dragonflyoss
/
dragonfly
mirror of https://github.com/dragonflyoss/dragonfly.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
dragonfly/docs/en/runtime-integration/containerd/mirror.md

157 lines
4.1 KiB
Markdown
Raw Blame History

# Use dfget daemon for containerd
From v1.1.0, Containerd supports registry mirrors,
we can configure Containerd via this feature for HA.
## Quick Start
### Step 1: Configure dfget daemon
To use dfget daemon as registry mirror,
first you need to ensure configuration in `/etc/dragonfly/dfget.yaml`:
```yaml
proxy:
security:
insecure: true
tcpListen:
listen: 0.0.0.0
port: 65001
registryMirror:
# multiple registries support, if only mirror single registry, disable this
dynamic: true
url: https://index.docker.io
proxies:
- regx: blobs/sha256.*
```
Run dfget daemon
```shell
dfget daemon
```
## Step 2: Configure Containerd
### Option 1: Single Registry
Enable mirrors in Containerd registries configuration in
`/etc/containerd/config.toml`:
```toml
# explicitly use v2 config format, if already v2, skip the "version = 2"
version = 2
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["http://127.0.0.1:65001","https://registry-1.docker.io"]
```
In this config, there is two mirror endpoints for "docker.io",
Containerd will pull images with `http://127.0.0.1:65001` first.
If `http://127.0.0.1:65001` is not available,
the default `https://registry-1.docker.io` will be used for HA.
Enable mirrors in private Containerd registries configuration in
`/etc/containerd/config.toml`:
```toml
# explicitly use v2 config format, if already v2, skip the "version = 2"
version = 2
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["http://127.0.0.1:65001","https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."127.0.0.1:65001".auth]
username = "registry_username"
password = "registry_password"
```
In this config, registry auth configuration needs to be based on `127.0.0.1:65001`.
> More details about Containerd configuration: <https://github.com/containerd/containerd/blob/v1.5.2/docs/cri/registry.md#configure-registry-endpoint>
> Containerd has deprecated the above config from v1.4.0,
> new format for reference: <https://github.com/containerd/containerd/blob/v1.5.2/docs/cri/config.md#registry-configuration>
### Option 2: Multiple Registries
This option only supports Containerd 1.5.0+.
#### 1. Enable Containerd Registries Config Path
Enable mirrors in Containerd registries config path in
`/etc/containerd/config.toml`:
```toml
# explicitly use v2 config format, if already v2, skip the "version = 2"
version = 2
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
```
#### 2. Generate Per Registry hosts.toml
##### Option 1: Generate hosts.toml manually
Path: `/etc/containerd/certs.d/example.com/hosts.toml`
Replace `example.com` according the different registry domains.
Content:
```toml
server = "https://example.com"
[host."http://127.0.0.1:65001"]
capabilities = ["pull", "resolve"]
[host."http://127.0.0.1:65001".header]
X-Dragonfly-Registry = ["https://example.com"]
```
##### Option 2: Generate hosts.toml automatically
You can also generate hosts.toml with <https://github.com/dragonflyoss/Dragonfly2/blob/main/hack/gen-containerd-hosts.sh>
```shell
bash gen-containerd-hosts.sh example.com
```
> More details about registry configuration: <https://github.com/containerd/containerd/blob/main/docs/hosts.md#registry-configuration---examples>
## Step 3: Restart Containerd Daemon
```shell
systemctl restart containerd
```
## Step 4: Pull Image
You can pull image like this:
```shell
crictl pull docker.io/library/busybox
```
## Step 5: Validate Dragonfly
You can execute the following command to check
if the busybox image is distributed via Dragonfly.
```shell
grep 'register peer task result' /var/log/dragonfly/daemon/*.log
```
If the output of command above has content like
```shell
{
"level": "info",
"ts": "2021-02-23 20:03:20.306",
"caller": "client/client.go:83",
"msg": "register peer task result:true[200] for taskId:adf62a86f001e17037eedeaaba3393f3519b80ce,peerIp:10.15.233.91,securityDomain:,idc:,scheduler:127.0.0.1:8002",
"peerId": "10.15.233.91-65000-43096-1614081800301788000",
"errMsg": null
}
```
Reference in New Issue View Git Blame Copy Permalink