DEBU[0001] resolving host=registry.k8s.io registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving |--------------------------------------| elapsed: 32.6s total: 0.0 B (0.0 B/s) INFO[0032] fetch failed error="failed to do request: Head \"https://europe-west3-docker.pkg.dev/v2/k8s-artifacts-prod/images/metrics-server/metrics-server/manifests/v0.8.0\": dial tcp 173.194.202.82:443: i/o timeout" host=registry.k8s.io FATA[0032] failed to resolve reference "registry.k8s.io/metrics-server/metrics-server:v0.8.0": unexpected status from HEAD request to https://proxy.lll.com/registry.k8s.io/v2/metrics-server/metrics-server/manifests/v0.8.0?ns=registry.k8s.io: 403 Forbidden ```
sky22333 commented 2026-01-07 14:05:36 +08:00 (Migrated from github.com)
Copy Link

好的,有空我看下

好的,有空我看下
sky22333 commented 2026-01-07 14:17:43 +08:00 (Migrated from github.com)
Copy Link

你直接添加前缀手动拉这个镜像能可以拉吗?

你直接添加前缀手动拉这个镜像能可以拉吗?
muwn commented 2026-01-07 14:57:20 +08:00 (Migrated from github.com)
Copy Link

你直接添加前缀手动拉这个镜像能可以拉吗?

nerdctl --debug=true pull proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0

可以的, proxy.lll.com 是改过的其他域名

DEBU[0000] verifying process skipped                    
DEBU[0000] The image will be unpacked for platform {"amd64" "linux" "" [] ""}, snapshotter "overlayfs". 
DEBU[0000] fetching                                      image="proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0"
DEBU[0000] remote introspection plugin filters           filters="[type==io.containerd.snapshotter.v1, id==overlayfs]"
DEBU[0000] resolving                                     host=proxy.lll.com
DEBU[0000] do request                                    host=proxy.lll.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/2.2.0+unknown request.method=HEAD url="https://proxy.lll.com/v2/registry.k8s.io/metrics-server/metrics-server/manifests/v0.8.0"
proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving      |--------------------------------------| 
elapsed: 2.1 s                                                       total:   0.0 B (0.0 B/s)                                         
DEBU[0002] fetch response received                       host=proxy.lll.com response.header.alt-svc="h3=\":443\"; ma=86400" response.header.cf-cache-status=DYNAMIC response.header.cf-ray=9ba18e3a7813672a-AMS response.header.connection=keep-alive response.header.content-length=1728 response.header.content-type=application/vnd.docker.distribution.manifest.list.v2+json response.header.date="Wed, 07 Jan 2026 06:56:31 GMT" response.header.docker-content-digest="sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2" response.header.nel="{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}" response.header.report-to="{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yDzRTvSMMuo0mINzyPXEKYyqKGMRMFEAVgHWSfRBJqZmHoJHP2PGEjjK7Rt6v1LA0Knm1Y9SBvPDisGi9MO29fACFsSNFomWFmQCP91E\"}]}" response.header.server=cloudflare response.status="200 OK" url="https://proxy.lll.com/v2/registry.k8s.io/metrics-server/metrics-server/manifests/v0.8.0"
DEBU[0002] resolved                                      desc.digest="sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2" host=proxy.lll.com
DEBU[0002] fetch                                         digest="sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2" mediatype=application/vnd.docker.distribution.manifest.list.v2+json size=1728
proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving      |--------------------------------------| 
elapsed: 2.2 s                                                       total:   0.0 B (0.0 B/s)                                         
proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0:              resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2:    exists         |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:5dd31abb8093690d9624a53277a00d2257e7e57e6766be3f9f54cf9f54cddbc1: exists         |++++++++++++++++++++++++++++++++++++++| 
config-sha256:b9e1e3849e07022817ebc1612858382f0c0b91d00e4dcd2996adc1df6ced26e9:   exists         |++++++++++++++++++++++++++++++++++++++| 
elapsed: 2.4 s                                                                    total:   0.0 B (0.0 B/s)
> 你直接添加前缀手动拉这个镜像能可以拉吗? nerdctl --debug=true pull proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0 可以的, proxy.lll.com 是改过的其他域名 ``` DEBU[0000] verifying process skipped DEBU[0000] The image will be unpacked for platform {"amd64" "linux" "" [] ""}, snapshotter "overlayfs". DEBU[0000] fetching image="proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0" DEBU[0000] remote introspection plugin filters filters="[type==io.containerd.snapshotter.v1, id==overlayfs]" DEBU[0000] resolving host=proxy.lll.com DEBU[0000] do request host=proxy.lll.com request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/2.2.0+unknown request.method=HEAD url="https://proxy.lll.com/v2/registry.k8s.io/metrics-server/metrics-server/manifests/v0.8.0" proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving |--------------------------------------| elapsed: 2.1 s total: 0.0 B (0.0 B/s) DEBU[0002] fetch response received host=proxy.lll.com response.header.alt-svc="h3=\":443\"; ma=86400" response.header.cf-cache-status=DYNAMIC response.header.cf-ray=9ba18e3a7813672a-AMS response.header.connection=keep-alive response.header.content-length=1728 response.header.content-type=application/vnd.docker.distribution.manifest.list.v2+json response.header.date="Wed, 07 Jan 2026 06:56:31 GMT" response.header.docker-content-digest="sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2" response.header.nel="{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}" response.header.report-to="{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yDzRTvSMMuo0mINzyPXEKYyqKGMRMFEAVgHWSfRBJqZmHoJHP2PGEjjK7Rt6v1LA0Knm1Y9SBvPDisGi9MO29fACFsSNFomWFmQCP91E\"}]}" response.header.server=cloudflare response.status="200 OK" url="https://proxy.lll.com/v2/registry.k8s.io/metrics-server/metrics-server/manifests/v0.8.0" DEBU[0002] resolved desc.digest="sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2" host=proxy.lll.com DEBU[0002] fetch digest="sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2" mediatype=application/vnd.docker.distribution.manifest.list.v2+json size=1728 proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolving |--------------------------------------| elapsed: 2.2 s total: 0.0 B (0.0 B/s) proxy.lll.com/registry.k8s.io/metrics-server/metrics-server:v0.8.0: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2: exists |++++++++++++++++++++++++++++++++++++++| manifest-sha256:5dd31abb8093690d9624a53277a00d2257e7e57e6766be3f9f54cf9f54cddbc1: exists |++++++++++++++++++++++++++++++++++++++| config-sha256:b9e1e3849e07022817ebc1612858382f0c0b91d00e4dcd2996adc1df6ced26e9: exists |++++++++++++++++++++++++++++++++++++++| elapsed: 2.4 s total: 0.0 B (0.0 B/s) ```
sky22333 commented 2026-01-10 21:46:26 +08:00 (Migrated from github.com)
Copy Link

