[Ci-users] local caching for docker images

Tue Jan 17 18:20:26 UTC 2017
Fabian Arrotin <arrfab at centos.org>

On 17/01/17 19:11, Karanbir Singh wrote:
> On 17/01/17 15:00, Fabian Arrotin wrote:
>> On 13/01/17 22:25, Karanbir Singh wrote:
>>> hi,
>>>
>>> the docker-distribution package can act as a smart proxy for docker
>>> registries; and having a local cache inside the ci infra would help
>>> speed up a lot of the jobs I am working with at the moment there.
>>>
>>> Do we have the space to host a cache of this nature ? I'd think a 15 to
>>> 20 GB of space is all we need.
>>>
>>> Could we then have dns inside the ci infra use this cache for the
>>> dockerhub urls ?
>>>
>>> Any objections to getting this in ?
>>>
>>> regards
>>>
>>
>> I'd say it's oable, and we already "override" some DNS records
>> internally to redirect to internal node/mirror in the same network
>> (known example : mirrorlist.centos.org)
>>
>> But the only question I have is about the dockerhub urls : are those
>> using tcp/443 and so TLS ? if so, that will not work as we can't
>> impersonate such server (and thanks to TLS btw). If they are only using
>> plain tcp/80 or tcp/5000 , that should work
>>
> 
> I think the docker-proxy actually handles this case, is it possible to
> test once ?
> 

We can, but that I meant was that it will not be transparent as it it
would get it from dockerhub : if one adds the internal "proxy" as
"insecure" registry, itself being the docker-distribution proxy that
will fetch from "upstream dockerhub" then it will work (afaik). Let me
test this


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20170117/c6faed37/attachment-0005.sig>