Does cri support config proxy?

[hmtai]

Now I want to pull images from my private registry,and I have config in config.toml like this.But I don't know how to config the proxy.Does it can config like docker in /etc/systemd/system/docker.service.d/https-proxy.conf?

[Service]
Environment="HTTP_PROXY=http://9.21.60.88:8123/" "NO_PROXY=localhost,127.0.0.1,cluster1.icp:8500,mycluster.icp:8500"

[Random-Liu]

@hmtai We are using http.DefaultClient. https://github.com/containerd/cri/blob/master/pkg/server/image_pull.go#L92

Based on the golang doc DefaultTransport is the default implementation of Transport and is used by DefaultClient. It establishes network connections as needed and caches them for reuse by subsequent calls. It uses HTTP proxies as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and $no_proxy) environment variables. HTTP_PROXY, HTTPS_PROXY and NO_PROXY should be supported.

Have you tried Environment="HTTP_PROXY=http://9.21.60.88:8123/" "NO_PROXY=localhost,127.0.0.1,cluster1.icp:8500,mycluster.icp:8500"? Doesn't it work? @hmtai

[hmtai]

@Random-Liu Yes,I have tried and it does't work for crictl pullbut ctrcan use this proxy to pull images.

ctr images pull -u token:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJmZTI1ZDQzZS1iNzBlLTU2NDctOGE5Yy0wNjFjZjUyZDI2ODYiLCJpc3MiOldCJ9.Pn9Vf7sNCQahDWfj2Xi9kGXzq-0hGFnAGhqqpUrWwt4 registry.ng.bluemix.net/mdelder/etcd:v3.2.14
registry.ng.bluemix.net/mdelder/etcd:v3.2.14:                                     resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:8ca91e89e035213a7f89850c04f09ff26eb8737a34a129871f208ea6836dcfb8:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:0ed513ba3c01b01ddd409dbad3ea18ffc69f788aa207967841271c95e219c622: done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c15c14574a0bc94fb65cb906baae5debd103dd02991f3449adaa639441b7dde4:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9ba32cd32bb3b5ef22d0391a47f1dc881add65d5b46138f9d2d6baf6d87d952c:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4784c1cc8628dd47e662931762b7e20edf55b24aac965fd428a77663b6249b8f:    done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:94bc3af972c98ce73f99d70bd72144caa8b63e541ccc9d844960b7f0ca77d7c4:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:841a50506c538f22f66506bb7318ba7f399fb681553b5f377127e1b7b93d5b78:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28:    exists         |++++++++++++++++++++++++++++++++++++++|
layer-sha256:8f16dd24d5ae46cb89281286b74c1df278296e8baf32cfc2662c92ceb472120a:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 22.3s                                                                    total:  9.9 Mi (453.9 KiB/s)
unpacking sha256:8ca91e89e035213a7f89850c04f09ff26eb8737a34a129871f208ea6836dcfb8...
done

[Random-Liu]

@hmtai You should start containerd with those environment variables. Not crictl. Doesn't it work?

[hmtai]

@Random-Liu oh,when I add in containerd.service Environment.It works.Thanks a lot.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target

[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Restart=always
RestartSec=5
Delegate=yes
KillMode=process
OOMScoreAdjust=-999
LimitNOFILE=1048576
Environment="HTTP_PROXY=http://9.21.60.88:8123/"

[Random-Liu]

@hmtai Yeah, that's what I thought. Thanks for confirming.