# Using the Local Docker Registry Cache To avoid Docker Hub rate limits, use our local registry mirror at `10.100.9.70:5000`. ## For Woodpecker CI (Kaniko builds) In your `.woodpecker.yml`, use these Kaniko flags: ```yaml docker-build: image: gcr.io/kaniko-project/executor:debug commands: - /kaniko/executor --context=/woodpecker/src/... --dockerfile=Dockerfile --destination=10.100.9.70:5000/your-image:tag --registry-mirror=10.100.9.70:5000 --insecure-registry=10.100.9.70:5000 --cache=true --cache-repo=10.100.9.70:5000/your-image/cache --cache-ttl=168h ``` **Key points:** - `--registry-mirror=10.100.9.70:5000` - Pulls base images from local cache - `--insecure-registry=10.100.9.70:5000` - Allows HTTP (not HTTPS) - `--cache=true` + `--cache-repo=...` - Caches build layers locally ## Available Base Images The local registry has these cached: | Image | Tags | |-------|------| | `node` | `20-slim`, `22-slim`, `22-alpine`, `20-alpine` | | `alpine` | `latest` | | `nginx` | `alpine` | | `bitnami/kubectl` | `latest` | | `gcr.io/kaniko-project/executor` | `debug` | Need a different image? Add it to the cache using crane: ```bash kubectl run cache-image --rm -it --restart=Never \ --image=gcr.io/go-containerregistry/crane:latest \ -- copy docker.io/library/IMAGE:TAG 10.100.9.70:5000/library/IMAGE:TAG --insecure ``` ## DO NOT USE - ~~`--registry-mirror=mirror.gcr.io`~~ - Rate limited by Docker Hub - ~~Direct pulls from `docker.io`~~ - Rate limited (100 pulls/6hr anonymous) ## Checking Cached Images List all cached images: ```bash curl -s http://10.100.9.70:5000/v2/_catalog | jq ``` List tags for a specific image: ```bash curl -s http://10.100.9.70:5000/v2/library/node/tags/list | jq ``` ## Troubleshooting ### "no such host" or DNS errors The CI runner can't reach the registry mirror. Make sure you're using `10.100.9.70:5000`, not `mirror.gcr.io`. ### "manifest unknown" The image/tag isn't cached. Add it using the crane command above. ### HTTP vs HTTPS errors Always use `--insecure-registry=10.100.9.70:5000` - the local registry uses HTTP.