Linux 源清华 https://mirrors.tuna.tsinghua.edu.cn
阿里 http://mirrors.aliyun.com
腾讯 https://mirrors.tencent.com
华为 https://mirrors.huaweicloud.com
中国科技大学 https://mirrors.ustc.edu.cn
华中科技大学 http://mirror.hust.edu.cn
Docker 镜像仓库DockerHub(docker.io)网易 http://hub-mirror.c.163.com
中国科技大学 https://docker.mirrors.ustc.edu.cn (不可用)
道客 https://docker.m.daocloud.cn (参考官方文档)
腾讯 https://mirror.ccs.tencentyun.com
华为 https://mirror.swr.myhuaweicloud.com
阿里云 https://registry.cn-hangzhou.aliyuncs.com
[^注]: 阿里可申请私有加速,需注册账号,注册后地址修改为 https://{私有ID}.mirror.aliyuncs.com。详细信息参考官方文档
谷歌镜像仓库(gcr.io k8s.gcr.io)阿里 https://registry.aliyuncs.com/google_containers
中科大 https://gcr.mirrors.ustc.edu.cn (2022.8之后不再更新镜像,校外访问返回403)
华为 https://mirror.swr.myhuaweicloud.com
道客 https://m.daocloud.io/k8s.gcr.io 文档
CoreOS镜像仓库(quay.io )道客 https://m.daocloud.io/quay.io 参考支持镜像列表
Github镜像仓库(ghcr.io )道客 https://m.daocloud.io/ghcr.io 参考支持镜像列表
Helm 源ArtifactHub https://artifacthub.io/
华为 https://mirrors.huaweicloud.com/helm/
bitnami https://charts.bitnami.com/bitnami
Google https://gcr.io/kubernetes-helm
容器配置Docker(/etc/docker/daemon.json )
1234567891011{ "registry-mirrors": [ "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn", "http://hub-mirror.c.163.com" ], "insecure-registries": [], "exec-opts":["native.cgroupdriver=systemd"]}
Containerd(/etc/containerd/config.toml)
12345678[plugins.cri.registry][plugins.cri.registry.mirrors][plugins.cri.registry.mirrors."quay.io"]endpoint = ["https://quay.tencentcloudcr.com"][plugins.cri.registry.mirrors."docker.io"]endpoint = ["https://mirror.ccs.tencentyun.com"]
K3s中Containerd容器(/var/lib/rancher/k3s/agent/etc/containerd/config.toml)
K3s 默认的 containerd 配置文件目录为/var/lib/rancher/k3s/agent/etc/containerd/config.toml,但直接操作 containerd 的配置文件去设置镜像仓库或加速器相比于操作 docker 要复杂许多。K3s 为了简化配置 containerd 镜像仓库的复杂度,K3s 会在启动时检查/etc/rancher/k3s/中是否存在 文件,如果存在该文件,就会根据 registries.yaml 的内容转换为 containerd 的配置并存储到/var/lib/rancher/k3s/agent/etc/containerd/config.toml,从而降低了配置 containerd 镜像仓库的复杂度。
1234567891011mirrors: "172.31.6.200:5000": endpoint: - "http://172.31.6.200:5000" "rancher.ksd.top:5000": endpoint: - "http://172.31.6.200:5000" "docker.io": endpoint: - "https://fogjl973.mirror.aliyuncs.com" - "https://registry-1.docker.io"
containerd 与 docker 都有默认仓库,并且都为 docker.io。如果配置中未指定 mirror 为 docker.io,重启 containerd 后会自动加载 docker.io 配置。与 docker 不同的是,containerd 可以修改 docker.io 对应的 endpoint( 默认为 https://registry-1.docker.io ),而 docker 无法修改。
docker 中可以通过 registry-mirrors 设置镜像加速地址。如果 pull 的镜像不带仓库地址(项目名+镜像名:tag),则会从默认镜像仓库去拉取镜像。如果配置了镜像加速地址,会先访问镜像加速仓库,如果没有返回数据,再访问默认吧镜像仓库。
k3s完整配置文件
12345678910111213141516171819202122232425mirrors: "192.168.50.119": endpoint: - "http://192.168.50.119" "docker.io": endpoint: - "https://7bezldxe.mirror.aliyuncs.com" - "https://registry-1.docker.io"configs: "192.168.50.119": auth: username: '' # this is the registry username password: '' # this is the registry password tls: cert_file: '' # path to the cert file used in the registry key_file: '' # path to the key file used in the registry ca_file: '' # path to the ca file used in the registry "docker.io": auth: username: '' # this is the registry username password: '' # this is the registry password tls: cert_file: '' # path to the cert file used in the registry key_file: '' # path to the key file used in the registry ca_file: '' # path to the ca file used in the registry
镜像转换
1234567891011121314#gcr.iodocker pull gcr.io/kubernetes-helm/tiller:v2.16.1docker pull gcr.mirrors.ustc.edu.cn/kubernetes-helm/tiller:v2.16.1#k8s.gcr.io#docker pull k8s.gcr.io/kube-proxy:v1.15.5docker pull gcr.mirrors.ustc.edu.cn/google-containers/kube-proxy:v1.15.5#quay.iodocker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1docker pull quay.mirrors.ustc.edu.cn/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
转换为gcr.io镜像
123docker pull registry.aliyuncs.com/google_containers/coredns:1.6.5docker tag registry.aliyuncs.com/google_containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5docker rmi registry.aliyuncs.com/google_containers/coredns:1.6.5
K8S批量下载docker images
1kubeadm config images list
123456789101112131415161718#!/bin/bashimages=( # 下面的镜像应该去除"k8s.gcr.io/"的前缀,版本换成上面获取到的版本 kube-apiserver:v1.12.1 kube-controller-manager:v1.12.1 kube-scheduler:v1.12.1 kube-proxy:v1.12.1 pause:3.1 etcd:3.2.24 coredns:1.2.2)for imageName in ${images[@]} ; do docker pull registry.aliyuncs.com/google_containers/$imageName docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName docker rmi registry.aliyuncs.com/google_containers/$imageNamedone
更新版
1234567891011#!/bin/bashurl=registry.aliyuncs.comversion=v1.16.4images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)for imagename in ${images[@]} ; do docker pull $url/$imagename docker tag $url/$imagename k8s.gcr.io/$imagename docker rmi -f $url/$imagenamedone
或(V1.3以上)
12kubeadm init --image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.13.0 --pod-network-cidr 192.168.1.100/24