Quick note on adding mirror registry to Aliyun Kubernetes Container Services (ACK)
Briefly

Due to the Great Firewall issues, pulling Docker images from docker.io in mainland China often requires using mirror registries. Working within the constraints of an Aliyun Kubernetes cluster running containerd (version 1.2x), and without SSH access, the solution lies in adjusting the containerd configuration. By creating a hosts.toml under /etc/containerd/certs.d/docker.io, one can mirror docker.io images without changing Kubernetes configuration files, maintaining consistency across environments. Note that after creating the hosts.toml, the path in config.toml reflects the addition of cert.d without an 's', which may be a point of confusion.
The process of configuring a mirror for Docker images in China involves editing the containerd configuration and creating a hosts.toml file with the appropriate settings.
Using a mirror registry allows Kubernetes clusters in mainland China to pull images without directly interacting with Docker Hub, thus mitigating issues from the Great Firewall.
Maintaining separate configuration files for different environments is not preferable; therefore, the focus is on adding a mirror to the existing setup without extensive changes.
Issues arise from the lack of direct SSH to the cluster machine, making CLI tools essential for maintaining Kubernetes settings within the constraints of the GFW.
Read at Medium
[
|
]