Build docker image warehouse agent

Time:2021-2-25

When using kubernetes, we need to visit it frequently gcr.io Image warehouse, for well-known reasons, gcr.io It’s not accessible in China. gcr.azk8s . cn is gcr.io The proxy site of the image warehouse can be used to gcr.azk8s Visit www.cn gcr.io The image in the warehouse, but at present *. Azk8s.cn is only used by azure China’s IP, and no longer provides external services. In order to have a smooth visit gcr.io Image warehouse, we need to build a similar warehouse outside the wall gcr.azk8s . CN image warehouse agent site.

prerequisite

  • A server that can climb over the wall
  • A domain name and domain name related SSL Certificate (domain name certificate needs to be verified when docker pull image)

Install and configure docker

Add docker Yum warehouse

$ yum install -y yum-utils
$ yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Install docker

$ yum install -y docker-ce docker-ce-cli containerd.io

Configure docker

Configure docker as follows: set the log format of docker as JSON, the log file size as 100m, and save up to 3 logs; next, set the private warehouse and official image acceleration address of docker image; set the data directory of docker to / data / docker; finally, set the storage driver of docker to overlay 2.

$ mkdir /etc/docker
$ cat << EOF > /etc/docker/daemon.json
{
  "log-driver": "json-file",
    "log-opts": {
      "max-size": "100m",
      "max-file": "3"
    },
  "insecure-registry": [
    "hub.yyy.com"
  ],
  "registry-mirror": "https://q00c7e05.mirror.aliyuncs.com",
  "data-root": "/data/docker",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

Start docker

$ systemctl enable docker && systemctl start docker

Install docker compose

$ curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose
$ ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
$ docker-compose --version
docker-compose version 1.25.4, build 1110ad01

Starting the image warehouse agent

Preparation before startup

Download the registry proxy configuration file from GitHub:

$ git clone https://github.com/findsec-cn/registry-proxy.git
$ cd registry-proxy

Place the certificate of the domain name in the cert directory, where server.crt For SSL certificate file, server.key Is the SSL private key.

Modification nginx.conf Configuration file, replace the domain name in the configuration file with your own domain name( yyy.com ):

$ sed -i 's/xxx.com/yyy.com/g' nginx.conf

Starting the image warehouse agent

Start the image warehouse agent:

$ docker-compose up -d

To view the startup log:

$ docker-compose logs -f

Domain name resolution

Will hub.yyy.com 、 gcr.yyy.com Resolve to the address of this server.

We can go through it http://hub.yyy.com To view the images cached in the image warehouse, you can gcr.yyy.com Download the image.

Using image warehouse agent

All we need is k8s gcr.io Replace with gcr.yyy.com/google -Will; will gcr.io Replace with gcr.yyy.com You can download it gcr.io The mirror image in the warehouse.

For example, we need to download the image:

$ docker pull k8s.gcr.io/pause:3.1

It can be downloaded through the image warehouse agent as follows:

$ docker pull gcr.yyy.com/google-containers/pause:3.1

For example, we need to download the image:

$ gcr.io/kubernetes-helm/tiller:v2.16.3
$ gcr.io/google-containers/etcd:3.2.24

It can be downloaded through the image warehouse agent as follows:

$ gcr.yyy.com/kubernetes-helm/tiller:v2.16.3
$ gcr.yyy.com/google-containers/etcd:3.2.24

If you deploy the kubernetes cluster with kubedm, you can set the image address in the kubedm configuration file as follows: gcr.yyy.com/google -containers

$ cat kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.18.1
......
imageRepository: gcr.yyy.com/google-containers

More articles please pay attention to our WeChat official account:

Build docker image warehouse agent

You can also join kubernetes technology QQ group to exchange and learn:

Build docker image warehouse agent