倉庫,顧名思義,就是存放東西的地方,Docker倉庫,理所固然,就是存放docker鏡像的地方了。
Docker倉庫分公有倉庫和私有倉庫。共有倉庫有hub.docker.com、gcr.io、k8s.gcr.io等,通常經常使用開源應用程序的官方鏡像都存放於共有倉庫,可是鑑於這些倉庫都在國外,下載速度比較慢。尤爲k8s相關的鏡像。
私有倉庫通常是公司內部自行搭建,用於存放內部構建的docker鏡像,部署服務時從私有倉庫下載,分發速度快。nginx
Docker 官方提供了一個搭建私有倉庫的鏡像 registry ,只需把鏡像下載下來,運行容器並暴露5000端口,就可使用了。這裏不作詳細介紹。
###harbor
一個用於存儲docker鏡像的企業級Registry服務。相比較於原生的Regisrty來講,它具備不少的優點。git
PS:由於鏡像倉庫屬於基礎服務,建議使用單獨的服務器部署。github
一、下載離線安裝包redis
# wget https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.0.2.tgz
二、解壓並根據需求自行修改harbor.yml配置文件,這裏直接是用默認docker
# tar -zxf harbor-offline-installer-v2.0.2.tgz # cd harbor/ # mv harbor.yml.tmpl harbor.yml
三、執行安裝命令
這裏使用默認安裝,感興趣的能夠安裝更多Notary, Clair, or Chart Repository Service等服務。使用./install.sh --with-notary --with-clair --with-chartmuseum
json
./install.sh Note: docker version: 19.03.12 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.26.2 [Step 2]: loading Harbor images ... Loaded image: goharbor/prepare:v2.0.2 Loaded image: goharbor/harbor-jobservice:v2.0.2 Loaded image: goharbor/harbor-registryctl:v2.0.2 Loaded image: goharbor/registry-photon:v2.0.2 Loaded image: goharbor/harbor-core:v2.0.2 Loaded image: goharbor/notary-signer-photon:v2.0.2 Loaded image: goharbor/clair-photon:v2.0.2 Loaded image: goharbor/trivy-adapter-photon:v2.0.2 Loaded image: goharbor/harbor-log:v2.0.2 Loaded image: goharbor/nginx-photon:v2.0.2 Loaded image: goharbor/clair-adapter-photon:v2.0.2 Loaded image: goharbor/chartmuseum-photon:v2.0.2 Loaded image: goharbor/harbor-portal:v2.0.2 Loaded image: goharbor/harbor-db:v2.0.2 Loaded image: goharbor/redis-photon:v2.0.2 Loaded image: goharbor/notary-server-photon:v2.0.2 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /opt/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-portal ... done Creating registry ... done Creating registryctl ... done Creating redis ... done Creating harbor-db ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done ----Harbor has been installed and started successfully.----
查看下運行了哪些服務?vim
docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8d746c430f3e goharbor/harbor-jobservice:v2.0.2 "/harbor/entrypoint." 4 minutes ago Up 4 minutes (healthy) harbor-jobservice 388f24831ec9 goharbor/nginx-photon:v2.0.2 "nginx -g 'daemon of" 4 minutes ago Up 4 minutes (healthy) 0.0.0.0:80->8080/tcp nginx 15bc12fd3826 goharbor/harbor-core:v2.0.2 "/harbor/entrypoint." 4 minutes ago Up 4 minutes (healthy) harbor-core bb48e39130e5 goharbor/harbor-db:v2.0.2 "/docker-entrypoint." 4 minutes ago Up 4 minutes (healthy) 5432/tcp harbor-db 1bcd0ffcae82 goharbor/harbor-registryctl:v2.0.2 "/home/harbor/start." 4 minutes ago Up 4 minutes (healthy) registryctl 8ef9f3d3a668 goharbor/redis-photon:v2.0.2 "redis-server /etc/r" 4 minutes ago Up 4 minutes (healthy) 6379/tcp redis e05d4d845f3f goharbor/harbor-portal:v2.0.2 "nginx -g 'daemon of" 4 minutes ago Up 4 minutes (healthy) 8080/tcp harbor-portal c5fcd2369931 goharbor/registry-photon:v2.0.2 "/home/harbor/entryp" 4 minutes ago Up 4 minutes (healthy) 5000/tcp registry 61e69b171b33 goharbor/harbor-log:v2.0.2 "/bin/sh -c /usr/loc" 4 minutes ago Up 4 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
從輸出信息能夠看出,安裝不服務組件仍是挺多的,能夠參考架構圖。
至此,harbor安裝好了,如今來測試下往這個倉庫上傳鏡像、從這個私有倉庫下載鏡像安全
首先登錄私有倉庫bash
docker login 10.26.27.106 Username: admin Password: Error response from daemon: Get https://10.26.27.106/v2/: dial tcp 10.26.27.106:443: connect: connection refused
發現,登錄失敗,由於這裏倉庫沒有配置https,docker默認只容許登錄https的服務,http認爲是不安全的。
如今咱們來修改docker的配置,容許docker登錄不安全的倉庫
vim /etc/docker/daemon.json,添加"insecure-registries":["10.26.27.106"]
服務器
{ "registry-mirrors": ["https://ci7pm4nx.mirror.aliyuncs.com","https://registry.docker-cn.com","http://hub-mirror.c.163.com"], "insecure-registries":["10.26.27.106"] }
再次登錄
# systemctl restart docker # docker login http://10.26.27.106 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
如今看到,已經登錄成功了,讓咱們從公有倉庫下載一個鏡像,而後傳到私有倉庫中
docker pull busybox Using default tag: latest latest: Pulling from library/busybox df8698476c65: Pull complete Digest: sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a Status: Downloaded newer image for busybox:latest docker.io/library/busybox:latest
使用tag個給剛纔下載的busybox鏡像打標籤,改成10.26.27.106/library/busybox:latest
# docker tag busybox:latest 10.26.27.106/library/busybox:latest # docker push 10.26.27.106/library/busybox:latest The push refers to repository [10.26.27.106/library/busybox] be8b8b42328a: Pushed latest: digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 size: 527
能夠看到,已經上傳成功。
首先咱們刪除因此的busybox鏡像
docker images|grep busybox 10.26.27.106/libary/busybox latest 6858809bf669 4 days ago 1.23MB 10.26.27.106/library/busybox latest 6858809bf669 4 days ago 1.23MB busybox latest 6858809bf669 4 days ago 1.23MB
docker rmi busybox 10.26.27.106/library/busybox 10.26.27.106/libary/busybox Untagged: busybox:latest Untagged: busybox@sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a Untagged: 10.26.27.106/library/busybox:latest Untagged: 10.26.27.106/library/busybox@sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 Untagged: 10.26.27.106/libary/busybox:latest Deleted: sha256:6858809bf669cc5da7cb6af83d0fae838284d12e1be0182f92f6bd96559873e3 Deleted: sha256:be8b8b42328a15af9dd6af4cba85821aad30adde28d249d1ea03c74690530d1c
下載鏡像
docker pull 10.26.27.106/library/busybox Using default tag: latest latest: Pulling from library/busybox df8698476c65: Pull complete Digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 Status: Downloaded newer image for 10.26.27.106/library/busybox:latest 10.26.27.106/library/busybox:latest
能夠看到,下載成功,收工¥#@¥#@¥@
注:文中圖片來源於網絡,若有侵權,請聯繫我及時刪除。