If the default containerd configuration cannot meet your business requirements, you can customize the containerd parameters for all nodes in a node pool. For example, you can configure multiple registry mirrors for an image registry or configure the container runtime to skip certificate authentication when pulling container images from an image registry.
Limits
You must use containerd 1.6.20 or later as the container runtime of the node pool. If the containerd version used by the node pool is earlier than 1.6.20, you must first upgrade the node pool.
Usage notes
After you customize the containerd parameters, containerd parameters are updated on nodes in batches. The customized kubelet parameters immediately take effect on existing nodes in the node pool. Nodes that are newly added to the node pool also use the customized kubelet parameters.
If you have previously used the CLI to configure containerd parameters that are not supported by the Container Service for Kubernetes (ACK) console, ACK automatically overwrites the parameters when the custom containerd parameters take effect. To prevent containerd parameters from being overwritten and unexpected behavior, we recommend that you do not use the CLI to update containerd parameters.
Customizable containerd parameters in the ACK console
Parameter | Description | Configuration suggestion |
Registry Mirror Configuration | Configure registry mirrors for an image registry to accelerate image pulling. This way, the container runtime can pull images from the specified registry mirrors. This parameter does not require container restarts. |
|
Image Registries Skipping Certificate Authentication (Insecure Registries) | Allow the container runtime to skip certificate authentication when pulling container images from the image registry. In most cases, it is used to pull container images from image registries that use self-signed certificates in a staging environment. This parameter does not require container restarts. |
|
Customize the containerd parameters of a node pool in the ACK console
Modifying containerd configurations will not impact existing containers. To ensure cluster stability, perform this operation during off-peak hours.
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster to manage and click its name. In the left-side navigation pane, choose .
On the Node Pools page, find the node pool to manage and choose
> Containerd Configuration in the Actions column. Read the usage notes on the page, configure parameters based on the on-screen instructions, specify the target nodes, set the batch configuration policy, click Submit, and complete the configuration.
Refer to Sample configurations.
After you submit the changes, containerd parameters are updated on nodes in batches. You can view the update progress in the Event Records section. You can also pause, resume, or cancel the update.
You can pause the update and validate the updated nodes. When pausing, nodes in the current batch will still be updated. The remaining batches of nodes are not updated until you resume the update.
NoteIf a node fails to be updated, troubleshoot the node and click Continue to update the node again.
We recommend that you complete the update as soon as possible. If the update remains paused for 7 days, the system automatically cancels the update and deletes the related events and logs.
Sample configurations
Configure a registry mirror for docker.io | Skip certificate authentication for a private registry | Configure a registry mirror that uses HTTP for a private registry |
|
|
|
References
For more information about the automated O&M capabilities of node pools, see Automated O&M capabilities.
For more information about how to troubleshoot node, pod, containerd, and kubelet exceptions, see Node troubleshooting, Pod troubleshooting, and FAQ about nodes and node pools.