andyzhangx
commented
4 years ago gcr.io is not accessible in China, you should set up a proxy outside of China first, and then set up a second layer proxy in China to connect to that layer one proxy.
Closed jecnua closed 4 years ago
andyzhangx
commented
4 years ago gcr.io is not accessible in China, you should set up a proxy outside of China first, and then set up a second layer proxy in China to connect to that layer one proxy.
jecnua
commented
4 years ago Hi @andyzhangx thanks for the reply.
Sorry but I don't understand. At the moment I have a proxy in europe.
This works (quay): k8s china ----> europe proxy ---> quay.io
However this doesn't (gcr): k8s china ----> europe proxy ---> gcr.io
You are telling me to do this: k8s china ----> china proxy ---> europe proxy ---> gcr.io
Is the problem going to be solved by having just one more hop?
andyzhangx
commented
4 years ago This path should work: k8s china ----> europe proxy ---> gcr.io
Below are the image I used in my proxy(docker proxy cache):
sudo docker run -d -p port:port --restart=always --name registry-proxy-gcr \
-v /opt/certs:/certs \
-v /opt/docker-registry-proxy-config/config-gcr.yml:/etc/docker/registry/config.yml \
andyzhangx/registry:v2.7.0-nottlversion: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :port
secret: asecretforproduction
headers:
X-Content-Type-Options: [nosniff]
compatibility:
schema1:
enabled: true
proxy:
remoteurl: https://gcr.ioThank you @andyzhangx :) I finally got it working thanks to your explanation. It was incredibly helpful.
This is an INFO issue.
I am interested in how the gcr.azk8s.cn endpoint was implemented. We were trying to create our own proxy for grc.io images in CHINA but we hit an issue with the authentication step. k8s just try to get a token to access public images and the url (https://gcr.io/v2/token) is obviously not accessible.
The same proxy however works with quay.io images, so the issue is only related to gcr.io. When checking the manifest of a container I can see that your endpoint is replying differently.
I know that you are busy but I would appreciate any nudge in the right direction on how did you solve this issue. Thank you for any time and help you can give me..
Regards.