雲端計算 之 Docker--Docker 應用實戰案例--基於 registry 搭建私有倉庫
Docker 應用實戰案例--基於 registry 搭建私有倉庫
前言
本環境是基於 Centos 7.8 系統構建Docker-19.03.13環境
具體構建,請參考 構建Docker-19.03.13
docker 倉庫,可以分為,私有倉庫和公有倉庫,但是,對於企業而言,考慮到網路傳輸質量、流量頻寬的開銷以及資料安全儲存的需求,往往使用公司內部自己搭建的私有倉庫,作為docker的映象存放的倉庫,接下來,我們介紹,基於registry搭建私有倉庫
分類
- Sponsor Registry:第三方的registry,供客戶和docker社群使用;
- mirror Registry:第三方的registry,只讓客戶使用;如docker cn和阿里雲的映象加速器;
- vendor Registry:服務商的registry,由釋出docker映象的供應商提供的registry;如紅帽提供的專有的,收費提供;
- private Registry:通過設有防火牆和額外的安全層的私有實體提供的registry;自建的registry,在本地搭建registry,節省頻寬
環境準備
- 2臺部署有docker的Linux主機,具體配置,參考構建Docker-19.03.13 章節
- 2臺主機名分別:servera.wan.host 、serverb.wan.host,
其中servera 是映象源倉庫Server,serverb是映象源Client- 配置有hosts域名解析
一、搭建基於http協議的私有倉庫
servera
拉取registry映象
[root@servera ~]# docker pull registry
[root@servera ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 2d4f4b5309b1 4 months ago 26.2MB
執行 registry
[root@servera ~]# docker run -d --name registry_server -p 5000:5000 -v /data/registry:/var/lib/registry registry
a14df3d75467f1fffda6b2c5197cd2c98f3bd73f7c0a21170a77f24995779968
[root@servera ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a14df3d75467 registry "/entrypoint.sh /etc…" 9 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp registry_server
[root@servera ~]# netstat -lnutp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 44473/docker-proxy
serverb
修改docker服務配置檔案,將servera新增到docker安全倉庫列表
[root@serverb ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"],
"insecure-registries": ["servera:5000"]
}
[root@serverb ~]# systemctl restart docker
打標籤,提前準備一個需要上傳的映象
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f0b02e9d092d 3 weeks ago 1.23MB
[root@serverb ~]# docker tag busybox:latest servera.wan.host:5000/busybox:v1
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f0b02e9d092d 3 weeks ago 1.23MB
servera.wan.host:5000/busybox v1 f0b02e9d092d 3 weeks ago 1.23MB
上傳映象
[root@serverb ~]# docker push servera.wan.host:5000/busybox:v1
The push refers to repository [servera.wan.host:5000/busybox]
d2421964bad1: Pushed
v1: digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc size: 527
servera檢視映象
[root@servera ~]# ll /data/registry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Nov 6 17:02 busybox
測試–serverb
刪除本地映象,拉取,映象,並執行
[root@serverb ~]# docker rmi busybox:latest servera.wan.host:5000/busybox:v1
Untagged: busybox:latest
Untagged: busybox@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Untagged: servera.wan.host:5000/busybox:v1
Untagged: servera.wan.host:5000/busybox@sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc
Deleted: sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f
Deleted: sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675
[root@serverb ~]# docker pull servera.wan.host:5000/busybox:v1
v1: Pulling from busybox
9758c28807f2: Pull complete
Digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc
Status: Downloaded newer image for servera.wan.host:5000/busybox:v1
servera.wan.host:5000/busybox:v1
[root@serverb ~]# docker run --rm -it --name busybox_test servera.wan.host:5000/busybox:v1 /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # exit
二、搭建基於https協議的私有倉庫
主機名、hosts協議,已經配置,此處不在演示
servera
倉庫 server 生成公私祕鑰
[root@servera mnt]# mkdir -p /opt/certs
[root@servera mnt]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout /opt/certs/domain.key \
> -x509 -days 36500 -out /opt/certs/domain.crt
Generating a 4096 bit RSA private key
..............++
...........................................................................++
writing new private key to '/opt/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SHAN`XI
Locality Name (eg, city) [Default City]:XI`AN
Organization Name (eg, company) [Default Company Ltd]:SCHOLL
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:servera.wan.host
Email Address []:wan@123.com
[root@servera mnt]# ll /opt/certs/
total 8
-rw-r--r-- 1 root root 2098 Nov 6 17:12 domain.crt
-rw-r--r-- 1 root root 3268 Nov 6 17:12 domain.key
啟動docker registry
映象資料儲存到本地:/mnt/registry
倉庫公私鑰檔案儲存到本地:/opt/certs
[root@servera mnt]# docker run -d \
> --restart=always \
> --name registry \
> -v /opt/certs:/certs \
> -v /mnt/registry:/var/lib/registry \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
> -p 443:443 \
> registry
4503a20f9b1f4cf3bdad8fbaf4cff417765ef3fee624f0fb40503c6ede422d10
[root@servera mnt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4503a20f9b1f registry "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:443->443/tcp, 5000/tcp registry
7d6eaa8aac44 registry "/entrypoint.sh /etc…" 15 minutes ago Up 15 minutes 0.0.0.0:5000->5000/tcp registry_server
[root@servera mnt]#
serverb
拷貝證書檔案到serverb
[root@serverb ~]# mkdir /etc/docker/certs.d/servera.wan.host -p
[root@serverb ~]# scp servera:/opt/certs/domain.crt /etc/docker/certs.d/servera.wan.host/ca.crt
The authenticity of host 'servera (192.168.5.11)' can't be established.
