热门标签
热门文章
- 1程序员必修课--sql思维举重训练
- 2数据库慢sql日志监控等_druid.stat.slowsqlmillis
- 3webview最全面详解(一)了解官方文档
- 4Node.js安装和配置初体验
- 5Hibernate:Caused by: java.lang.ClassNotFoundException: oracle.sql.BLOB
- 6C语言二叉树详解
- 7【云上探索实验室】快速入门AI 编程助手 Amazon CodeWhisperer ——码上学堂领学员招募_亚马逊云科技云上探索实验室
- 8Git-TortoiseGit完整配置流程_tortoisegit 配置流程
- 9推荐一款可私有部署的企业知识分享与团队协同软件_私有化部署 团队协同
- 10GPT1:Improving Language Understanding by Generative Pre-Training
当前位置: article > 正文
云计算 之 Docker--Docker 应用实战案例--基于 registry 搭建私有仓库_docker 使用案例
作者:AllinToyou | 2024-05-13 19:20:48
赞
踩
docker 使用案例
Docker 应用实战案例--基于 registry 搭建私有仓库
前言
本环境是基于 Centos 7.8 系统构建Docker-19.03.13环境
具体构建,请参考 构建Docker-19.03.13
docker 仓库,可以分为,私有仓库和公有仓库,但是,对于企业而言,考虑到网络传输质量、流量带宽的开销以及数据安全存储的需求,往往使用公司内部自己搭建的私有仓库,作为docker的镜像存放的仓库,接下来,我们介绍,基于registry搭建私有仓库
分类
- Sponsor Registry:第三方的registry,供客户和docker社区使用;
- mirror Registry:第三方的registry,只让客户使用;如docker cn和阿里云的镜像加速器;
- vendor Registry:服务商的registry,由发布docker镜像的供应商提供的registry;如红帽提供的专有的,收费提供;
- private Registry:通过设有防火墙和额外的安全层的私有实体提供的registry;自建的registry,在本地搭建registry,节省带宽
环境准备
- 2台部署有docker的Linux主机,具体配置,参考构建Docker-19.03.13 章节
- 2台主机名分别:servera.wan.host 、serverb.wan.host,
其中servera 是镜像源仓库Server,serverb是镜像源Client- 配置有hosts域名解析
一、搭建基于http协议的私有仓库
servera
拉取registry镜像
[root@servera ~]# docker pull registry
[root@servera ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 2d4f4b5309b1 4 months ago 26.2MB
- 1
- 2
- 3
- 4
运行 registry
[root@servera ~]# docker run -d --name registry_server -p 5000:5000 -v /data/registry:/var/lib/registry registry
a14df3d75467f1fffda6b2c5197cd2c98f3bd73f7c0a21170a77f24995779968
[root@servera ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a14df3d75467 registry "/entrypoint.sh /etc…" 9 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp registry_server
[root@servera ~]# netstat -lnutp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 44473/docker-proxy
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
serverb
修改docker服务配置文件,将servera添加到docker安全仓库列表
[root@serverb ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"],
"insecure-registries": ["servera:5000"]
}
[root@serverb ~]# systemctl restart docker
- 1
- 2
- 3
- 4
- 5
- 6
打标签,提前准备一个需要上传的镜像
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f0b02e9d092d 3 weeks ago 1.23MB
[root@serverb ~]# docker tag busybox:latest servera.wan.host:5000/busybox:v1
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f0b02e9d092d 3 weeks ago 1.23MB
servera.wan.host:5000/busybox v1 f0b02e9d092d 3 weeks ago 1.23MB
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
上传镜像
[root@serverb ~]# docker push servera.wan.host:5000/busybox:v1
The push refers to repository [servera.wan.host:5000/busybox]
d2421964bad1: Pushed
v1: digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc size: 527
- 1
- 2
- 3
- 4
servera查看镜像
[root@servera ~]# ll /data/registry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Nov 6 17:02 busybox
- 1
- 2
- 3
测试–serverb
删除本地镜像,拉取,镜像,并运行
