k8s.gcr.io 相关的镜像在国内是没办法访问的,最近看到了大佬分享的加速器教程,实现方式是 k8s 集群实现的,因为服务器资源有限,所以直接二进制启动快速搭建加速器
https://fuckcloudnative.io/posts/docker-registry-proxy/
二进制快速搭建
首先你需要一个域名,域名需要有 https 证书,这个可以用 certbot 快速申请,还需要一台海外服务器,这个自行解决。
只需要 nginx 和 register 就可以快速搭建好加速镜像
首先下载 register 二进制包
tar xvf registry_2.8.0_linux_amd64.tar.gz
mkdir -p /usr/local/registry/conf
mkdir -p /usr/local/registry/bin
cp registry /usr/local/registry/bin准备好配置文件 config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /data/docker-register
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
proxy:
remoteurl: https://k8s.gcr.io
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3启动服务
./bin/registry serve conf/config.ymlNginx 代理配置
server {
server_name gcr-docker.xxxxx.red;
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /data/logs/nginx/access.log main;
error_log /data/logs/nginx/error.log;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gcr-docker.xxx.red/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gcr-docker.xxx.red/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
拉取镜像
docker pull gcr-docker.xxxxx.red/kube-apiserver:v1.17.3
大功告成!