ECDSA key fingerprint is SHA256:8KoAXpPVTPc8T4wS2TQoTrAcVmbrZUqiI0UQ4L56zCQ.
ECDSA key fingerprint is MD5:48:a8:5d:58:f3:a7:c6:9b:b8:11:1a:1c:09:a8:55:04.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'servera,192.168.5.11' (ECDSA) to the list of known hosts.
root@servera's password:
domain.crt 100% 2098 2.3MB/s 00:00
[root@serverb ~]# ll /etc/docker/certs.d/servera.wan.host/
total 8
-rw-r--r--. 1 root root 2098 Nov 6 17:21 ca.crt
打標籤,提前準備一個需要上傳的映象
注:docker registry 預設為https 此處可以省略443埠
[root@serverb ~]# docker tag busybox:latest servera.wan.host/busybox:v0.1
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f0b02e9d092d 3 weeks ago 1.23MB
servera.wan.host/busybox v0.1 f0b02e9d092d 3 weeks ago 1.23MB
servera.wan.host:5000/busybox v1 f0b02e9d092d 3 weeks ago 1.23MB
上傳映象
[root@serverb ~]# docker push servera.wan.host/busybox:v0.1
The push refers to repository [servera.wan.host/busybox]
d2421964bad1: Pushed
v0.1: digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc size: 527
servera檢視映象
[root@servera ~]# ll /mnt/registry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Nov 6 17:24 busybox
測試–serverb
刪除本地映象,拉取,映象,並執行
[root@serverb ~]# docker rmi servera.wan.host/busybox:v0.1 servera.wan.host:5000/busybox:v1 busybox:latest
[root@serverb ~]# docker pull servera.wan.host/busybox:v0.1
v0.1: Pulling from busybox
9758c28807f2: Pull complete
Digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc
Status: Downloaded newer image for servera.wan.host/busybox:v0.1
servera.wan.host/busybox:v0.1
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
servera.wan.host/busybox v0.1 f0b02e9d092d 3 weeks ago 1.23MB
[root@serverb ~]# docker run --rm -d --name buxybox_test servera.wan.host/busybox:v0.1 /bin/sh
729e88416b9d8371619ef0c11f2963d462b10d18360c53c8000bd400b7bb437b
[root@serverb ~]# docker run --rm -it --name buxybox_test servera.wan.host/busybox:v0.1 /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # exit
三、使用 UI 介面管理docker倉庫
拉取並執行 registry-web
[root@servera ~]# docker run -d -p 8080:8080 --name registry-web \
> --link registry \
> -e REGISTRY_URL=https://registry/v2 \
> -e REGISTRY_TRUST_ANY_SSL=true \
> -e REGISTRY_NAME=localhost \
> hyper/docker-registry-web
Unable to find image 'hyper/docker-registry-web:latest' locally
latest: Pulling from hyper/docker-registry-web
04c996abc244: Pull complete
d394d3da86fe: Pull complete
bac77aae22d4: Pull complete
b48b86b78e97: Pull complete
09b3dd842bf5: Pull complete
69f4c5394729: Pull complete
b012980650e9: Pull complete
7c7921c6fda1: Pull complete
e20331c175ea: Pull complete
40d5e82892a5: Pull complete
a414fa9c865a: Pull complete
