Document how to enable docker registry mirror for dind service

Problem

With the new docker term of services there is going to be rate limits on anonymous docker pull. If the user is starting docker in docker to build docker images when you pull the base image to pull upon there is going to be rate limits which might affect users.

Current solutions

.gitlab-ci.yml

1. Update your .gitlab-ci.yml to define the --registry-mirror command

 image: docker:19.03

 variables:
   DOCKER_TLS_CERTDIR: "/certs"

 services:
   - name: docker:19.03-dind
     command: ["--registry-mirror", "https://mirror.gcr.io"]       # Specify the registry mirror here
  
 before_script:
   - echo $DOCKER_HOST
   - docker info

 build:
   stage: build
   script:
     - docker build -t my-docker-image .
     - docker run my-docker-image echo "test"

Docker config.toml

1. Create a daemon.json configuration for the docker daemon. For example inside of /tmp/daemon.json on the host, the is running docker (usually the same host that is running gitlab-runner)

   {
     "registry-mirrors": [
       "https://mirror.gcr.io"
     ]
   }

2. Update the config.toml file for the Docker executor

   [[runners]]
     name = "docker"
     url = "http://192.168.1.79:3000/"
     token = "xxx"
     executor = "docker"
     [runners.docker]
       image = "alpine:3.12"
       privileged = true
       volumes = ["/cache", "/tmp/daemon.json:/etc/docker/daemon.json", "/certs/client"]

   This is going to mount /tmp/daemon.json to /etc/docker/daemon.json to each container that gitlab-runner creates including the dind service, which will in turn use it. We can see this with docker info

Kubernetes config.toml

1. Create config map

   cat > /tmp/daemon.json << EOF
   {
     "registry-mirrors": ["https://mirror.gcr.io"]
   }
   EOF

   kubectl create configmap docker-daemon --from-file /tmp/daemon.json

2. Build a runner from !2424 (merged) and update config.toml to the following, until !2424 (merged) gets merged :

   [[runners]]
     ...
     executor = "kubernetes"
     [runners.kubernetes]
       bearer_token_overwrite_allowed = false
       image = "alpine:3.12"
       privileged = true
       [[runners.kubernetes.volumes.config_map]]
         name = "docker-daemon"
         mount_path = "/etc/docker/daemon.json"
         sub_path = "daemon.json"

Things to investigate

• In https://github.com/docker-library/docker/issues/38 the docker community is discussing ways on how to enable the registry mirror with environment variables
• A pull request that allows users to set DOCKER_OPTS as an environment variable to specify any dockerd command flag.