Docker第七回(私有Registry)

時間  2019-11-18
標籤 docker 第七 私有 registry 欄目 Docker 简体版
原文   原文鏈接

1、Docker Registry的分類node

Registry用來保存docker鏡像,包括鏡像的層次結構和元數據,用戶能夠自建Registry,也能夠使用官方的docker hubmysql

  • Sponsor Registry:第三方的Registry,供客戶和docker社區使用nginx

  • Mirror Registry:第三方的Registry,只讓客戶使用git

  • Vendor Registry:由發佈Docker鏡像的供應商提供的Registrygithub

  • Private Registry:經過設有防火牆和額外的安全層的私有實體提供的Registryweb

 

2、Docker Distributionredis

docker distribution是docker爲咱們提供的私有倉庫軟件包,它也能夠運行在容器中。所以,在docker hub中有它的鏡像。可是docker  distribution並無web界面,不支持像docker hub同樣在web中瀏覽、搜索鏡像,更不支持利用docker file實如今docker hub中自動構建鏡像。要實現這個功能,能夠使用harborsql

 

一、docker distribution的安裝方式docker

  • 經過下載ducker hub上的docker distribution鏡像來讓它跑在容器中,由於容器一旦中止,數據將被刪除的特性,咱們還要爲它提供存儲卷,利用網絡文件系統來持久化倉庫中的鏡像數據json

  • yum安裝,docker distribution的安裝包在yum倉庫的Extras中,能夠直接安裝

     

 

二、yum安裝docker distribution

2.一、安裝

[root@centos7-node2 ~]# yum info docker-distribution Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn Installed Packages Name : docker-distribution Arch : x86_64 Version : 2.6.2 Release : 2.git48294d9.el7 Size : 12 M Repo : installed From repo : extras Summary : Docker toolset to pack, ship, store, and deliver content URL : https://github.com/docker/distribution License : ASL 2.0 Description : Docker toolset to pack, ship, store, and deliver content [root@centos7-node2 ~]# yum install docker-distribution [root@centos7-node2 ~]# rpm -ql docker-distribution /etc/docker-distribution/registry/config.yml /usr/bin/registry /usr/lib/systemd/system/docker-distribution.service /usr/share/doc/docker-distribution-2.6.2 /usr/share/doc/docker-distribution-2.6.2/AUTHORS /usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md /usr/share/doc/docker-distribution-2.6.2/LICENSE /usr/share/doc/docker-distribution-2.6.2/MAINTAINERS /usr/share/doc/docker-distribution-2.6.2/README.md /var/lib/registry [root@centos7-node2 ~]# service docker-distribution start Redirecting to /bin/systemctl start docker-distribution.service [root@centos7-node2 ~]# netstat -tlunp |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 2912/registry
 

2.二、配置

默認配置文件便可,根據本身須要更改

[root@centos7-node2 ~]# vim /etc/docker-distribution/registry/config.yml version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000
 

 

三、製做鏡像並上傳到docker-distribution

3.一、製做鏡像並上傳

[root@bogon ~]# docker tag httpd:1.1 centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 Error response from daemon: Get https://centos7-node2.local:5000/v2/: dial tcp 192.168.31.187:5000: connect: no route to host [root@bogon ~]# vim /etc/docker/daemon.json "insecure-registries": ["centos7-node2.local:5000"] [root@bogon ~]# service docker restart Redirecting to /bin/systemctl restart docker.service [root@bogon ~]# docker push centos7-node2.local:5000/httpd:1.1 The push refers to repository [centos7-node2.local:5000/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.1: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741
 

# docker客戶端默認使用https和Registry通訊,若是私有倉庫是http協議,須要更改docker客戶端配置文件

3.二、docker distribution中驗證

[root@centos7-node2 ~]# ll /var/lib/registry/docker/registry/v2/repositories/httpd/_layers/sha256/ total 0 drwxr-xr-x. 2 root root 18 Nov 20 17:15 bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32 drwxr-xr-x. 2 root root 18 Nov 20 17:15 f06537d9e799fdeca094e95d56295b96359d188988b5d78353f716de5856b5b1 drwxr-xr-x. 2 root root 18 Nov 20 17:15 f9f73d801f0558b085ffa505240a065319269c4cefbe9c2e60103d58761edfa8
 

3.三、在docker客戶端中刪除剛纔的鏡像並從新獲取

[root@bogon ~]# docker image rm centos7-node2.local:5000/httpd:1.1 Untagged: centos7-node2.local:5000/httpd:1.1 Untagged: centos7-node2.local:5000/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 1.1: Pulling from httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB
 