[root@serverb ~]# docker rmi busybox:latest servera.wan.host:5000/busybox:v1 Untagged: busybox:latest Untagged: busybox@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d Untagged: servera.wan.host:5000/busybox:v1 Untagged: servera.wan.host:5000/busybox@sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc Deleted: sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f Deleted: sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675 [root@serverb ~]# docker pull servera.wan.host:5000/busybox:v1 v1: Pulling from busybox 9758c28807f2: Pull complete Digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc Status: Downloaded newer image for servera.wan.host:5000/busybox:v1 servera.wan.host:5000/busybox:v1 [root@serverb ~]# docker run --rm -it --name busybox_test servera.wan.host:5000/busybox:v1 /bin/sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # exit
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
二、搭建基于https协议的私有仓库
主机名、hosts协议,已经配置,此处不在演示
servera
仓库 server 生成公私秘钥
[root@servera mnt]# mkdir -p /opt/certs [root@servera mnt]# openssl req \ > -newkey rsa:4096 -nodes -sha256 -keyout /opt/certs/domain.key \ > -x509 -days 36500 -out /opt/certs/domain.crt Generating a 4096 bit RSA private key ..............++ ...........................................................................++ writing new private key to '/opt/certs/domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:SHAN`XI Locality Name (eg, city) [Default City]:XI`AN Organization Name (eg, company) [Default Company Ltd]:SCHOLL Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:servera.wan.host Email Address []:wan@123.com [root@servera mnt]# ll /opt/certs/ total 8 -rw-r--r-- 1 root root 2098 Nov 6 17:12 domain.crt -rw-r--r-- 1 root root 3268 Nov 6 17:12 domain.key
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
启动docker registry
镜像数据存储到本地:/mnt/registry
仓库公私钥文件存储到本地:/opt/certs
[root@servera mnt]# docker run -d \ > --restart=always \ > --name registry \ > -v /opt/certs:/certs \ > -v /mnt/registry:/var/lib/registry \ > -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ > -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ > -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ > -p 443:443 \ > registry 4503a20f9b1f4cf3bdad8fbaf4cff417765ef3fee624f0fb40503c6ede422d10 [root@servera mnt]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4503a20f9b1f registry "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:443->443/tcp, 5000/tcp registry 7d6eaa8aac44 registry "/entrypoint.sh /etc…" 15 minutes ago Up 15 minutes 0.0.0.0:5000->5000/tcp registry_server [root@servera mnt]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
serverb
拷贝证书文件到serverb
[root@serverb ~]# mkdir /etc/docker/certs.d/servera.wan.host -p
[root@serverb ~]# scp servera:/opt/certs/domain.crt /etc/docker/certs.d/servera.wan.host/ca.crt
The authenticity of host 'servera (192.168.5.11)' can't be established.
ECDSA key fingerprint is SHA256:8KoAXpPVTPc8T4wS2TQoTrAcVmbrZUqiI0UQ4L56zCQ.
ECDSA key fingerprint is MD5:48:a8:5d:58:f3:a7:c6:9b:b8:11:1a:1c:09:a8:55:04.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'servera,192.168.5.11' (ECDSA) to the list of known hosts.
