Boost Containerd Image Pull Speed: A Step‑by‑Step Acceleration Guide
This article walks you through configuring containerd image pull acceleration using crictl, ctr, and nerdctl, provides a curated list of accelerated registry mirrors, shows exact command‑line examples, and demonstrates how to verify that the acceleration is effective, helping you speed up container workflows.
The previous post covered Docker runtime image acceleration; this article focuses on configuring containerd for faster image pulls and verifying the setup.
Accelerated Registry Mirror List
Docker official registry (docker.io) – use dockerhub.icu or docker.hlyun.org Google Kubernetes registry (registry.k8s.io) – use k8s.chenby.cn Legacy Google Kubernetes registry (k8s.gcr.io) – use k8s.chenby.cn Google related images (gcr.io) – use gcr.chenby.cn RedHat enterprise registry (quay.io) – use quay.chenby.cn GitHub Container Registry (ghcr.io) – use ghcr.chenby.cn Tip: The above addresses were verified as of 2024‑07‑28.
Configuration Steps
crictl
1. Verify the containerd registry configuration path:
$ sudo grep config_path `ps -ef | grep "[c]ontainerd " | awk '{print $NF}'`
config_path = "/etc/containerd/certs.d"Tip: If the path is not set, add it and restart the containerd service. Ensure no conflicting parameters exist under plugins."io.containerd.grpc.v1.cri".registry or the service may fail to start.
Add Accelerated Mirror Addresses
2. Create hosts.toml for each registry.
Example for docker.io:
$ sudo mkdir -p /etc/containerd/certs.d/docker.io
$ cat <<'EOF' | sudo tee /etc/containerd/certs.d/docker.io/hosts.toml > /dev/null
server = "https://docker.io"
[host."https://dockerhub.icu"]
capabilities = ["pull", "resolve", "push"]
[host."https://docker.hlyun.org"]
capabilities = ["pull", "resolve", "push"]
EOFExample for registry.k8s.io:
$ sudo mkdir -p /etc/containerd/certs.d/registry.k8s.io
$ cat <<'EOF' | sudo tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml > /dev/null
server = "https://registry.k8s.io"
[host."https://k8s.chenby.cn"]
capabilities = ["pull", "resolve"]
EOFctr
The configuration files and directory structure are the same as for crictl, but the ctr command does not automatically use the accelerated mirrors. Append --hosts-dir /etc/containerd/certs.d to enable acceleration, e.g.:
ctr --debug image pull registry.k8s.io/pause:3.9 --hosts-dir /etc/containerd/certs.dnerdctl
The configuration mirrors are identical to crictl; ensure the path is under /etc/containerd/certs.d.
Tip: Only directories inside /etc/containerd/certs.d are recognized.
Verification
Run the ctr or nerdctl pull commands as shown above and observe faster download times, confirming that the accelerated mirrors are in effect.
Conclusion
By following these steps you can significantly improve containerd image pull speed, saving time and boosting development and operations efficiency. Choosing a stable, fast mirror is essential for smooth container workflows.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Linux Ops Smart Journey
The operations journey never stops—pursuing excellence endlessly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.