请求添加gcr.io反向代理
NickCao opened this issue · 28 comments
@zhsj 存在用户上传的数据,感觉有些安全风险
link. ustclug/discussions#53
可考虑只读,能pull image即可
@NickCao 我搭建了一个测试站,试试能用吗? http://gcr.rrr.rs/
@gaoyifan
Error response from daemon: Get https://gcr.rrr.rs/v1/_ping: x509: certificate is valid for any.ustclug.org, ustclug.org, *.ustclug.org, not gcr.rrr.rs
Accepted.
Try gcr.mirrors.ustc.edu.cn like
docker pull gcr.mirrors.ustc.edu.cn/google_containers/echoserver:1.4
Same mirror method like docker hub :)
@zhsj How about providing a url of sub-directory style, i.e. mirrors.ustc.edu.cn/gcr/...
?
got it.
BTW, it occurs to me that we already have a reverse proxy server: proxy.ustclug.org
.
Could we just rewrite the url? e.g.
rewrite /gcr(/.*) $scheme://gcr.proxy.ustclug.org$1 permanent;
some images not found.
➜ ~ docker pull gcr.mirrors.ustc.edu.cn/google_containers/kubernetes-dashboard-amd64:1.7.1
Pulling repository gcr.mirrors.ustc.edu.cn/google_containers/kubernetes-dashboard-amd64
Error: image google_containers/kubernetes-dashboard-amd64:1.7.1 not found
@wkjun 似乎不是公开镜像?
$ docker pull gcr.io/google_containers/kubernetes-dashboard-amd64:1.7.1
Pulling repository gcr.io/google_containers/kubernetes-dashboard-amd64
unauthorized: authentication required
sorry , tag 缺少了个v
docker pull gcr.mirrors.ustc.edu.cn/google_containers/kubernetes-dashboard-amd64:v1.7.1
现在正常,O(∩_∩)O谢谢:
docker pull gcr.mirrors.ustc.edu.cn/google_containers/kubernetes-dashboard-amd64:v1.7.1
v1.7.1: Pulling from google_containers/kubernetes-dashboard-amd64
fb18e0636263: Downloading [=========================> ] 20.91MB/41.71MB
经测试,docker 的 registry 工具可以镜像gcr.
registry proxy配置段
proxy:
#remoteurl: https://registry-1.docker.io
remoteurl: https://gcr.io
测试结果如下: (这是自己的vps,带宽有限,请大家测试的时候悠着点流量
)
$ sudo docker pull registry.u17.io/google_containers/kubernetes-dashboard-amd64:v1.7.1
v1.7.1: Pulling from google_containers/kubernetes-dashboard-amd64
fb18e0636263: Pull complete
Digest: sha256:327cfef378e88ffbc327f98dd24adacf6c9363c042db78e922d050f2bdcf6f78
Status: Downloaded newer image for registry.u17.io/google_containers/kubernetes-dashboard-amd64:v1.7.1
$ sudo docker pull registry.u17.io/google_containers/kubedns-amd64:1.9
1.9: Pulling from google_containers/kubedns-amd64
8ddc19f16526: Pull complete
a3ed95caeb02: Pull complete
acc68ed00435: Pull complete
Digest: sha256:3d3d67f519300af646e00adcf860b2f380d35ed4364e550d74002dadace20ead
Status: Downloaded newer image for registry.u17.io/google_containers/kubedns-amd64:1.9
@gaoyifan , can I use gcr.mirrors.ustc.edu.cn as a simple registry mirror, set "registry-mirrors": ["https://gcr.mirrors.ustc.edu.cn"] in deamon.json ?
It looks it doesn't work this way.
some mirror seems not working:
~ % docker pull gcr.mirrors.ustc.edu.cn/kaniko-project/executor
Using default tag: latest
Error response from daemon: Get https://gcr.mirrors.ustc.edu.cn/v2/: net/http: TLS handshake timeout
~ % curl https://gcr.mirrors.ustc.edu.cn/v2/
{}%
curl works means the network is not the problem
docker pull gcr.mirrors.ustc.edu.cn/kubernetes-helm/tiller:v2.9.1
Error response from daemon: received unexpected HTTP status: 504 Gateway Time-out
is gcr.mirrors.ustc.edu.cn still usable?
docker pull gcr.mirrors.ustc.edu.cn/kubernetes-helm/tiller:v2.16.8
Trying to pull repository gcr.mirrors.ustc.edu.cn/kubernetes-helm/tiller ...
received unexpected HTTP status: 504 Gateway Time-out
gcr.mirrors.ustc.edu.cn 返回403
gcr.mirrors.ustc.edu.cn 返回403
见 https://mirrors.ustc.edu.cn/help/dockerhub.html。我们正在考虑使用 #276 中的方案构建 registry,但是在此之前科大校外用户需要考虑使用其他替代方案(例如阿里云提供的公开镜像服务)。