Kubernetes with containerd : http: server gave HTTP response to HTTPS client

Question

I am setting up my K8s cluster with container as runtime. Now when I am trying to pull a image using :

sudo ctr image pull 192.168.1.2:5000/my-alpine:latest

It is giving me an error :

ctr: failed to resolve reference "192.168.1.2:5000/my-alpine:latest": failed to do request: Head https://192.168.1.2:5000/v2/my-alpine/manifests/latest: http: server gave HTTP response to HTTPS client

My /etc/containerd/config.toml

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
      endpoint = ["https://registry-1.docker.io"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.1.2:5000"]
      endpoint = ["http://192.168.1.2:5000"]
  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.2:5000".tls]
      insecure_skip_verify = true

What am I missing here? When I am pulling an image from Kubernetes deployment and also getting the same error.

syed adeeb · Answer 1 · 2023-02-23T17:16:36.957

i also got the same error .i resloved it by following the steps given below

sudo rm -rf /etc/containerd/config.toml

sudo su -

mkdir -p /etc/containerd

containerd config default>/etc/containerd/config.toml

sudo systemctl restart containerd

sudo systemctl enable containerd

then after these steps open then file

sudo nano /etc/containerd/config.toml

find this line

[plugins."io.containerd.grpc.v1.cri".registry.configs]

add these lines below that line

   [plugins."io.containerd.grpc.v1.cri".registry.configs."registry-ip:5000"]


   [plugins."io.containerd.grpc.v1.cri".registry.configs."registry-ip:5000".tls] 
        ca_file = ""
        cert_file = "" 
        insecure_skip_verify = true 
        key_file = ""

then search this line [plugins."io.containerd.grpc.v1.cri".registry.mirrors]

and add the below lines below that line

         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry-ip:5000"] 
          endpoint = ["http://registry-ip:5000"]

after this i restarted containerd

sudo systemctl restart containerd

its working fine after that

score 0 · Answer 2 · answered Mar 30 '22 at 10:06

ctr does not read the /etc/containerd/config.toml config file. This config is used by the CRIs, which means kubectl or crictl would use it. For ctr, you should add the param --plain-http:

sudo ctr image pull --plain-http=true <image>

The registry config doc is: https://github.com/containerd/containerd/blob/master/docs/cri/registry.md

Also, see this answer https://stackoverflow.com/a/67310470/1106294

score 0 · Answer 3 · answered May 25 '23 at 10:36

The reason is your private registry is non-secure without https. The I have below segment in containerd/config.yaml and it works for me. I hope this helps.

[plugins."io.containerd.grpc.v1.cri".registry] config_path = "" [plugins."io.containerd.grpc.v1.cri".registry.auths] [plugins."io.containerd.grpc.v1.cri".registry.configs] [plugins."io.containerd.grpc.v1.cri".registry.configs."192.167.103.199:5000".tls] insecure_skip_verify = true [plugins."io.containerd.grpc.v1.cri".registry.headers] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.167.103.199:5000"] endpoint = ["http://192.167.103.199:5000"]

Kubernetes with containerd : http: server gave HTTP response to HTTPS client

3 Answers3