0304ae3409f3: Pull complete
13effc1a664f: Pull complete
e5628d0e6f8c: Pull complete
0b0e130a3a52: Pull complete
d0c73ab65cd2: Pull complete
240c0b145309: Pull complete
f1fd6f874e5e: Pull complete
40b5e021928e: Pull complete
88a8c7267fbc: Pull complete
f9371a03010e: Pull complete
Digest: sha256:723ffa29aed2c51417d8bd32ac93a1cd0e7ef857a0099c1e1d7593c09f7910ae
Status: Downloaded newer image for hyper/docker-registry-web:latest
6959b212f3244f185b8606c91884795b4c916f0af3edef98c479b259995f024
瀏覽器登入:
http://192.168.5.11:8080/
拷貝公鑰
[root@servera ~]# mkdir /etc/docker/certs.d/servera.wan.host -p
[root@servera ~]# cp /opt/certs/domain.crt /etc/docker/certs.d/servera.wan.host/ca.crt
嘗試打包,上傳映象
[root@servera ~]# docker push servera.wan.host/docker-registry-web:v1
The push refers to repository [servera.wan.host/docker-registry-web]
8779b4998d0c: Pushed
9eb22ef427e2: Pushed
64d1c65ea33e: Pushed
d6c3b0e63834: Pushed
1315f14832fa: Pushed
d16096ccf0bb: Pushed
463a4bd8f8c1: Pushed
be44224e76b9: Pushed
d96a8038b794: Pushed
f469fc28e82e: Pushed
8418a42306ef: Pushed
03457c5158e2: Pushed
7ef05f1204ee: Pushed
f7049feabf0b: Pushed
5ee52271b8b7: Pushed
8b1153b14d3a: Pushed
367b9c52c931: Pushed
3567b2f05514: Pushed
292a66992f77: Pushed
641fcd2417bc: Pushed
78ff13900d61: Pushed
v1: digest: sha256:2c4f88572e1626792d3ceba6a5ee3ea99f1c3baee2a0e8aad56f0e7c3a6bf481 size: 4695
瀏覽器檢視:
進一步檢視docker-registry-web映象
檢視docker-registry-web映象的分成資訊
相關文章
- Docker倉庫之Registry私有映象倉庫的搭建與使用Docker
- Docker搭建私有倉庫Registry&HarborDocker
- Docker registry私有倉庫(七)Docker
- Docker搭建官方私有倉庫registry及相關配置(推薦registry)Docker
- 版本控制系統之基於httpd搭建私有git倉庫httpdGit
- docker學習及專案應用實戰(五搭建自己的私有倉庫)Docker
- 用Docker搭建cnpm私有倉庫以及私有倉庫的使用DockerNPM
- Docker基礎-搭建本地私有倉庫Docker
- docker-registry 私有倉庫映象 之 檢視與刪除Docker
- Docker容器學習梳理 - 私有倉庫Registry使用Docker
- 基於verdaccio的npm私有倉庫搭建和使用總結NPM
- docker 私有倉庫搭建Docker
- docker搭建私有倉庫Docker
- Docker官方私有倉庫registry的安裝和使用Docker
- NPM 私有倉庫的搭建NPM
- Docker搭建Harbor私有倉庫Docker
- Docker搭建私有映象倉庫Docker
- gitlab私有倉庫搭建Gitlab
- 搭建python私有倉庫Python
- Docker Hub 倉庫使用,及搭建 Docker RegistryDocker
- 8天入門docker系列 —— 第六天 搭建自己的私有映象倉庫RegistryDocker
- Jenkins之Nexus搭建Maven私有倉庫教程JenkinsMaven
- 使用verdaccio搭建私有npm倉庫NPM
- 搭建私有的Composer倉庫
- 使用verdaccio 搭建npm私有倉庫NPM
- [gitlab]搭建私有github倉庫GitlabGithub
- 智慧化生產應用搭建的實戰案例
- 基於 git 打造簡易的 npm 私有倉庫GitNPM
- 使用 SVN 搭建 Composer 私有倉庫
- Docker入門-搭建docker私有倉庫Docker
- docker使用容器搭建本地私有倉庫Docker
- Docker-------私有倉庫 Harbor 的搭建Docker
- 使用 docker + verdaccio 搭建npm私有倉庫DockerNPM
- Linux搭建私有軟體倉庫Linux
- AI實戰分享 | 基於CANN的輔助駕駛應用案例AI
- 搭建npm私有映象倉庫,天下苦於npm build久矣NPMUI
- 雲端計算-從基礎到應用架構系列-雲端計算的演進應用架構
- 私有云基礎架構設計:儲存、網路、計算、安全和應用的設計最佳實踐及案例架構