2.1 KiB
2.1 KiB
Using the Local Docker Registry Cache
To avoid Docker Hub rate limits, use our local registry mirror at 10.100.9.70:5000.
For Woodpecker CI (Kaniko builds)
In your .woodpecker.yml, use these Kaniko flags:
docker-build:
image: gcr.io/kaniko-project/executor:debug
commands:
- /kaniko/executor
--context=/woodpecker/src/...
--dockerfile=Dockerfile
--destination=10.100.9.70:5000/your-image:tag
--registry-mirror=10.100.9.70:5000
--insecure-registry=10.100.9.70:5000
--cache=true
--cache-repo=10.100.9.70:5000/your-image/cache
--cache-ttl=168h
Key points:
--registry-mirror=10.100.9.70:5000- Pulls base images from local cache--insecure-registry=10.100.9.70:5000- Allows HTTP (not HTTPS)--cache=true+--cache-repo=...- Caches build layers locally
Available Base Images
The local registry has these cached:
| Image | Tags |
|---|---|
node |
20-slim, 22-slim, 22-alpine, 20-alpine |
alpine |
latest |
nginx |
alpine |
bitnami/kubectl |
latest |
gcr.io/kaniko-project/executor |
debug |
Need a different image? Add it to the cache using crane:
kubectl run cache-image --rm -it --restart=Never \
--image=gcr.io/go-containerregistry/crane:latest \
-- copy docker.io/library/IMAGE:TAG 10.100.9.70:5000/library/IMAGE:TAG --insecure
DO NOT USE
--registry-mirror=mirror.gcr.ioDirect pulls from- Rate limited (100 pulls/6hr anonymous)docker.io
Checking Cached Images
List all cached images:
curl -s http://10.100.9.70:5000/v2/_catalog | jq
List tags for a specific image:
curl -s http://10.100.9.70:5000/v2/library/node/tags/list | jq
Troubleshooting
"no such host" or DNS errors
The CI runner can't reach the registry mirror. Make sure you're using 10.100.9.70:5000, not mirror.gcr.io.
"manifest unknown"
The image/tag isn't cached. Add it using the crane command above.
HTTP vs HTTPS errors
Always use --insecure-registry=10.100.9.70:5000 - the local registry uses HTTP.