root@servera's password:
domain.crt 100% 2098 2.3MB/s 00:00
[root@serverb ~]# ll /etc/docker/certs.d/servera.wan.host/
total 8
-rw-r--r--. 1 root root 2098 Nov 6 17:21 ca.crt
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
打标签,提前准备一个需要上传的镜像
注:docker registry 默认为https 此处可以省略443端口
[root@serverb ~]# docker tag busybox:latest servera.wan.host/busybox:v0.1
[root@serverb ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f0b02e9d092d 3 weeks ago 1.23MB
servera.wan.host/busybox v0.1 f0b02e9d092d 3 weeks ago 1.23MB
servera.wan.host:5000/busybox v1 f0b02e9d092d 3 weeks ago 1.23MB
- 1
- 2
- 3
- 4
- 5
- 6
上传镜像
[root@serverb ~]# docker push servera.wan.host/busybox:v0.1
The push refers to repository [servera.wan.host/busybox]
d2421964bad1: Pushed
v0.1: digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc size: 527
- 1
- 2
- 3
- 4
servera查看镜像
[root@servera ~]# ll /mnt/registry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Nov 6 17:24 busybox
- 1
- 2
- 3
测试–serverb
删除本地镜像,拉取,镜像,并运行
[root@serverb ~]# docker rmi servera.wan.host/busybox:v0.1 servera.wan.host:5000/busybox:v1 busybox:latest [root@serverb ~]# docker pull servera.wan.host/busybox:v0.1 v0.1: Pulling from busybox 9758c28807f2: Pull complete Digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc Status: Downloaded newer image for servera.wan.host/busybox:v0.1 servera.wan.host/busybox:v0.1 [root@serverb ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE servera.wan.host/busybox v0.1 f0b02e9d092d 3 weeks ago 1.23MB [root@serverb ~]# docker run --rm -d --name buxybox_test servera.wan.host/busybox:v0.1 /bin/sh 729e88416b9d8371619ef0c11f2963d462b10d18360c53c8000bd400b7bb437b [root@serverb ~]# docker run --rm -it --name buxybox_test servera.wan.host/busybox:v0.1 /bin/sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # exit
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
三、使用 UI 界面管理docker仓库
拉取并运行 registry-web
[root@servera ~]# docker run -d -p 8080:8080 --name registry-web \ > --link registry \ > -e REGISTRY_URL=https://registry/v2 \ > -e REGISTRY_TRUST_ANY_SSL=true \ > -e REGISTRY_NAME=localhost \ > hyper/docker-registry-web Unable to find image 'hyper/docker-registry-web:latest' locally latest: Pulling from hyper/docker-registry-web 04c996abc244: Pull complete d394d3da86fe: Pull complete bac77aae22d4: Pull complete b48b86b78e97: Pull complete 09b3dd842bf5: Pull complete 69f4c5394729: Pull complete b012980650e9: Pull complete 7c7921c6fda1: Pull complete e20331c175ea: Pull complete 40d5e82892a5: Pull complete a414fa9c865a: Pull complete 0304ae3409f3: Pull complete 13effc1a664f: Pull complete e5628d0e6f8c: Pull complete 0b0e130a3a52: Pull complete d0c73ab65cd2: Pull complete 240c0b145309: Pull complete f1fd6f874e5e: Pull complete 40b5e021928e: Pull complete 88a8c7267fbc: Pull complete f9371a03010e: Pull complete Digest: sha256:723ffa29aed2c51417d8bd32ac93a1cd0e7ef857a0099c1e1d7593c09f7910ae Status: Downloaded newer image for hyper/docker-registry-web:latest 6959b212f3244f185b8606c91884795b4c916f0af3edef98c479b259995f024
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
浏览器登录:
http://192.168.5.11:8080/
拷贝公钥
[root@servera ~]# mkdir /etc/docker/certs.d/servera.wan.host -p
[root@servera ~]# cp /opt/certs/domain.crt /etc/docker/certs.d/servera.wan.host/ca.crt
- 1
- 2
尝试打包,上传镜像
[root@servera ~]# docker push servera.wan.host/docker-registry-web:v1 The push refers to repository [servera.wan.host/docker-registry-web] 8779b4998d0c: Pushed 9eb22ef427e2: Pushed 64d1c65ea33e: Pushed d6c3b0e63834: Pushed 1315f14832fa: Pushed d16096ccf0bb: Pushed 463a4bd8f8c1: Pushed be44224e76b9: Pushed d96a8038b794: Pushed f469fc28e82e: Pushed 8418a42306ef: Pushed 03457c5158e2: Pushed 7ef05f1204ee: Pushed f7049feabf0b: Pushed 5ee52271b8b7: Pushed 8b1153b14d3a: Pushed 367b9c52c931: Pushed 3567b2f05514: Pushed 292a66992f77: Pushed 641fcd2417bc: Pushed 78ff13900d61: Pushed v1: digest: sha256:2c4f88572e1626792d3ceba6a5ee3ea99f1c3baee2a0e8aad56f0e7c3a6bf481 size: 4695
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
浏览器查看:
进一步查看docker-registry-web镜像
查看docker-registry-web镜像的分层信息
Tips:servera、serverb 务必保持时间同步,所以在实践前,必须校准当前系统的时间
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/565119
推荐阅读
相关标签
