Document how to enable docker registry mirror for dind service
Problem
With the new docker term of services there is going to be rate limits on anonymous docker pull
. If the user is starting docker in docker to build docker images when you pull the base image to pull upon there is going to be rate limits which might affect users.
Current solutions
.gitlab-ci.yml
- Update your
.gitlab-ci.yml
to define the--registry-mirror
command
image: docker:19.03
variables:
DOCKER_TLS_CERTDIR: "/certs"
services:
- name: docker:19.03-dind
command: ["--registry-mirror", "https://mirror.gcr.io"] # Specify the registry mirror here
before_script:
- echo $DOCKER_HOST
- docker info
build:
stage: build
script:
- docker build -t my-docker-image .
- docker run my-docker-image echo "test"
config.toml
Docker -
Create a
daemon.json
configuration for the docker daemon. For example inside of/tmp/daemon.json
on the host, the is runningdocker
(usually the same host that is runninggitlab-runner
){ "registry-mirrors": [ "https://mirror.gcr.io" ] }
-
Update the
config.toml
file for the Docker executor[[runners]] name = "docker" url = "http://192.168.1.79:3000/" token = "xxx" executor = "docker" [runners.docker] image = "alpine:3.12" privileged = true volumes = ["/cache", "/tmp/daemon.json:/etc/docker/daemon.json", "/certs/client"]
This is going to mount
/tmp/daemon.json
to/etc/docker/daemon.json
to each container thatgitlab-runner
creates including thedind
service, which will in turn use it. We can see this withdocker info
config.toml
Kubernetes -
Create config map
cat > /tmp/daemon.json << EOF { "registry-mirrors": ["https://mirror.gcr.io"] } EOF
kubectl create configmap docker-daemon --from-file /tmp/daemon.json
-
Build a runner from !2424 (merged) and update
config.toml
to the following, until !2424 (merged) gets merged :[[runners]] ... executor = "kubernetes" [runners.kubernetes] bearer_token_overwrite_allowed = false image = "alpine:3.12" privileged = true [[runners.kubernetes.volumes.config_map]] name = "docker-daemon" mount_path = "/etc/docker/daemon.json" sub_path = "daemon.json"
Things to investigate
- In https://github.com/docker-library/docker/issues/38 the docker community is discussing ways on how to enable the registry mirror with environment variables
- A pull request that allows users to set
DOCKER_OPTS
as an environment variable to specify anydockerd
command flag.