nerdctl
nerdctl copied to clipboard
containerd
nerdctl sees that a lot of k8s mirrors produce a lot of empty tags
Description
BUG REPORT
Versions
kubeadm version (use kubeadm version):
v1.28.6
Environment:
-
Kubernetes version (use
kubectl version): v1.28.6 -
Cloud provider or hardware configuration: vsphere
-
OS (e.g. from /etc/os-release):
# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
-
Kernel (e.g.
uname -a):
# uname -a
Linux localhost.localdomain 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
- Container runtime (CRI) (e.g. containerd, cri-o):
# containerd -v
containerd github.com/containerd/containerd v1.7.12 71909c1814c544ac47ab91d2e8b84718e517bb99
- Container networking plugin (CNI) (e.g. Calico, Cilium): calico
- Others:
What happened?
By compiling kubeadm and the image and storing it in the registry repository, I use imageRepository: 10.102.28.1/google_containers to pull the images that I store in the registry repository, I kubernetes will use crictl to pull the images
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: o07ftt.1k2k5dagbgypo863
ttl: 876000h0m0s
usages:
- signing
- authentication
localAPIEndpoint:
advertiseAddress: 10.102.28.62
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
name: localhost
taints: null
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: 1.28.6
imageRepository: 10.102.28.1/google_containers
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
networking:
dnsDomain: cluster.local
podSubnet: "172.90.0.0/16"
serviceSubnet: "10.96.0.0/16"
apiServer:
extraArgs:
tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
enable-admission-plugins: 'NodeRestriction,DefaultTolerationSeconds'
max-requests-inflight: "1000"
max-mutating-requests-inflight: "500"
default-watch-cache-size: "500"
kubelet-timeout: "5s"
event-ttl: "1h0m0s"
default-not-ready-toleration-seconds: "60"
default-unreachable-toleration-seconds: "60"
timeoutForControlPlane: 4m0s
etcd:
local:
dataDir: /var/lib/etcd
extraArgs:
election-timeout: "5000"
heartbeat-interval: "500"
controllerManager:
extraArgs:
bind-address: 0.0.0.0
concurrent-deployment-syncs: "5"
concurrent-endpoint-syncs: "5"
concurrent-gc-syncs: "20"
concurrent-namespace-syncs: "10"
concurrent-replicaset-syncs: "5"
concurrent-service-syncs: "1"
concurrent-serviceaccount-token-syncs: "5"
cluster-signing-duration: "87600h0m0s"
feature-gates: "RotateKubeletServerCertificate=true"
pvclaimbinder-sync-period: "15s"
node-monitor-period: "5s"
node-monitor-grace-period: "20s"
node-startup-grace-period: "30s"
scheduler:
extraArgs:
bind-address: 0.0.0.0
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
clientConnection:
burst: 20
qps: 120
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
clusterDNS:
- 169.254.20.10
clusterDomain: cluster.local
cpuManagerPolicy: static
cgroupsPerQOS: true
cgroupDriver: systemd
systemReserved:
cpu: "0.25"
memory: "200Mi"
kubeReserved:
cpu: "0.25"
memory: "1500Mi"
evictionHard:
memory.available: "100Mi"
nodefs.available: "5%"
nodefs.inodesFree: "3%"
imagefs.available: "8%"
evictionPressureTransitionPeriod: 5m0s
featureGates:
CPUManagerPolicyOptions: true
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kubeAPIBurst: 20
kubeAPIQPS: 10
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeLeaseDurationSeconds: 40
nodeStatusReportFrequency: 10s
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
port: 10250
registryBurst: 10
registryPullQPS: 5
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 5s
volumeStatsAggPeriod: 1m0s
I can view the pulled image through crictl
# crictl images
IMAGE TAG IMAGE ID SIZE
10.102.28.1/google_containers/coredns v1.10.1 ead0a4a53df89 16.2MB
10.102.28.1/google_containers/etcd 3.5.10-0 a0eed15eed449 56.5MB
10.102.28.1/google_containers/kube-apiserver v1.28.6 078b4f8dadc5c 34.5MB
10.102.28.1/google_containers/kube-controller-manager v1.28.6 7c9fcce49f5c7 33.3MB
10.102.28.1/google_containers/kube-proxy v1.28.6 047da78ee6361 26.4MB
10.102.28.1/google_containers/kube-scheduler v1.28.6 e11632c1a73ed 18.7MB
10.102.28.1/google_containers/pause 3.9 e6f1816883972 320kB
But when you use nerdctl to view it, you see a lot of empty tags. Why
# nerdctl -n k8s.io images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
10.102.28.1/google_containers/kube-apiserver v1.28.6 d61ad6e78ba8 19 minutes ago linux/amd64 123.3 MiB 32.9 MiB
10.102.28.1/google_containers/kube-apiserver <none> d61ad6e78ba8 19 minutes ago linux/amd64 123.3 MiB 32.9 MiB
10.102.28.1/google_containers/kube-controller-manager v1.28.6 54e75b217f1b 19 minutes ago linux/amd64 119.5 MiB 31.7 MiB
10.102.28.1/google_containers/kube-controller-manager <none> 54e75b217f1b 19 minutes ago linux/amd64 119.5 MiB 31.7 MiB
10.102.28.1/google_containers/kube-proxy v1.28.6 f451e473cccc 19 minutes ago linux/amd64 77.5 MiB 25.1 MiB
10.102.28.1/google_containers/kube-proxy <none> f451e473cccc 19 minutes ago linux/amd64 77.5 MiB 25.1 MiB
10.102.28.1/google_containers/kube-scheduler v1.28.6 1b1e305ad145 19 minutes ago linux/amd64 60.7 MiB 17.8 MiB
10.102.28.1/google_containers/kube-scheduler <none> 1b1e305ad145 19 minutes ago linux/amd64 60.7 MiB 17.8 MiB
10.102.28.1/google_containers/pause 3.9 a9fc01b32f33 19 minutes ago linux/amd64 728.0 KiB 312.4 KiB
10.102.28.1/google_containers/pause <none> a9fc01b32f33 19 minutes ago linux/amd64 728.0 KiB 312.4 KiB
<none> <none> f451e473cccc 19 minutes ago linux/amd64 77.5 MiB 25.1 MiB
<none> <none> d61ad6e78ba8 19 minutes ago linux/amd64 123.3 MiB 32.9 MiB
<none> <none> 54e75b217f1b 19 minutes ago linux/amd64 119.5 MiB 31.7 MiB
<none> <none> 1b1e305ad145 19 minutes ago linux/amd64 60.7 MiB 17.8 MiB
<none> <none> a9fc01b32f33 19 minutes ago linux/amd64 728.0 KiB 312.4 KiB
This is my nerdctl configuration file, help me see what is the problem
# cat /etc/nerdctl/nerdctl.toml
debug = false
debug_full = false
address = "unix:///run/containerd/containerd.sock"
namespace = "k8s"
snapshotter = "overlayfs"
cgroup_manager = "systemd"
hosts_dir = ["/etc/containerd/certs.d", "/etc/docker/certs.d"]
insecure_registry = true
Steps to reproduce the issue
Describe the results you received and expected
I want the image I see through nerdctl to not have those empty labels, which makes it look messy
What version of nerdctl are you using?
nerdctl -v
nerdctl version 1.7.2
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
