Docker第七回（私有Registry）-創(chuàng)新互聯(lián)

一、Docker Registry的分類

創(chuàng)新互聯(lián)公司主營趙縣網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司,主營網(wǎng)站建設(shè)方案,app軟件開發(fā),趙縣h5成都微信小程序搭建,趙縣網(wǎng)站營銷推廣歡迎趙縣等地區(qū)企業(yè)咨詢

Registry用來保存docker鏡像，包括鏡像的層次結(jié)構(gòu)和元數(shù)據(jù)，用戶可以自建Registry，也可以使用官方的docker hub

Sponsor Registry：第三方的Registry，供客戶和docker社區(qū)使用
Mirror Registry：第三方的Registry，只讓客戶使用
Vendor Registry：由發(fā)布Docker鏡像的供應(yīng)商提供的Registry
Private Registry：通過設(shè)有防火墻和額外的安全層的私有實(shí)體提供的Registry

二、Docker Distribution

docker distribution是docker為我們提供的私有倉庫軟件包，它也可以運(yùn)行在容器中。因此，在docker hub中有它的鏡像。但是docker distribution并沒有web界面，不支持像docker hub一樣在web中瀏覽、搜索鏡像，更不支持利用docker file實(shí)現(xiàn)在docker hub中自動(dòng)構(gòu)建鏡像。要實(shí)現(xiàn)這個(gè)功能，可以使用harbor

1、docker distribution的安裝方式

通過下載ducker hub上的docker distribution鏡像來讓它跑在容器中，因?yàn)槿萜饕坏┩Ｖ?，?shù)據(jù)將被刪除的特性，我們還要為它提供存儲(chǔ)卷，利用網(wǎng)絡(luò)文件系統(tǒng)來持久化倉庫中的鏡像數(shù)據(jù)
yum安裝，docker distribution的安裝包在yum倉庫的Extras中，可以直接安裝

2、yum安裝docker distribution

2.1、安裝

[root@centos7-node2 ~]# yum info docker-distribution Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn Installed Packages Name : docker-distribution Arch : x86_64 Version : 2.6.2 Release : 2.git48294d9.el7 Size : 12 M Repo : installed From repo : extras Summary : Docker toolset to pack, ship, store, and deliver content URL : https://github.com/docker/distribution License : ASL 2.0 Description : Docker toolset to pack, ship, store, and deliver content [root@centos7-node2 ~]# yum install docker-distribution [root@centos7-node2 ~]# rpm -ql docker-distribution /etc/docker-distribution/registry/config.yml /usr/bin/registry /usr/lib/systemd/system/docker-distribution.service /usr/share/doc/docker-distribution-2.6.2 /usr/share/doc/docker-distribution-2.6.2/AUTHORS /usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md /usr/share/doc/docker-distribution-2.6.2/LICENSE /usr/share/doc/docker-distribution-2.6.2/MAINTAINERS /usr/share/doc/docker-distribution-2.6.2/README.md /var/lib/registry [root@centos7-node2 ~]# service docker-distribution start Redirecting to /bin/systemctl start docker-distribution.service [root@centos7-node2 ~]# netstat -tlunp |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 2912/registry

2.2、配置

默認(rèn)配置文件即可，根據(jù)自己需要更改

[root@centos7-node2 ~]# vim /etc/docker-distribution/registry/config.yml version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000

3、制作鏡像并上傳到docker-distribution

3.1、制作鏡像并上傳

[root@bogon ~]# docker tag httpd:1.1 centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 Error response from daemon: Get https://centos7-node2.local:5000/v2/: dial tcp 192.168.31.187:5000: connect: no route to host [root@bogon ~]# vim /etc/docker/daemon.json "insecure-registries": ["centos7-node2.local:5000"] [root@bogon ~]# service docker restart Redirecting to /bin/systemctl restart docker.service [root@bogon ~]# docker push centos7-node2.local:5000/httpd:1.1 The push refers to repository [centos7-node2.local:5000/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.1: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741

# docker客戶端默認(rèn)使用https和Registry通信，如果私有倉庫是http協(xié)議，需要更改docker客戶端配置文件

3.2、docker distribution中驗(yàn)證

[root@centos7-node2 ~]# ll /var/lib/registry/docker/registry/v2/repositories/httpd/_layers/sha256/ total 0 drwxr-xr-x. 2 root root 18 Nov 20 17:15 bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32 drwxr-xr-x. 2 root root 18 Nov 20 17:15 f06537d9e799fdeca094e95d56295b96359d188988b5d78353f716de5856b5b1 drwxr-xr-x. 2 root root 18 Nov 20 17:15 f9f73d801f0558b085ffa505240a065319269c4cefbe9c2e60103d58761edfa8

3.3、在docker客戶端中刪除剛才的鏡像并重新獲取

[root@bogon ~]# docker image rm centos7-node2.local:5000/httpd:1.1 Untagged: centos7-node2.local:5000/httpd:1.1 Untagged: centos7-node2.local:5000/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 1.1: Pulling from httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB

