利用 Registry 的 镜像代理与缓存 功能加速&缓存镜像,同时支持 dockerhub、gcr.io、quay.io、nvcr.io、registry.k8s.io 等多个仓库,保持原有仓库的镜像tag不变,且一次拉取之后打包整个仓库目录可离线使用,
git clone https://github.com/brighill/registry-mirror.git
cd registry-mirror
./get-docker.sh --mirror Aliyun
./gencert.sh
从镜像源或者内部镜像仓库拉取镜像(以m.daocloud.io为例)
docker pull m.daocloud.io/docker.io/library/registry:2.8.3
docker pull m.daocloud.io/docker.io/library/nginx:alpine
docker tag m.daocloud.io/docker.io/library/registry:2.8.3 registry:2.8.3
docker tag m.daocloud.io/docker.io/library/nginx:alpine nginx:alpine
设置代理(代理服务器需要允许局域网访问,且ip不能指定为127.0.0.1)
# 例1: socks5 代理 ip 192.168.1.1 端口 1080
export PROXY=socks5://192.168.1.1:1080
# 例2: http 代理ip 192.168.1.1 端口 1080
export PROXY=http://192.168.1.1:1080
启动服务
docker compose up -d
docker compose up -d
以自建仓库ip为192.168.1.1为例,修改/etc/hosts 添加以下内容
192.168.1.1 gcr.io quay.io docker.io registry-1.docker.io nvcr.io registry.k8s.io custom.local
以下命令假设已经把第二步生成的 cert/ca.crt 上传到当前目录下的 cert/ca.crt
# macOS
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain cert/ca.crt
# Debian/Ubuntu
sudo apt install ca-certificates
sudo cp cert/ca.crt /usr/local/share/ca-certificates/ca.crt
sudo update-ca-certificates
# CentOS/Fedora/RHEL
sudo yum install ca-certificates
sudo update-ca-trust force-enable
sudo cp cert/ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
sudo systemctl daemon-reload
sudo systemctl restart docker
# Docker Hub
docker pull alpine
# registry.k8s.io
docker pull registry.k8s.io/pause:3.9
# quay.io
docker pull quay.io/coreos/etcd:v3.4.33
# gcr.io
docker pull gcr.io/google-containers/pause:3.2
# ghcr.io
docker pull ghcr.io/coder/coder:v2.13.0
# nvcr.io
docker pull nvcr.io/nvidia/k8s/cuda-sample:devicequery