Quick start for acr-mirror

These are the following steps that are required to manually enable the mirror,

Step 1) Download binaries

Install the mirror and the overlaybd binaries,

sudo rpm -i ./acr-mirror-mariner.rpm
sudo /opt/acr/tools/overlaybd/install.sh

For Overlaybd Auth, if you're going to be using a MSI based auth flow then you'll do the following,

sudo /opt/acr/tools/overlaybd/enable-http-auth.sh

Otherwise, follow the instructions to setup file-based authn found here: https://github.com/containerd/overlaybd#credential-config

If az cli is installed or if the current environment is aks then the mirror will use MSI or the azure sdk to handle auth.

Otherwise, you can use the /login api to authenticate.

Here is an example script,

sudo systemctl start acr-mirror

You can check that it started correctly with,

journalctl -u acr-mirror

Note: This should output the port the mirror is listening on, it should also indicate if the file access provider is being used.

curl http://localhost:8578/status

Finally configure the mirror,

curl -X PUT 'http://localhost:8578/config?ns=_default&enable_suffix=azurecr.io&stream_format=overlaybd&enable_containerd=true'

or if you know the registry you want to enable the mirror for,

curl -X PUT 'http://localhost:8578/config?ns=<registry-name>.azurecr.io&stream_format=overlaybd&enable_containerd=true'

This will enable the containerd client-side hosts config so it does not require a containerd restart.

Finally, enable overlaybd services,

sudo modprobe target_core_user
sudo /opt/acr/tools/overlaybd/enable.sh

NOTE This will restart containerd

To check the status of overlaybd there are several places to check,

logs - Check the overlaybd/accelerated-container-snapshotter repos for log directories