harden pull-through cache: intercept errors, reduce lock timeout, add healthz
- Add proxy_intercept_errors + error_page for 502/503/504 on blob locations to prevent caching truncated upstream responses (root cause of repeated ImagePullBackOff across services) - Reduce proxy_cache_lock_timeout from 15m to 5m — fail fast, let containerd retry instead of all concurrent pulls waiting on a failed first download - Add proxy_cache_valid any 0 — never cache error responses - Add /healthz endpoints on Docker Hub and GHCR servers - Add draintimeout and proxy.ttl to registry proxy configs
This commit is contained in:
Viktor Barzin
parent
1639910043
commit
3f0ecda737
3 changed files with 40 additions and 4 deletions
|
|
@ -19,6 +19,7 @@ storage:
|
|||
enabled: false
|
||||
http:
|
||||
addr: :5000
|
||||
draintimeout: 60s
|
||||
headers:
|
||||
X-Content-Type-Options: [nosniff]
|
||||
debug:
|
||||
|
|
@ -37,3 +38,4 @@ proxy:
|
|||
remoteurl: https://registry-1.docker.io
|
||||
username: vbarzin@gmail.com
|
||||
password: ${password}
|
||||
ttl: 168h
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue