github.com/sealerio/sealer@v0.11.1-0.20240507115618-f4f89c5853ae/docs/design/docker-image-cache.md (about) 1 # docker image cache 2 3 ## docker daemon config 4 /etc/docker/daemon.json 5 6 we bring some changes on dockerd, there is a new filed in daemon.json—"mirror-registries". 7 8 Over the standard docker version. `docker pull a.test.com/test/test:v1` will go to a.test.com directly, even though the 9 "registry-mirrors" was configured. 10 11 With "mirror-registries", we can make the `docker pull a.test.com/test/test:v1` to some mirror endpoints. There are some 12 examples following: 13 14 Step 1: 15 16 `docker pull reg.test1.com/library/nginx:latest` from `mirror.test1.com`, `/mirror.test2.com` first. 17 18 ```json 19 { 20 "mirror-registries":[ 21 { 22 "domain": "reg.test1.com", 23 "mirrors": ["http://mirror.test1.com", "https://mirror.test2.com"] 24 } 25 ] 26 } 27 ``` 28 29 Step 2: 30 31 docker pull anything from `http://sea.hub:5000`, `https://mirror.test2.com` first 32 33 ```json 34 { 35 "mirror-registries":[ 36 { 37 "domain": "*", 38 "mirrors": ["http://sea.hub:5000", "https://mirror.test2.com"] 39 } 40 ], 41 "insecure-registries": ["sea.hub:5000", "mirror.test1.com"] 42 } 43 ``` 44 45 ### registry config 46 47 Config with registry auth info 48 49 ```yaml 50 version: 0.1 51 log: 52 fields: 53 service: registry 54 storage: 55 cache: 56 blobdescriptor: inmemory 57 filesystem: 58 rootdirectory: /var/lib/registry 59 http: 60 addr: :5000 61 headers: 62 X-Content-Type-Options: [nosniff] 63 proxy: 64 remoteregistries: 65 # will cache image from docker pull docker.io/library/nginx:latest or docker pull nginx 66 - url: https://registry-1.docker.io #dockerhub default registry 67 username: 68 password: 69 # will cache image from docker pull reg.test1.com/library/nginx:latest 70 - url: https://reg.test1.com 71 username: username 72 password: password 73 - url: http://reg.test2.com 74 username: username 75 password: password 76 health: 77 storagedriver: 78 enabled: true 79 interval: 10s 80 threshold: 3 81 ``` 82 83 Or config with nothing remote registry info, we can get this info dynamically. 84 85 ```yaml 86 version: 0.1 87 log: 88 fields: 89 service: registry 90 storage: 91 cache: 92 blobdescriptor: inmemory 93 filesystem: 94 rootdirectory: /var/lib/registry 95 http: 96 addr: :5000 97 headers: 98 X-Content-Type-Options: [nosniff] 99 proxy: 100 #turn on the proxy ability, but with noting registry auth info. 101 on: true 102 health: 103 storagedriver: 104 enabled: true 105 interval: 10s 106 threshold: 3 107 ``` 108 109 registry config should be mounted as /etc/docker/registry/config.yml, and mount host /var/lib/registry using -v /var/lib/registry/:/var/lib/registry/ to store image cache 110 111 ### Describe what feature you want 112 113 ### Additional context 114 remote registry could be added dynamically, but I do not store the dynamical remote registry info, because there would be many pair of username and password for same url probably, and maybe some image from different namespace has different auth info. Thus, it's costly for adding remote registries dynamically, every docker pull request will generate request to real registry from local registry to get real auth endpoint. 115 And for making cache registry work, there must be one remote registry item, so I take the following config as default registry config.yml. 116 117 ```yaml 118 version: 0.1 119 log: 120 fields: 121 service: registry 122 storage: 123 cache: 124 blobdescriptor: inmemory 125 filesystem: 126 rootdirectory: /var/lib/registry 127 http: 128 addr: :5000 129 headers: 130 X-Content-Type-Options: [nosniff] 131 proxy: 132 remoteregistries: 133 - url: https://registry-1.docker.io 134 username: 135 password: 136 health: 137 storagedriver: 138 enabled: true 139 interval: 10s 140 threshold: 3 141 ``` 142 143 at the runtime, I guess not everyone needs the cache ability, So I recommend turn the cache off, leave the choice to users. 144 the following config will turn off cache ability, and the registry will behave like the community version. 145 146 ```yaml 147 version: 0.1 148 log: 149 fields: 150 service: registry 151 storage: 152 cache: 153 blobdescriptor: inmemory 154 filesystem: 155 rootdirectory: /var/lib/registry 156 http: 157 addr: :5000 158 headers: 159 X-Content-Type-Options: [nosniff] 160 health: 161 storagedriver: 162 enabled: true 163 interval: 10s 164 threshold: 3 165 ``` 166 167 docker run -v {pathToTheConfigAbove}:/etc/docker/registry/config.yml 168 169 if you do not want to provide any remote url, depend on request to config auth info dynamically. should config registry by following way: 170 171 ```yaml 172 version: 0.1 173 log: 174 fields: 175 service: registry 176 storage: 177 cache: 178 blobdescriptor: inmemory 179 filesystem: 180 rootdirectory: /var/lib/registry 181 proxy: 182 on: true 183 http: 184 addr: :5000 185 headers: 186 X-Content-Type-Options: [nosniff] 187 health: 188 storagedriver: 189 enabled: true 190 interval: 10s 191 threshold: 3 192 ```