Skip to main content
GeekCity

GeekCity

diff -r live/ evil/

blog
source code for this blog
Commands
Commands
a set of commands for shell, java, git and so on
Qemu
Qemu
QEMU is a generic and open source machine & userspace emulator and virtualizer
Linux
Linux
Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released by Linus Torvalds
Docker
Docker
Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers
Kubernetes
Kubernetes
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications
Data-Lake
Data-Lake
A data lake is a centralized repository that allows you to store all your structured and unstructured data at any scale
about me
about me
container-image-mirror

logic

  • inspired by wzshiming
  • logic-of-container-image-mirror.png
  • references
    • https://github.com/DaoCloud/crproxy
    • https://docs.docker.com/docker-hub/mirror/
    • https://github.com/twuni/docker-registry.helm

ben.wangzLess than 1 minute
container registry with s3 storage(minio)
  1. minio server
  2. create bucket named blog
    •   podman run --rm \
            --entrypoint bash \
            -it docker.io/minio/mc:latest \
            -c "mc alias set minio http://host.containers.internal:9000 minioadmin minioadmin \
                && mc ls minio \
                && mc mb --ignore-existing minio/blog \
                && mc ls --recursive minio"
      
  3. container registry with envs to override the config to use minio as s3 storage
    • podman run --rm \
          --name registry \
          -p 5000:5000 \
          -e REGISTRY_STORAGE=s3 \
          -e REGISTRY_STORAGE_S3_ACCESSKEY=minioadmin \
          -e REGISTRY_STORAGE_S3_SECRETKEY=minioadmin \
          -e REGISTRY_STORAGE_S3_REGION=us-east-1 \
          -e REGISTRY_STORAGE_S3_BUCKET=blog \
          -e REGISTRY_STORAGE_S3_ROOTDIRECTORY=components/container-registry \
          -e REGISTRY_STORAGE_S3_SECURE=false \
          -e REGISTRY_STORAGE_S3_REGIONENDPOINT=http://host.containers.internal:9000 \
          -e REGISTRY_STORAGE_S3_FORCEPATHSTYLE=true \
          -d docker.io/library/registry:2
      
  4. add hosts to resolve host.containers.internal
    • echo "127.0.0.1 host.containers.internal" >> /etc/hosts
      
  5. testing

ben.wangzLess than 1 minute
container registry with s3 storage(oss from aliyun)
  1. assuming
    • we have a bucket named blog in oss
    • OSS_ACCESS_KEY_ID=your_access_key_id
      OSS_ACCESS_KEY_SECRET=your_access_key_secret
      OSS_REGION=oss-cn-hangzhou
      OSS_ENDPOINT=http://oss-cn-hangzhou-internal.aliyuncs.com
      
  2. container registry with envs to override the config to use oss as s3 storage
    • podman run --rm \
          --name registry \
          -p 5000:5000 \
          -e REGISTRY_STORAGE=s3 \
          -e REGISTRY_STORAGE_S3_ACCESSKEY=$OSS_ACCESS_KEY_ID \
          -e REGISTRY_STORAGE_S3_SECRETKEY=$OSS_ACCESS_KEY_SECRET \
          -e REGISTRY_STORAGE_S3_REGION=$OSS_REGION \
          -e REGISTRY_STORAGE_S3_BUCKET=blog \
          -e REGISTRY_STORAGE_S3_ROOTDIRECTORY=components/container-registry \
          -e REGISTRY_STORAGE_S3_SECURE=true \
          -e REGISTRY_STORAGE_S3_REGIONENDPOINT=$OSS_ENDPOINT \
          -e REGISTRY_STORAGE_S3_FORCEPATHSTYLE=true \
          -d docker.io/library/registry:2
      
  3. tests not passed, the same problem as this issue 4452

ben.wangzLess than 1 minute
tests for container registry
  1. podman pull docker.io/library/alpine:latest
    podman tag docker.io/library/alpine:latest localhost:5000/alpine:latest
    podman push --tls-verify=false localhost:5000/alpine:latest
    
  2. podman image rm docker.io/library/alpine:latest localhost:5000/alpine:latest
    podman pull --tls-verify=false localhost:5000/alpine:latest
    

ben.wangzLess than 1 minute
let's encrypt

references

  • https://letsencrypt.org/getting-started/
  • https://github.com/acmesh-official/acme.sh/wiki/dnsapi#11-use-aliyun-domain-api-to-automatically-issue-cert
  • https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker

prerequisites


ben.wangzAbout 1 min
chart-museum

prepare

  1. k8s is ready
  2. argocd is ready and logged in
  3. ingress is ready
  4. cert-manager is ready
    • the clusterissuer named self-signed-ca-issuer is ready
  5. minio is ready

ben.wangzAbout 1 min