preface
K8S(Kubernetes) is increasingly popular, but because it is from Google, it is not friendly to domestic users. On April 2, 2020, the *.azk8s.cn universal mirror site also restricted IP access outside Azure China, adding insult to insult (many production clusters should start jumping).
Ps: https://github.com/Azure/container-service-for-azure-china/issues/58 for such a big event, didn’t notice in advance…
Today we are going to sort out how K8S is sailing happily in China. First, let’s take a look at some of the walls that Korean K8S need to climb.
Linux Source
Used to install docker, Kubelet, Kubectl, kubeadm and other software.
Container image library
Currently commonly used K8S image library has
- IO (Docker Hub public image library)
- gcr.io (Google container registry)
- K8s.gcr. IO (equivalent to GCR. IO/Google-containers)
- Quay. IO (Red Hat-operated mirror library)
Domestic countermeasures
Linux Source
The Linux source image is relatively simple. Ali’s image source is recommended. Docker CE: https://developer.aliyun.com/mirror/docker-ce Kubernetes: https://developer.aliyun.com/mirror/kubernetes
Container image library
Since *.azk8s.cn is closed, there is no alternative resource for Gcr. IO at present. If you have relevant resources, please contact me and I will add them to the article.
Docker Hub
As for Docker Hub, there are many accelerated image sources in China. Such as:
- Ali Cloud image accelerator (recommended, need to register users)
- Registered address: https://cr.console.aliyun.com/cn/instances/mirrors
- DaoCloud Imaging Accelerator
- Accelerator address: https://f1361db2.m.daocloud.io
- Seven ox cloud mirror accelerator
- Accelerator address: https://reg-mirror.qiniu.com
use
To modify the configuration of the Docker and add registry-mirrors to it, restart the Docker. The configuration file is stored in /etc/docker-daemon. json
The official document: https://docs.docker.com/registry/recipes/mirror/
{
"registry-mirrors": ["https://f1361db2.m.daocloud.io"].}
Copy the code# restart docker
systemctl daemon-reload && systemctl restart docker
Copy the codeinstructions
If you use it in the production environment, we recommend using ali Cloud image accelerator first, although registration is a bit troublesome. This is my current stable accelerator (I miss dockerhub.azk8s.cn).
quay.io
There are few available sources for quay. IO, and there are currently the following mirror sites
- Quay-mirror.qiniu.com (Seven Niu Yun, recommended, but no statement of long-term support found)
- Quay.mirrors.ustc.edu.cn (USTC, often unavailable, not recommended)
use
Replace the quay. IO in the mirror with quay-mirror.qiniu.com, as in:
Quay. IO/Prometheus/node - exporter: v0.18.1# replace with the following format
quay-mirror.qiniu.com/prometheus/node-exporter:v0.18.1
Copy the codeinstructions
Neither source is long-term stable and seven niuyun is currently available, but no official statement of long-term support has been found. Ustc stated that there is maintenance, but after the test, the basic state is not available.
GCR. IO and k8s. GCR. IO
As a result, I can’t find a universal mirror for either source. That was the hardest part, and it took me a lot of time.
K8s.gcr. IO /
:
= gcr. IO/Google-containers /
:
There is no stable mirror synchronization path. If you can FQ, then it is better. If not, many emerging technologies in K8S ecology may be difficult for you to experience (Tekton, Knative, etc.). In this case you can only go to the domestic mirror station to find others to pass up the copy, such as: Ali cloud third-party mirror, Dockerhub, etc..
So far I have found the following mirror libraries:
- Googlecontainersmirror (I myself from gcr. IO synchronization to Docker Hub image, only contains several core images and versions, can ensure the normal operation of K8S)
- The image content: https://hub.docker.com/u/googlecontainersmirror
- Registry.aliyuncs.com/google_containers (ali cloud third party users to upload image, mirror image more)
use
Will mirror the k8s. GCR. IO or GCR. IO/Google – containers to replace for registry.aliyuncs.com/google_containers or googlecontainersmirror, such as:
registry.aliyuncs.com/google_containers
GCR. IO/Google - containers/kube - proxy: v1.18.0# replace with
registry.aliyuncs.com/google_containers/kube-proxy:v1.18.0
K8s. GCR. IO/kube - proxy: v1.18.0# replace with registry.aliyuncs.com/google_containers/kube-proxy:v1.18.0 Copy the codegooglecontainersmirror
GCR. IO/Google - containers/kube - proxy: v1.18.0# replace with
Googlecontainersmirror/kube - proxy: v1.18.0
K8s. GCR. IO/kube - proxy: v1.18.0# replace with Googlecontainersmirror/kube - proxy: v1.18.0Copy the codeSites that claim to offer mirrors (all unavailable after testing) :
- Gcr.mirrors.ustc.edu.cn (unavailable after testing)
- Gcr-mirror.qiniu.com (not available after testing)
instructions
- Why synchronize your own images instead of using an existing mirror library?
Because I have not found any official certification for the existing mirror library, it should be uploaded by individuals. We are worried that the K8S cluster running in production will encounter security problems. For everyone is the third party synchronized mirror we can choose, if it is used for production or recommended to push to their own mirror library to ensure the security of the mirror.
- Is googlecontainersmirror slow to pull on Docker Hub?
DockerHub accelerator is used here, and the pulling speed depends on the speed of the accelerator, which is usually very fast.
conclusion
Linux software image source
Docker CE: https://developer.aliyun.com/mirror/docker-ce
Kubernetes: https://developer.aliyun.com/mirror/kubernetes
Container image source (delete line unavailable)
| The source | The mirror |
|---|---|
| Docker Hub | https://<user_code>.mirror.aliyuncs.com, https://f1361db2.m.daocloud.io, https://reg-mirror.qiniu.com, |
| k8s.gcr.io | googlecontainersmirror, registry.aliyuncs.com/google_containers, |
| quay.io | quay-mirror.qiniu.com, |