K8s:搭建镜像加速:修订间差异

来自WHY42
←上一编辑下一编辑→
可视化wikitext
Riguz留言 | 贡献
行政员、​界面管理员、​管理员
1,298次编辑
Riguz留言 | 贡献
行政员、​界面管理员、​管理员
1,298次编辑
第86行: 第86行:
</IfModule>
</IfModule>
</pre>
</pre>
= k3s 使用代理 =
/etc/rancher/k3s/registries.yaml(没有的话自行创建)
<syntaxhighlight lang="yaml">
mirrors:
  gcr.io:
    endpoint:
      - "https://registry.riguz.com/v2"
configs:
  "registry.riguz.com":
    auth:
      username: xxx
      password: xxxxx
</syntaxhighlight>
<syntaxhighlight lang="bash">
sudo systemctl restart k3s.service
sudo systemctl restart k3s-agent.service
</syntaxhighlight>

2021年11月10日 (三) 02:04的版本

生成证书

建一个空的网站,指向registry.riguz.com,然后更新证书: 

sudo certbot --apache

安装Docker

sudo apt-get install     ca-certificates     curl     gnupg     lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

启动镜像

htpasswd -Bbn user xxxxxxxxx> auth/htpasswd

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl : https://gcr.io

docker run -d -p 5000:443 \
    --restart always \
    --name registry  \
    -v /etc/letsencrypt/archive/riguz.com:/certs \
    -v "$(pwd)"/auth:/auth \
    -v "$(pwd)"/config.yml:/etc/docker/registry/config.yml \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain3.pem \
    -e REGISTRY_HTTP_TLS_KEY=/certs/privkey3.pem \
    registry:latest

apache 代理

sudo a2enmod proxy
sudo a2enmod proxy_http

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName registry.riguz.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/registry

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPreserveHost On

        SSLProxyEngine on
        ProxyPass / https://127.0.0.1:5000/
        ProxyPassReverse / https://127.0.0.1:5000/
</VirtualHost>
</IfModule>

k3s 使用代理

/etc/rancher/k3s/registries.yaml(没有的话自行创建) 

mirrors:
  gcr.io:
    endpoint:
      - "https://registry.riguz.com/v2"
configs:
  "registry.riguz.com":
    auth:
      username: xxx
      password: xxxxx

sudo systemctl restart k3s.service
sudo systemctl restart k3s-agent.service
检索自“https://riguz.com/index.php?title=K8s:搭建镜像加速&oldid=2977