Since docker.com has limited access to container images there it is necessary to mirror container images locally and pull them with an account for more than personal use of a few images. That is especially true for maintaining or restoring a K8s cluster as this will exhaust the free contingent fast.

This has the benefit of using the 10GB link, for example 10.3.6.58:

Config file /etc/docker/registry/config.yaml

version: 0.1
http:
  secret: <some string>
  addr: 0.0.0.0:5000
  debug:
    addr: :5001
    prometheus:
      enabled: false
      path: /metrics
  headers:
    X-Content-Type-Options:
    - nosniff
proxy:
  remoteurl: https://registry-1.docker.io
  username: <docker hub account>
  password: <access token>
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
log:
  fields:
    service: registry
storage:
  filesystem:
    rootdirectory: /var/lib/registry
  cache:
    blobdescriptor: inmemory
  delete:
    enabled: true

Launch:

sudo podman run -d -p 10.6.16.58:5000:5000 \
 -v /var/lib/registry:/var/lib/registry \
 -v /etc/docker/registry/config.yml:/etc/docker/registry/config.yml \
 --name docker-registry-proxy \
 --log-driver journald registry:2.8

Restart with systemd (/etc/systemd/system/docker-registry-proxy.service):

[Unit]
Description=DockerHub Registry Proxy Server
 
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start -a docker-registry-proxy
ExecStop=/usr/bin/podman stop -t 10 docker-registry-proxy
 
[Install]
WantedBy=multi-user.target