已修复,现在支持你最初的配置方式了,你试试

cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server = "https://registry.k8s.io" # 原地址

[host."https://proxy.lll.com"] # 加速地址
  capabilities = ["pull", "resolve", "push"] # 支持能力
  skip_verify = true # 是否跳过证书验证, 加速地址为http时 false
已修复,现在支持你最初的配置方式了,你试试 ``` cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml server = "https://registry.k8s.io" # 原地址 [host."https://proxy.lll.com"] # 加速地址 capabilities = ["pull", "resolve", "push"] # 支持能力 skip_verify = true # 是否跳过证书验证, 加速地址为http时 false ```
muwn commented 2026-01-10 21:51:22 +08:00 (Migrated from github.com)
Copy Link

已修复,现在支持你最初的配置方式了,你试试

cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server = "https://registry.k8s.io" # 原地址

[host."https://proxy.lll.com"] # 加速地址
  capabilities = ["pull", "resolve", "push"] # 支持能力
  skip_verify = true # 是否跳过证书验证, 加速地址为http时 false

可以了

> 已修复,现在支持你最初的配置方式了,你试试 > > ``` > cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml > server = "https://registry.k8s.io" # 原地址 > > [host."https://proxy.lll.com"] # 加速地址 > capabilities = ["pull", "resolve", "push"] # 支持能力 > skip_verify = true # 是否跳过证书验证, 加速地址为http时 false > ``` 可以了
sky22333 commented 2026-01-11 00:26:36 +08:00 (Migrated from github.com)
Copy Link

是改用最新版本后就可以了吗

是改用最新版本后就可以了吗
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 enhancement
New feature or request
 help wanted
Extra attention is needed
 wontfix
This will not be worked on
 已修复
已支持
已解决
重复问题
需要更多信息
预期行为
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3344
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: 3344/hubproxy#92
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?