Chemmy's Blog

chengming0916@gmail.com

0%

国内常用源镜像地址

发表于 更新于 分类于 Valine:

Linux 源

清华 https://mirrors.tuna.tsinghua.edu.cn

阿里 http://mirrors.aliyun.com

腾讯 https://mirrors.tencent.com

华为 https://mirrors.huaweicloud.com

中国科技大学 https://mirrors.ustc.edu.cn

华中科技大学 http://mirror.hust.edu.cn

Docker 镜像仓库

DockerHub(docker.io)

网易 http://hub-mirror.c.163.com

中国科技大学 https://docker.mirrors.ustc.edu.cn (不可用)

道客 https://docker.m.daocloud.cn (参考官方文档)

腾讯 https://mirror.ccs.tencentyun.com

华为 https://mirror.swr.myhuaweicloud.com

阿里云 https://registry.cn-hangzhou.aliyuncs.com

[^注]: 阿里可申请私有加速,需注册账号,注册后地址修改为 https://{私有ID}.mirror.aliyuncs.com。详细信息参考官方文档

谷歌镜像仓库(gcr.io k8s.gcr.io)

阿里 https://registry.aliyuncs.com/google_containers

中科大 https://gcr.mirrors.ustc.edu.cn (2022.8之后不再更新镜像,校外访问返回403)

华为 https://mirror.swr.myhuaweicloud.com

道客 https://m.daocloud.io/k8s.gcr.io 文档

CoreOS镜像仓库(quay.io )

道客 https://m.daocloud.io/quay.io 参考支持镜像列表

Github镜像仓库(ghcr.io )

道客 https://m.daocloud.io/ghcr.io 参考支持镜像列表

Helm 源

ArtifactHub https://artifacthub.io/

华为 https://mirrors.huaweicloud.com/helm/

bitnami https://charts.bitnami.com/bitnami

Google https://gcr.io/kubernetes-helm

容器配置

Docker(/etc/docker/daemon.json )

1
2
3
4
5
6
7
8
9
10
11
{

  "registry-mirrors": [
      "https://registry.docker-cn.com",
      "https://docker.mirrors.ustc.edu.cn",
      "http://hub-mirror.c.163.com"
  ],
    "insecure-registries": [],
    "exec-opts":["native.cgroupdriver=systemd"]

}

Containerd(/etc/containerd/config.toml)

1
2
3
4
5
6
7
8

[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = ["https://quay.tencentcloudcr.com"]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://mirror.ccs.tencentyun.com"]

K3s中Containerd容器(/var/lib/rancher/k3s/agent/etc/containerd/config.toml)

K3s 默认的 containerd 配置文件目录为/var/lib/rancher/k3s/agent/etc/containerd/config.toml,但直接操作 containerd 的配置文件去设置镜像仓库或加速器相比于操作 docker 要复杂许多。K3s 为了简化配置 containerd 镜像仓库的复杂度,K3s 会在启动时检查/etc/rancher/k3s/中是否存在 文件,如果存在该文件,就会根据 registries.yaml 的内容转换为 containerd 的配置并存储到/var/lib/rancher/k3s/agent/etc/containerd/config.toml,从而降低了配置 containerd 镜像仓库的复杂度。

1
2
3
4
5
6
7
8
9
10
11
mirrors:
  "172.31.6.200:5000":
    endpoint:
      - "http://172.31.6.200:5000"
  "rancher.ksd.top:5000":
    endpoint:
      - "http://172.31.6.200:5000"
  "docker.io":
    endpoint:
      - "https://fogjl973.mirror.aliyuncs.com"
      - "https://registry-1.docker.io"

containerd 与 docker 都有默认仓库,并且都为 docker.io。如果配置中未指定 mirror 为 docker.io,重启 containerd 后会自动加载 docker.io 配置。与 docker 不同的是,containerd 可以修改 docker.io 对应的 endpoint( 默认为 https://registry-1.docker.io ),而 docker 无法修改。

docker 中可以通过 registry-mirrors 设置镜像加速地址。如果 pull 的镜像不带仓库地址(项目名+镜像名:tag),则会从默认镜像仓库去拉取镜像。如果配置了镜像加速地址,会先访问镜像加速仓库,如果没有返回数据,再访问默认吧镜像仓库。

k3s完整配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
mirrors:
  "192.168.50.119":
    endpoint:
      - "http://192.168.50.119"
  "docker.io":
    endpoint:
      - "https://7bezldxe.mirror.aliyuncs.com"
      - "https://registry-1.docker.io"
configs:
  "192.168.50.119":
    auth:
      username: '' # this is the registry username
      password: '' # this is the registry password
    tls:
      cert_file: '' # path to the cert file used in the registry
      key_file: '' # path to the key file used in the registry
      ca_file: '' # path to the ca file used in the registry
  "docker.io":
    auth:
      username: '' # this is the registry username
      password: '' # this is the registry password
    tls:
      cert_file: '' # path to the cert file used in the registry
      key_file: '' # path to the key file used in the registry
      ca_file: '' # path to the ca file used in the registry

镜像转换

1
2
3
4
5
6
7
8
9
10
11
12
13
14

#gcr.io
docker pull gcr.io/kubernetes-helm/tiller:v2.16.1
docker pull gcr.mirrors.ustc.edu.cn/kubernetes-helm/tiller:v2.16.1

#k8s.gcr.io
#docker pull k8s.gcr.io/kube-proxy:v1.15.5
docker pull gcr.mirrors.ustc.edu.cn/google-containers/kube-proxy:v1.15.5

#quay.io
docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
docker pull quay.mirrors.ustc.edu.cn/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1


转换为gcr.io镜像

1
2
3
docker pull registry.aliyuncs.com/google_containers/coredns:1.6.5
docker tag registry.aliyuncs.com/google_containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5
docker rmi registry.aliyuncs.com/google_containers/coredns:1.6.5

K8S批量下载docker images

1
kubeadm config images list
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

#!/bin/bash
images=(  # 下面的镜像应该去除"k8s.gcr.io/"的前缀,版本换成上面获取到的版本
    kube-apiserver:v1.12.1
    kube-controller-manager:v1.12.1
    kube-scheduler:v1.12.1
    kube-proxy:v1.12.1
    pause:3.1
    etcd:3.2.24
    coredns:1.2.2
)

for imageName in ${images[@]} ; do
    docker pull registry.aliyuncs.com/google_containers/$imageName
    docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
    docker rmi registry.aliyuncs.com/google_containers/$imageName
done

更新版

1
2
3
4
5
6
7
8
9
10
11

#!/bin/bash
url=registry.aliyuncs.com
version=v1.16.4
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
  docker pull $url/$imagename
  docker tag $url/$imagename k8s.gcr.io/$imagename
  docker rmi -f $url/$imagename
done

或(V1.3以上)

1
2
kubeadm init --image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.13.0 --pod-network-cidr 192.168.1.100/24