 

3、harbor是什麼

harbor是由Google、IBM、Microsoft共同成立的CNCF(雲原生計算基金會),一個專門維護k8s等項目的第三方組織。它維護的項目有k8s、prometheus等,包括剛剛加入的harbor(私有倉庫服務器軟件)項目。harbor如今已是一個企業級的倉庫應用程序。由VMWare在docker distribution的基礎上作的二次開發項目,加入了不少額外的程序,包括一個web界面。因此,咱們能夠使用harbor來構建完整的本地私有倉庫。

Project Harbor is an open source trusted cloud native Registry project that stores, signs, adn scans content。

Harbor extends the open source Docker Distribution by adding the functionalities  usually required by users such as security,identity and management

Harbor supports advanced features such as user management,access control,activity monitoring, and replication  between instances

 

一、harbor的特性

  • 支持多租戶,一個harbor可讓不少用戶註冊進來管理本身的倉庫

  • 支持安全、風險分析

  •  支持審計日誌

  • 基於角色的訪問控制

  • 支持多個harbor間的replication

  • 可擴展的api,ui圖形界面

  • 國際化的,當前支持english and chinese

 

二、harbor的安裝

harbor官方爲了簡化它的安裝,把harbor作成了在容器中運行的應用,因爲harbor依賴於mysql、redis等不少存儲系統。因此須要多個容器協同工做。所以vmware的harbor在部署和使用時須要藉助docker的單機變盤工具compose

下載地址:https://github.com/goharbor/harbor/releases

安裝文檔:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

 

[root@centos7-node2 src]# wget [root@centos7-node2 src]# tar -zxvf harbor-offline-installer-v1.5.4.tgz -C /usr/local/ [root@centos7-node2 src]# cd /usr/local/harbor/ [root@centos7-node2 harbor]# sed -i 's/hostname = reg.mydomain.com/hostname = centos7-node2.local/g' ./harbor.cfg [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# yum install epel-release [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# ./install.sh ?.----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://centos7-node2.local. For more details, please visit https://github.com/vmware/harbor . [root@centos7-node2 harbor]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2ecc079867c6 vmware/nginx-photon:v1.5.4 "nginx -g 'daemon of?? 14 seconds ago Up 12 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx a1b51d6d296a vmware/harbor-jobservice:v1.5.4 "/harbor/start.sh" 14 seconds ago Up 12 seconds harbor-jobservice 0ffb3f2a442e vmware/harbor-ui:v1.5.4 "/harbor/start.sh" 16 seconds ago Up 14 seconds (health: starting) harbor-ui 1c5e3590ac25 vmware/registry-photon:v2.6.2-v1.5.4 "/entrypoint.sh serv?? 19 seconds ago Up 16 seconds (health: starting) 5000/tcp registry fd09682ac89a vmware/harbor-adminserver:v1.5.4 "/harbor/start.sh" 19 seconds ago Up 16 seconds (health: starting) harbor-adminserver 054710b41aa2 vmware/harbor-db:v1.5.4 "/usr/local/bin/dock?? 19 seconds ago Up 16 seconds (health: starting) 3306/tcp harbor-db c03daf7e3bb1 vmware/redis-photon:v1.5.4 "docker-entrypoint.s?? 19 seconds ago Up 17 seconds 6379/tcp redis b1fcf0c916a1 vmware/harbor-log:v1.5.4 "/bin/sh -c /usr/loc?? 22 seconds ago Up 18 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log [root@centos7-node2 harbor]#
 

harbor安裝成功後會啓動8個容器。

注意:因爲harbor的網絡是nat,因此要開啓防火牆服務,不然會安裝不了。

最後安裝成功的web界面

image.png

 

三、使用harbor web界面

3.一、建立新項目

image.png

 

3.二、點擊新建立的項目,目前尚未任何鏡像

image.png

 

3.三、使用docker客戶端製做鏡像並上傳

[root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker login centos7-node2.local Username: gouyacai Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.2 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.2: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.3 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.3: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.4 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.4: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741
 

image.png

 

3.四、從harbor中拉取鏡像到docker客戶端

[root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.2 Untagged: centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.3 Untagged: centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB centos 6.6 4e1ad2ce7f78 5 weeks ago 203MB redis 4-alpine 05097a3a0549 6 weeks ago 30MB [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.2 1.2: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.3 1.3: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.4 1.4: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.2 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.3 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.4 bbffcf779dd4 2 weeks ago 264MB
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程