Create multiplie container registry cache proxies using docker distribution in registry mirror mode

create-container-registry-proxies.sh

#!/bin/bash
set -eu

# Listen address for all docker.io/registry instances
listen_address=0.0.0.0
# Listen port for the first container
# all subsequent ports for containers will be incremented by one
listen_port_first=5000
insecure=true

# Array with a list of proxied container registries
registries=(
  "docker.io=registry-1.docker.io"
  "quay.io"
  "gcr.io"
  "k8s.gcr.io"
  "ghcr.io"
  "mcr.microsoft.com"
  "registry.gitlab.com"
)

work_dir="$(dirname "$(readlink -f "$0")")"
data_dir="$work_dir/containers-registry-proxy"

# Get container engine binary
if command -v podman &>/dev/null; then
  cre=podman
elif command -v docker &>/dev/null; then
  cre=docker
else
  >&2 printf '\n%s\n' 'Podman or Docker not installed!'
  exit 1
fi

>&2 printf '\n%s\n\n' \
  'Add this lines to /etc/containers/registries.conf config:'

printf '%s\n' 'unqualified-search-registries = ['
printf '  "%s",\n' "${registries[@]}" | sed 's/=.*",/",/'
printf '%s\n\n' ']'

# Start Redis
mkdir -p "$data_dir/redis-data"
$cre run --rm --detach --quiet --name registry-cache-redis \
  --publish 6379:6379 \
  --volume "$data_dir/redis-data:/data" \
  docker.io/redis:6 redis-server --appendonly yes >/dev/null

# Start Distribution's
for i in ${registries[@]}; do
  : "${port:=$listen_port_first}"
  registry="${i/=*/}"
  registry_url="${i/*=/}"

  mkdir -p "$data_dir/$registry"

  $cre run --rm --detach --quiet --name "registry-cache-$registry" \
    --publish $port:5000 \
    --env REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
    --env REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/cache \
    --env REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=redis \
    --env REGISTRY_PROXY_REMOTEURL=https://$registry_url \
    --env REGISTRY_REDIS_ADDR=$(hostname -I | cut -d' ' -f1):6379 \
    --env REGISTRY_LOG_LEVEL=debug \
    --volume "$data_dir/$registry":/cache \
    docker.io/registry:2 >/dev/null

  cat <<EOF
[[registry]]
prefix = "$registry"
location = "$registry"
[[registry.mirror]]
prefix = "$registry"
location = "$listen_address:$port"
insecure = $insecure

EOF

  port=$((port+1))

done

>&2 printf '\n%s\n' 'Done.'

Config /etc/containers/registries.conf

unqualified-search-registries = [
  "docker.io",
  "quay.io",
  "gcr.io",
  "k8s.gcr.io",
  "ghcr.io",
  "mcr.microsoft.com",
  "registry.gitlab.com",
]

[[registry]]
prefix = "docker.io"
location = "docker.io"
[[registry.mirror]]
prefix = "docker.io"
location = "0.0.0.0:5000"
insecure = true

[[registry]]
prefix = "quay.io"
location = "quay.io"
[[registry.mirror]]
prefix = "quay.io"
location = "0.0.0.0:5001"
insecure = true

[[registry]]
prefix = "gcr.io"
location = "gcr.io"
[[registry.mirror]]
prefix = "gcr.io"
location = "0.0.0.0:5002"
insecure = true

[[registry]]
prefix = "k8s.gcr.io"
location = "k8s.gcr.io"
[[registry.mirror]]
prefix = "k8s.gcr.io"
location = "0.0.0.0:5003"
insecure = true

[[registry]]
prefix = "ghcr.io"
location = "ghcr.io"
[[registry.mirror]]
prefix = "ghcr.io"
location = "0.0.0.0:5004"
insecure = true

[[registry]]
prefix = "mcr.microsoft.com"
location = "mcr.microsoft.com"
[[registry.mirror]]
prefix = "mcr.microsoft.com"
location = "0.0.0.0:5005"
insecure = true

[[registry]]
prefix = "registry.gitlab.com"
location = "registry.gitlab.com"
[[registry.mirror]]
prefix = "registry.gitlab.com"
location = "0.0.0.0:5006"
insecure = true

Line 28 copy/paste bug:
elif command -v podman &>/dev/null; then
fix it:
elif command -v docker &>/dev/null; then

@magf, oh thanks, fixed it

А конфиг /etc/containers/registries.conf никуда пробрасывать не надо? А то у меня как-то не работает.

P.S. Запускаю внутри docker 20.10.17, build 100c701.

Thanks @WoozyMasta! This helped automate redeployments of our pull-through cache mirrors. I also adapted to work with alpine / posix shell if anyone is interested.