三、harbor是什么

harbor是由Google、IBM、Microsoft共同成立的CNCF（云原生計(jì)算基金會(huì)），一個(gè)專門維護(hù)k8s等項(xiàng)目的第三方組織。它維護(hù)的項(xiàng)目有k8s、prometheus等，包括剛剛加入的harbor（私有倉庫服務(wù)器軟件）項(xiàng)目。harbor現(xiàn)在已經(jīng)是一個(gè)企業(yè)級(jí)的倉庫應(yīng)用程序。由VMWare在docker distribution的基礎(chǔ)上做的二次開發(fā)項(xiàng)目，加入了很多額外的程序，包括一個(gè)web界面。所以，我們可以使用harbor來構(gòu)建完整的本地私有倉庫。

Project Harbor is an open source trusted cloud native Registry project that stores, signs, adn scans content。

Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security，identity and management

Harbor supports advanced features such as user management，access control，activity monitoring， and replication between instances

1、harbor的特性

支持多租戶，一個(gè)harbor可以讓很多用戶注冊(cè)進(jìn)來管理自己的倉庫
支持安全、風(fēng)險(xiǎn)分析
支持審計(jì)日志
基于角色的訪問控制
支持多個(gè)harbor間的replication
可擴(kuò)展的api，ui圖形界面
國際化的，當(dāng)前支持english and chinese

2、harbor的安裝

harbor官方為了簡(jiǎn)化它的安裝，把harbor做成了在容器中運(yùn)行的應(yīng)用，由于harbor依賴于mysql、redis等很多存儲(chǔ)系統(tǒng)。所以需要多個(gè)容器協(xié)同工作。因此vmware的harbor在部署和使用時(shí)需要借助docker的單機(jī)變盤工具compose

下載地址：https://github.com/goharbor/harbor/releases

安裝文檔：https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

[root@centos7-node2 src]# wget [root@centos7-node2 src]# tar -zxvf harbor-offline-installer-v1.5.4.tgz -C /usr/local/ [root@centos7-node2 src]# cd /usr/local/harbor/ [root@centos7-node2 harbor]# sed -i 's/hostname = reg.mydomain.com/hostname = centos7-node2.local/g' ./harbor.cfg [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# yum install epel-release [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# ./install.sh ?.----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://centos7-node2.local. For more details, please visit https://github.com/vmware/harbor . [root@centos7-node2 harbor]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2ecc079867c6 vmware/nginx-photon:v1.5.4 "nginx -g 'daemon of?? 14 seconds ago Up 12 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx a1b51d6d296a vmware/harbor-jobservice:v1.5.4 "/harbor/start.sh" 14 seconds ago Up 12 seconds harbor-jobservice 0ffb3f2a442e vmware/harbor-ui:v1.5.4 "/harbor/start.sh" 16 seconds ago Up 14 seconds (health: starting) harbor-ui 1c5e3590ac25 vmware/registry-photon:v2.6.2-v1.5.4 "/entrypoint.sh serv?? 19 seconds ago Up 16 seconds (health: starting) 5000/tcp registry fd09682ac89a vmware/harbor-adminserver:v1.5.4 "/harbor/start.sh" 19 seconds ago Up 16 seconds (health: starting) harbor-adminserver 054710b41aa2 vmware/harbor-db:v1.5.4 "/usr/local/bin/dock?? 19 seconds ago Up 16 seconds (health: starting) 3306/tcp harbor-db c03daf7e3bb1 vmware/redis-photon:v1.5.4 "docker-entrypoint.s?? 19 seconds ago Up 17 seconds 6379/tcp redis b1fcf0c916a1 vmware/harbor-log:v1.5.4 "/bin/sh -c /usr/loc?? 22 seconds ago Up 18 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log [root@centos7-node2 harbor]#

harbor安裝成功后會(huì)啟動(dòng)8個(gè)容器。

注意：由于harbor的網(wǎng)絡(luò)是nat，所以要開啟防火墻服務(wù)，否則會(huì)安裝不了。

最后安裝成功的web界面

Docker第七回（私有Registry）

3、使用harbor web界面

3.1、創(chuàng)建新項(xiàng)目

Docker第七回（私有Registry）

3.2、點(diǎn)擊新創(chuàng)建的項(xiàng)目，目前還沒有任何鏡像

Docker第七回（私有Registry）

3.3、使用docker客戶端制作鏡像并上傳

[root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker login centos7-node2.local Username: gouyacai Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.2 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.2: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.3 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.3: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.4 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.4: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741

Docker第七回（私有Registry）

3.4、從harbor中拉取鏡像到docker客戶端

[root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.2 Untagged: centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.3 Untagged: centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB centos 6.6 4e1ad2ce7f78 5 weeks ago 203MB redis 4-alpine 05097a3a0549 6 weeks ago 30MB [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.2 1.2: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.3 1.3: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.4 1.4: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.2 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.3 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.4 bbffcf779dd4 2 weeks ago 264MB

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

文章題目：Docker第七回（私有Registry）-創(chuàng)新互聯(lián)
分享地址：http://muchs.cn/article40/cdddho.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供App設(shè)計(jì)、響應(yīng)式網(wǎng)站、商城網(wǎng)站、全網(wǎng)營銷推廣、Google、用戶體驗(yàn)

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內(nèi)容