[caasp-beta] Litte question ?

Flavio Castelli fcastelli at suse.com
Fri May 25 02:51:37 MDT 2018

Starting with v3 we introduced support for Docker registry mirrors.

The problem it solves:

  * You are deploying container images from a remote registry (eg:
Docker Hub, gcr, Quay, corporate private registry from a different geo,...).
  * You don't want all your nodes to waste time and bandwidth pulling
the same image over and over again.

The only solution available so far:

  * Setup a local registry
  * Pull the images from the remote registry, retag them, push them to
the local registry: "docker pull redis; docker tag redis
registry.local/redis; docker push registry.local/redis"
  * Change all the scripts, Dockerfile(s), Kubernetes manifests to
reference "registry.local/redis" instead of "redis".

What is now possible:

  * Setup a local registry, configure that to act as a mirror of Docker
Hub/gcr/Quay/... (we will provide documentation about that).
  * Go to the SUSE CaaS Platform UI / settings / registries.
  * Make SUSE CaaS Platform aware that hub-mirror.local is a mirror of
the Docker Hub(just using the Docker Hub as an example here).
  * Deploy your images without making changes to scripts/kubernetes

What happens behind the scene:

  * The docker/daemon.json is configured by us to make the docker
open-source engine aware of the hub-mirror.local <-> Docker Hub
  * Images hosted on the Docker Hub will be pulled from the local mirror.
  * The local mirror acts as a pull through cache: images are pulled
only when they are not yet cached or a stale.
  * The nodes only reach the upstream registry (the Docker Hub in this
case) if the local registry mirror is unreachable.

This can be used also to implement air-gapped deployments of SUSE CaaS
Platform. We will provide documentation about that too.

This can be useful if your company has a central registry and wants to
have different mirrors of it closer to branch offices (each
region/office can have its own registry mirror).

How is that done:

  * The docker distribution daemon (aka docker registry) has always been
capable of mirroring upstream registries.
  * The docker open-source engine has a long standing limitation: it can
be configured to pull images from a local mirror, but that can only be a
mirror of the Docker Hub. It won't work with local mirrors of registries
like gcr, Quay or your corporate registry.

We provided a patch that extends the docker open-source engine to
address this limitation [1]. The patch is being discussed upstream, it
will be certainly merged into the docker open-source engine.

In the meantime the docker open-source engine shipped with SUSE CaaS
Platform already has this patch applied.

As for the configuration you have seen into the docker daemon.json. This
is a spurious entry for the SUSE registry. This line doesn't have any
impact on the behaviour of the docker open-source engine because no
local mirror of the SUSE registry has been configured.

BTW, the SUSE registry is already being used to distribute container
images of our products like the SUSE Cloud Application Platform.

To prevent further confusion: we are NOT preventing pulls from the
Docker Hub or other registries; eg: "docker pull redis" will keep
pulling the Redis image from the dockerhub unless you configure a local
mirror of it.

I hope that helps.


[1] https://github.com/moby/moby/pull/34319

On 05/24/2018 11:33 AM, Le Bihan Stéphane (AMUNDI-ITS)  wrote:
> Hi all,
> ·         I see this option in /etc/docker/daemon.json :
> "registries": [
>     {
>       "Prefix": "https://registry.suse.com"
>     }
>   ],
> But I don’t find who is it ? Can you explain me ?
> ·         I install cluster with CAASP v3 beta 1, all server as register
> in SMT, and registration code for beta is registered on SCC.
> But it’s seems patch in Suse CAASP v3 beta 2 DVD is not available on SMT.
> For update nodes of cluster, I must use DVD on it ?
> Regards,
> cid:89B49E07-4580-47BA-A59D-B0A59F32E6C5
> *
> **Stéphane Le Bihan*
> 90, Boulevard Pasteur - 75015 Paris
> *Web: www.amundi.com*
> Tel: +33 1 76 32 32 08
> Tel Unix Team: +33 1 76 32 02 30
> @: stephane.lebihan at amundi.com <mailto:stephane.lebihan at amundi.com>
> @: sits.unix at amundi.com <mailto:sits.unix at amundi.com>
> /Visit us on: /
> / /
> twitter <https://twitter.com/Amundi_ENG>  linkedin
> <https://www.linkedin.com/company/amundi->  facebook
> <https://www.facebook.com/AmundiOfficial/>  Sans titre-1
> <https://www.instagram.com/myamundi/>  youtube
> <https://www.youtube.com/user/AmundiGroup>//
> _______________________________________________
> caasp-beta mailing list
> caasp-beta at lists.suse.com
> http://lists.suse.com/mailman/listinfo/caasp-beta

More information about the caasp-beta mailing list