1.registry搭建
1.1 部署registry
configmap:
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-conf
namespace: default
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
storage:z
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
statefulset:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: registry-test
spec:
podManagementPolicy: OrderedReady
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: registry-test
serviceName: nest-registry-hs-test
template:
metadata:
creationTimestamp: null
labels:
app: registry-test
spec:
containers:
- image:registry:v2
imagePullPolicy: IfNotPresent
name: registry-test
ports:
- containerPort: 5000
protocol: TCP
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 200m
memory: 512Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/registry
name: data
- mountPath: /etc/docker/registry
name: conf
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: data
persistentVolumeClaim:
claimName: registry-pvc
- name: conf
configMap:
name: registry-conf
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
svc:
apiVersion: v1
kind: Service
metadata:
name: registry-test
spec:
ports:
- port: 5000
protocol: TCP
targetPort: 5000
selector:
app: registry-test
sessionAffinity: None
1.2 配置crio/docker/containerd镜像源
这里以crio为例。 其他参数对应的官方文档
[root@istack-gd-gz-edge-01 registry]# cat /etc/containers/registries.conf
unqualified-search-registries = ["harbor.ctyuncdn.cn"]
# library/nginx-ingress-controller:0.30.0
# ecf-edge/kube-ovn:v1.8.6
[[registry]]
prefix = "docker.io"
insecure = true
blocked = false
location = "${svc_cluster_ip}:5000"
例如这个配置就是表示 镜像名字前缀命中 docker.io的都从自己搭建的registry本地仓库去拉取。 不用去docker.io拉取了。
2.registry缓存
2.1 背景说明
如果项目实践的过程中,使用这种单一节点registry作为本地镜像仓库,那么如果当拉取的节点过多的时候,单节点的网络带宽和磁盘是有一定压力的。因此在此背景下,提出引入镜像缓存的方案。 而这个缓存就是proxy模式的registry。
2.2 搭建部署
部署文档和1.1里的不同的就是configmap: 根据实际替换掉svc_cluster_ip值, 这个值为上述1.1里的中心registy服务的svc ip。
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-conf-proxy
namespace: default
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: h\\t\\t\\p://${svc_cluster_ip}:5000
username:
password:
去除上面remoteUrl里的: \\t
2.2 架构
如下图所示,是在每个k8s集群内部都增加了一个proxy 模式的registry,来做镜像文件的二级缓存,避免流量都直接打到中心registry。
3.总结
本文介绍基于registry进行搭建本地镜像仓库,在离线环境下使用。同时介绍了proxy 模式的registry来充当镜像缓存,来解决大规模场景下的大流量问题。 后续还会介绍使用基于P2P的传输方式的镜像分发工具,例如Dragonfly等。