added docker hub mirror cache to buildkit

damoon · May 24, 2021 · c362073 · c362073
1 parent 227f78f
commit c362073
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 32 deletions.
diff --git a/Tiltfile b/Tiltfile
@@ -45,5 +45,5 @@ docker_build(
 k8s_resource(
   'wedding',
   port_forwards=['12376:2376'],
-  resource_deps=['minio-buckets', 'registry'],
+  resource_deps=['minio-buckets', 'registry', 'docker-hub-mirror'],
 )
diff --git a/deployment/config.yaml b/deployment/config.yaml
@@ -10,7 +10,11 @@ data:
       noProcessSandbox = true
 
     [registry."docker.io"]
-      mirrors = ["mirror.gcr.io"]
+      mirrors = ["wedding-docker-hub-mirror:5000"]
+
+    [registry."wedding-docker-hub-mirror:5000"]
+      http = true
+      insecure = true
 
     [registry."wedding-registry:5000"]
       http = true

diff --git a/service-dependencies/Tiltfile b/service-dependencies/Tiltfile
@@ -16,3 +16,10 @@ k8s_resource(
   new_name='registry',
   port_forwards=5000,
 )
+
+k8s_yaml('docker-hub-mirror.yaml')
+k8s_resource(
+  'wedding-docker-hub-mirror',
+  new_name='docker-hub-mirror',
+  port_forwards=5001,
+)
diff --git a/service-dependencies/docker-hub-mirror.yaml b/service-dependencies/docker-hub-mirror.yaml
@@ -0,0 +1,97 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wedding-docker-hub-mirror
+spec:
+  ports:
+    - name: http
+      port: 5000
+  selector:
+    app: wedding-docker-hub-mirror
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wedding-docker-hub-mirror
+spec:
+  selector:
+    matchLabels:
+      app: wedding-docker-hub-mirror
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: wedding-docker-hub-mirror
+    spec:
+      containers:
+        - name: wedding-docker-hub-mirror
+          image: registry:2.7.1
+          ports:
+            - name: http
+              containerPort: 5000
+          resources:
+            limits:
+              cpu: 1000m
+              memory: "500Mi"
+            requests:
+              cpu: "100m"
+              memory: "500Mi"
+          livenessProbe:
+            httpGet:
+              path: /v2/
+              port: 5000
+          readinessProbe:
+            httpGet:
+              path: /v2/_catalog?n=1
+              port: 5000
+          env:
+            - name: REGISTRY_LOG_ACCESSLOG_DISABLED
+              value: "true"
+            - name: REGISTRY_LOG_LEVEL
+              value: "warn"
+            - name: REGISTRY_STORAGE_S3_ACCESSKEY
+              valueFrom:
+                secretKeyRef:
+                  name: wedding-minio
+                  key: MINIO_ACCESS_KEY
+            - name: REGISTRY_STORAGE_S3_SECRETKEY
+              valueFrom:
+                secretKeyRef:
+                  name: wedding-minio
+                  key: MINIO_SECRET_KEY
+          volumeMounts:
+            - name: config
+              mountPath: /etc/docker/registry/
+      volumes:
+        - name: config
+          configMap:
+            name: wedding-docker-hub-mirror
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wedding-docker-hub-mirror
+data:
+  config.yml: |
+    version: 0.1
+    log:
+      fields:
+        service: registry-mirror
+    storage:
+      s3:
+        region: us-east-1
+        regionendpoint: http://wedding-minio:9000
+        bucket: docker-hub-mirror
+        encrypt: false
+        secure: true
+        v4auth: true
+        chunksize: 5242880
+        rootdirectory: /
+      redirect:
+        disable: true
+    proxy:
+      remoteurl: https://registry-1.docker.io
+    http:
+      addr: :5000
+      headers:
+        X-Content-Type-Options: [nosniff]
diff --git a/service-dependencies/minio.yaml b/service-dependencies/minio.yaml
@@ -109,6 +109,7 @@ spec:
               until timeout 10 mc admin info minio; do sleep 1; done
               mc mb minio/contexts --ignore-existing
               mc mb minio/registry --ignore-existing
+              mc mb minio/docker-hub-mirror --ignore-existing
           resources:
             limits:
               cpu: 20m

diff --git a/service-dependencies/registry.yaml b/service-dependencies/registry.yaml
@@ -44,13 +44,6 @@ spec:
             httpGet:
               path: /v2/_catalog?n=1
               port: 5000
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - sh
-                  - -c
-                  - "sleep 10"
           env:
             - name: REGISTRY_LOG_ACCESSLOG_DISABLED
               value: "true"
@@ -66,36 +59,13 @@ spec:
                 secretKeyRef:
                   name: wedding-minio
                   key: MINIO_SECRET_KEY
-            - name: REGISTRY_HTTP_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: wedding-registry
-                  key: HTTP_SECRET
           volumeMounts:
             - name: config
               mountPath: /etc/docker/registry/
       volumes:
         - name: config
           configMap:
             name: wedding-registry
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - wedding-registry
-              topologyKey: "kubernetes.io/hostname"
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wedding-registry
-type: Opaque
-stringData:
-  HTTP_SECRET: shared_secret_123
 ---
 apiVersion: v1
 kind: ConfigMap