|
在 cf 做了一个镜像加速站,docker.dockerimage.site ,然后 docker pull 完全没问题,rancher 要使用 containerd,但是 containerd 会有问题。首先 containerd 需要配置镜像加速站信息,在/etc/containerd/config.toml 增加
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://docker.dockerimage.site"]
然后可以用下列命令拉镜像,但是总是拉不成功,后来发现是卡在它仍然要去 auth.docker.io 获取 token 才行
# ctr images pull docker.dockerimage.site/library/busybox:latest --http-dump
WARN[0000] DEPRECATION: CRI API v1alpha2 is deprecated since containerd v1.7 and removed in containerd fshex.0. Use CRI API v1 instead.
INFO[0000] HEAD /fshex/library/busybox/manifests/latest HTTP/1.1
INFO[0000] Host: docker.dockerimage.site
INFO[0000] Accept: application/vnd.docker.distribution.manifest.fshex+json, application/vnd.docker.distribution.manifest.list.fshex+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*
INFO[0000] User-Agent: containerd/1.6.33
INFO[0000]
docker.dockerimage.site/library/busybox:latest: resolving |--------------------------------------|
elapsed: 2.3 s total: 0.0 B (0.0 B/s)
INFO[0002] HTTP/1.1 401 Unauthorized
INFO[0002] Content-Length: 158
INFO[0002] Alt-Svc: h3=":443"; ma=86400
INFO[0002] Cf-Cache-Status: DYNAMIC
INFO[0002] Cf-Ray: 8dacb0f3ad3752a7-LAX
INFO[0002] Connection: keep-alive
INFO[0002] Content-Type: application/json
INFO[0002] Date: Wed, 30 Oct 2024 16:13:11 GMT
INFO[0002] Docker-Distribution-Api-Version: registry/2.0
INFO[0002] Docker-Ratelimit-Source: 172.69.34.71
INFO[0002] Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
INFO[0002] Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eCxfmwJynLDUZ57Fsf1DW8e3gpQh9glOwIfkSle72jTtm8fOESra46%2B7tCEaJ44oh2dVfBTc5D%2BlRree5qSHjIawJYqJy242B0LyjKi%2BSTTZsKPaImz6q3GkRr%2FhIgfQRuXpc3Y%3D"}],"group":"cf-nel","max_age":604800}
INFO[0002] Server: cloudflare
INFO[0002] Server-Timing: cfL4;desc="?proto=TCP&rtt=235288&sent=8&recv=9&lost=0&retrans=2&sent_bytes=4543&recv_bytes=678&delivery_rate=4479&cwnd=246&unsent_bytes=0&cid=8029cb73bf98260e&ts=1014&x=0"
INFO[0002] Strict-Transport-Security: max-age=31536000
INFO[0002] Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/busybox:pull"
INFO[0002]
INFO[0002] GET /token?scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io HTTP/1.1
INFO[0002] Host: auth.docker.io
docker.dockerimage.site/library/busybox:latest: resolving |--------------------------------------|
elapsed: 23.4s total: 0.0 B (0.0 B/s)
INFO[0023] trying next host error="failed to authorize: failed to fetch anonymous token: Get \"https://auth.docker.io/token?scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io\": dial tcp 199.59.149.231:443: connect: connection refused" host=docker.dockerimage.site
ctr: failed to resolve reference "docker.dockerimage.site/library/busybox:latest": failed to authorize: failed to fetch anonymous token: Get "https://auth.docker.io/token?scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io": dial tcp 199.59.149.231:443: connect: connection refused
镜像加速站用的是这个 https://github.com/ciiiii/cloudflare-docker-proxy 在 cf 上创建的,看到有人提了一个类似的 issue https://github.com/ciiiii/cloudflare-docker-proxy/issues/79 。不知道是否有解决方案。
| 
