BestHub
Sign in
Cloud Native 5 min read

Boost Containerd Image Pull Speed: A Step‑by‑Step Acceleration Guide

This article walks you through configuring containerd image pull acceleration using crictl, ctr, and nerdctl, provides a curated list of accelerated registry mirrors, shows exact command‑line examples, and demonstrates how to verify that the acceleration is effective, helping you speed up container workflows.

Linux Ops Smart Journey
Linux Ops Smart Journey
Linux Ops Smart Journey
Boost Containerd Image Pull Speed: A Step‑by‑Step Acceleration Guide

The previous post covered Docker runtime image acceleration; this article focuses on configuring containerd for faster image pulls and verifying the setup.

Accelerated Registry Mirror List

Docker official registry (docker.io) – use

dockerhub.icu

or

docker.hlyun.org

Google Kubernetes registry (registry.k8s.io) – use

k8s.chenby.cn

Legacy Google Kubernetes registry (k8s.gcr.io) – use

k8s.chenby.cn

Google related images (gcr.io) – use

gcr.chenby.cn

RedHat enterprise registry (quay.io) – use

quay.chenby.cn

GitHub Container Registry (ghcr.io) – use

ghcr.chenby.cn

Tip: The above addresses were verified as of 2024‑07‑28.

Configuration Steps

crictl

1. Verify the containerd registry configuration path:

<code>$ sudo grep config_path `ps -ef | grep "[c]ontainerd " | awk '{print $NF}'`
   config_path = "/etc/containerd/certs.d"
</code>

Tip: If the path is not set, add it and restart the containerd service. Ensure no conflicting parameters exist under

plugins."io.containerd.grpc.v1.cri".registry

or the service may fail to start.

Add Accelerated Mirror Addresses

2. Create

hosts.toml

for each registry.

Example for

docker.io

:

<code>$ sudo mkdir -p /etc/containerd/certs.d/docker.io
$ cat <<'EOF' | sudo tee /etc/containerd/certs.d/docker.io/hosts.toml > /dev/null
server = "https://docker.io"
[host."https://dockerhub.icu"]
  capabilities = ["pull", "resolve", "push"]
[host."https://docker.hlyun.org"]
  capabilities = ["pull", "resolve", "push"]
EOF
</code>

Example for

registry.k8s.io

:

<code>$ sudo mkdir -p /etc/containerd/certs.d/registry.k8s.io
$ cat <<'EOF' | sudo tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml > /dev/null
server = "https://registry.k8s.io"
[host."https://k8s.chenby.cn"]
  capabilities = ["pull", "resolve"]
EOF
</code>

ctr

The configuration files and directory structure are the same as for crictl, but the

ctr

command does not automatically use the accelerated mirrors. Append

--hosts-dir /etc/containerd/certs.d

to enable acceleration, e.g.:

<code>ctr --debug image pull registry.k8s.io/pause:3.9 --hosts-dir /etc/containerd/certs.d
</code>

nerdctl

The configuration mirrors are identical to crictl; ensure the path is under

/etc/containerd/certs.d

.

Tip: Only directories inside

/etc/containerd/certs.d

are recognized.

Verification

Run the

ctr

or

nerdctl

pull commands as shown above and observe faster download times, confirming that the accelerated mirrors are in effect.

Conclusion

By following these steps you can significantly improve containerd image pull speed, saving time and boosting development and operations efficiency. Choosing a stable, fast mirror is essential for smooth container workflows.

cloud nativeDockercontainerdcrictlcontainer runtimeimage acceleration
Linux Ops Smart Journey
Written by

Linux Ops Smart Journey

The operations journey never stops—pursuing excellence endlessly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment