Docker第七回(私有Registry)
1、Docker Registry的分类node
Registry用来保存docker镜像,包括镜像的层次结构和元数据,用户能够自建Registry,也能够使用官方的docker hubmysql
Sponsor Registry:第三方的Registry,供客户和docker社区使用nginx
Mirror Registry:第三方的Registry,只让客户使用git
Vendor Registry:由发布Docker镜像的供应商提供的Registrygithub
Private Registry:经过设有防火墙和额外的安全层的私有实体提供的Registry
web
2、Docker Distributionredis
docker distribution是docker为咱们提供的私有仓库软件包,它也能够运行在容器中。所以,在docker hub中有它的镜像。可是docker distribution并无web界面,不支持像docker hub同样在web中浏览、搜索镜像,更不支持利用docker file实如今docker hub中自动构建镜像。要实现这个功能,能够使用harborsql
一、docker distribution的安装方式docker
经过下载ducker hub上的docker distribution镜像来让它跑在容器中,由于容器一旦中止,数据将被删除的特性,咱们还要为它提供存储卷,利用网络文件系统来持久化仓库中的镜像数据json
yum安装,docker distribution的安装包在yum仓库的Extras中,能够直接安装
二、yum安装docker distribution
2.一、安装
[root@centos7-node2 ~]# yum info docker-distribution Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn Installed Packages Name : docker-distribution Arch : x86_64 Version : 2.6.2 Release : 2.git48294d9.el7 Size : 12 M Repo : installed From repo : extras Summary : Docker toolset to pack, ship, store, and deliver content URL : https://github.com/docker/distribution License : ASL 2.0 Description : Docker toolset to pack, ship, store, and deliver content [root@centos7-node2 ~]# yum install docker-distribution [root@centos7-node2 ~]# rpm -ql docker-distribution /etc/docker-distribution/registry/config.yml /usr/bin/registry /usr/lib/systemd/system/docker-distribution.service /usr/share/doc/docker-distribution-2.6.2 /usr/share/doc/docker-distribution-2.6.2/AUTHORS /usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md /usr/share/doc/docker-distribution-2.6.2/LICENSE /usr/share/doc/docker-distribution-2.6.2/MAINTAINERS /usr/share/doc/docker-distribution-2.6.2/README.md /var/lib/registry [root@centos7-node2 ~]# service docker-distribution start Redirecting to /bin/systemctl start docker-distribution.service [root@centos7-node2 ~]# netstat -tlunp |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 2912/registry
2.二、配置
默认配置文件便可,根据本身须要更改
[root@centos7-node2 ~]# vim /etc/docker-distribution/registry/config.yml version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000
三、制做镜像并上传到docker-distribution
3.一、制做镜像并上传
[root@bogon ~]# docker tag httpd:1.1 centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 Error response from daemon: Get https://centos7-node2.local:5000/v2/: dial tcp 192.168.31.187:5000: connect: no route to host [root@bogon ~]# vim /etc/docker/daemon.json "insecure-registries": ["centos7-node2.local:5000"] [root@bogon ~]# service docker restart Redirecting to /bin/systemctl restart docker.service [root@bogon ~]# docker push centos7-node2.local:5000/httpd:1.1 The push refers to repository [centos7-node2.local:5000/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.1: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741
# docker客户端默认使用https和Registry通讯,若是私有仓库是http协议,须要更改docker客户端配置文件
3.二、docker distribution中验证
[root@centos7-node2 ~]# ll /var/lib/registry/docker/registry/v2/repositories/httpd/_layers/sha256/ total 0 drwxr-xr-x. 2 root root 18 Nov 20 17:15 bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32 drwxr-xr-x. 2 root root 18 Nov 20 17:15 f06537d9e799fdeca094e95d56295b96359d188988b5d78353f716de5856b5b1 drwxr-xr-x. 2 root root 18 Nov 20 17:15 f9f73d801f0558b085ffa505240a065319269c4cefbe9c2e60103d58761edfa8
3.三、在docker客户端中删除刚才的镜像并从新获取
[root@bogon ~]# docker image rm centos7-node2.local:5000/httpd:1.1 Untagged: centos7-node2.local:5000/httpd:1.1 Untagged: centos7-node2.local:5000/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 1.1: Pulling from httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB
3、harbor是什么
harbor是由Google、IBM、Microsoft共同成立的CNCF(云原生计算基金会),一个专门维护k8s等项目的第三方组织。它维护的项目有k8s、prometheus等,包括刚刚加入的harbor(私有仓库服务器软件)项目。harbor如今已是一个企业级的仓库应用程序。由VMWare在docker distribution的基础上作的二次开发项目,加入了不少额外的程序,包括一个web界面。因此,咱们能够使用harbor来构建完整的本地私有仓库。
Project Harbor is an open source trusted cloud native Registry project that stores, signs, adn scans content。
Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security,identity and management
Harbor supports advanced features such as user management,access control,activity monitoring, and replication between instances
一、harbor的特性
支持多租户,一个harbor可让不少用户注册进来管理本身的仓库
支持安全、风险分析
支持审计日志
基于角色的访问控制
支持多个harbor间的replication
可扩展的api,ui图形界面
国际化的,当前支持english and chinese
二、harbor的安装
harbor官方为了简化它的安装,把harbor作成了在容器中运行的应用,因为harbor依赖于mysql、redis等不少存储系统。因此须要多个容器协同工做。所以vmware的harbor在部署和使用时须要借助docker的单机变盘工具compose
下载地址:https://github.com/goharbor/harbor/releases
安装文档:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
[root@centos7-node2 src]# wget [root@centos7-node2 src]# tar -zxvf harbor-offline-installer-v1.5.4.tgz -C /usr/local/ [root@centos7-node2 src]# cd /usr/local/harbor/ [root@centos7-node2 harbor]# sed -i 's/hostname = reg.mydomain.com/hostname = centos7-node2.local/g' ./harbor.cfg [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# yum install epel-release [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# ./install.sh ?.----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://centos7-node2.local. For more details, please visit https://github.com/vmware/harbor . [root@centos7-node2 harbor]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2ecc079867c6 vmware/nginx-photon:v1.5.4 "nginx -g 'daemon of?? 14 seconds ago Up 12 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx a1b51d6d296a vmware/harbor-jobservice:v1.5.4 "/harbor/start.sh" 14 seconds ago Up 12 seconds harbor-jobservice 0ffb3f2a442e vmware/harbor-ui:v1.5.4 "/harbor/start.sh" 16 seconds ago Up 14 seconds (health: starting) harbor-ui 1c5e3590ac25 vmware/registry-photon:v2.6.2-v1.5.4 "/entrypoint.sh serv?? 19 seconds ago Up 16 seconds (health: starting) 5000/tcp registry fd09682ac89a vmware/harbor-adminserver:v1.5.4 "/harbor/start.sh" 19 seconds ago Up 16 seconds (health: starting) harbor-adminserver 054710b41aa2 vmware/harbor-db:v1.5.4 "/usr/local/bin/dock?? 19 seconds ago Up 16 seconds (health: starting) 3306/tcp harbor-db c03daf7e3bb1 vmware/redis-photon:v1.5.4 "docker-entrypoint.s?? 19 seconds ago Up 17 seconds 6379/tcp redis b1fcf0c916a1 vmware/harbor-log:v1.5.4 "/bin/sh -c /usr/loc?? 22 seconds ago Up 18 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log [root@centos7-node2 harbor]#
harbor安装成功后会启动8个容器。
注意:因为harbor的网络是nat,因此要开启防火墙服务,不然会安装不了。
最后安装成功的web界面
三、使用harbor web界面
3.一、建立新项目
3.二、点击新建立的项目,目前尚未任何镜像
3.三、使用docker客户端制做镜像并上传
[root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker login centos7-node2.local Username: gouyacai Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.2 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.2: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.3 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.3: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.4 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.4: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741
3.四、从harbor中拉取镜像到docker客户端
[root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.2 Untagged: centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.3 Untagged: centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB centos 6.6 4e1ad2ce7f78 5 weeks ago 203MB redis 4-alpine 05097a3a0549 6 weeks ago 30MB [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.2 1.2: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.3 1.3: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.4 1.4: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.2 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.3 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.4 bbffcf779dd4 2 weeks ago 264MB
相关文章
- 1. Docker第七回(私有Registry)
- 2. Docker 私有Registry
- 3. docker容器技术之私有registry(七)
- 4. 7.docker私有registry
- 5. Docker 私有仓库 --docker-registry
- 6. docker——7、Docker私有Registry(Harbor)
- 7. Docker Registry--私有docker站
- 8. docker建立私有registry
- 9. Docker建立私有Registry
- 10. Docker搭建私有registry
- 更多相关文章...
- • Rust 所有权 - RUST 教程
- • SVN 版本回退 - SVN 教程
- • Docker容器实战(七) - 容器眼光下的文件系统
- • 算法总结-回溯法
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. python的安装和Hello,World编写
- 2. 重磅解读:K8s Cluster Autoscaler模块及对应华为云插件Deep Dive
- 3. 鸿蒙学习笔记2(永不断更)
- 4. static关键字 和构造代码块
- 5. JVM笔记
- 6. 无法启动 C/C++ 语言服务器。IntelliSense 功能将被禁用。错误: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回码状态含义
- 8. Java树形结构递归(以时间换空间)和非递归(以空间换时间)
- 9. 数据预处理---缺失值
- 10. 都要2021年了,现代C++有什么值得我们学习的?
欢迎关注本站公众号,获取更多信息
