zoukankan      html  css  js  c++  java

  • docker镜像仓库

    搭建私有镜像仓库

    Docker Hub作为Docker默认官方公共镜像,如果想自己搭建私有镜像仓库,官方也提供registry镜像,使得搭建私有仓库非常简单。
    下载registry镜像并启动

    [root@docker ~]# docker pull registry
[root@docker ~]# docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry
790e35569960041b5976786ab76babc8213e81e0a2d3b1bf3a9c0b5cc2bd1280

    测试查看镜像仓库中所有镜像

    [root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog
{"repositories":[]}

    私有镜像仓库管理

    配置私有仓库可信任

    [root@docker ~]# cat /etc/docker/daemon.json 
{
    "registry-mirrors":["https://registry.docker-cn.com"],
    "insecure-registries":["192.168.193.128:5000"]
}
[root@docker ~]# systemctl restart docker

    打标签

    [root@docker ~]# docker tag nginx:1.12 192.168.193.128:5000/nginx:1.12

    上传

    [root@docker ~]# docker push 192.168.193.128:5000/nginx:1.12
[root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog
{"repositories":["nginx"]}
查看信息
[root@docker ~]# curl http://192.168.193.128:5000/v2/nginx/tags/list
{"name":"nginx","tags":["1.12"]}

    下载

    [root@docker ~]# docker run -itd --name nginx -p 80:80 192.168.193.128:5000/nginx:1.12
6c13f1122f713237e44aabe58f345652785d21f4b2a1deda05985bbf03b5a1be

    企业通常使用Docker Harbor镜像管理工具。

    Docker Hub公共镜像仓库使用

    注册账号
    https://hub.docker.com/
    登录Docker Hub
    创建仓库


    linux端登录

    [root@docker ~]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: yinshoucheng
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
或
[root@docker ~]# docker login --username=yinshoucheng --password=123456

    镜像打标签

    [root@docker ~]# docker tag nginx:1.12 yinshoucheng/golden:1.12

    上传

    [root@docker ~]# docker push yinshoucheng/golden:1.12


    搜索测试

    [root@docker ~]# docker search yinshoucheng
NAME                  DESCRIPTION         STARS               OFFICIAL            AUTOMATED
yinshoucheng/golden                       0

    下载

    [root@docker ~]# docker pull yinshoucheng/golden:1.12

    企业级私有镜像仓库Harbor

    Harbor是VMware公司开源的企业级Docker Registry项目,项目地址:https://github.com/vmware/harbor
    下载离线安装包

    安装docker

    [root@docker ~]# docker info
Containers: 26
 Running: 1
 Paused: 0
 Stopped: 25
Images: 16
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.697GiB
Name: docker
ID: 3EAH:DXYW:7DXA:76IW:AKHC:TKG5:FC5N:QPRB:SFAY:T6HB:LSCS:CUPK
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: yinshoucheng
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 192.168.193.128:5000
 127.0.0.0/8
Registry Mirrors:
 https://registry.docker-cn.com/
Live Restore Enabled: false
Product License: Community Engine

    安装docker-compose
    https://github.com/docker/compose/releases/

    [root@docker ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0-rc1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@docker ~]# chmod +x /usr/local/bin/docker-compose
[root@docker ~]# docker-compose --version
docker-compose version 1.25.0-rc1, build 8552e8e2

    自签TLS证书
    https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

    解压
[root@docker ~]# tar -zxf harbor-offline-installer-v1.8.1.tgz 
[root@docker ~]# 
[root@docker ~]# cd harbor
创建存放ssl的目录
[root@docker harbor]# mkdir ssl
生成ca根证书
[root@docker harbor]# mkdir ssl
[root@docker harbor]# cd ssl
[root@docker ssl]# openssl req 
> -newkey rsa:4096 -nodes -sha256 -keyout ca.key 
> -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
........................................................................................................................................................................++
...............................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:goldenyin
Email Address []:
[root@docker ssl]# ls
ca.crt  ca.key
[root@docker ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.goldenyin.com.key -out reg.goldenyin.com.csr
Generating a 4096 bit RSA private key
.................................................................................................................................................................................................++
........++
writing new private key to 'reg.goldenyin.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN 
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:reg.goldenyin.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@docker ssl]# ls
ca.crt  ca.key  reg.goldenyin.com.csr  reg.goldenyin.com.key
[root@docker ssl]# openssl x509 -req -days 365 -in reg.goldenyin.com.csr -CA ca.crt -CAkey ca.key -CA.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.goldenyin.com.crt
Signature ok
subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.goldenyin.com
Getting CA Private Key
[root@docker ssl]# ls
ca.crt  ca.srl                 reg.goldenyin.com.csr
ca.key  reg.goldenyin.com.crt  reg.goldenyin.com.key

    Harbor安装与配置

    [root@docker ssl]# cd ..
[root@docker harbor]# ls
harbor.v1.8.1.tar.gz  harbor.yml  install.sh  LICENSE  prepare  ssl
配置harbor.cfg(新版已经改成harbor.yml)
修改配置,协议,证书,管理员密码 
示例:
hostname = reg.goldenyin.com
将http:和port:80注释(新版本)
ui_url_protocol = https(新版无此项)
ssl_cert = ./ssl/reg.lvusyy.com.crt(新版本certificate: ./ssl/reg.goldenyin.com.crt)
ssl_cert_key = ./ssl/reg.lvusyy.com.key(新版本private_key: ./ssl/reg.goldenyin.com.key)
harbor_admin_password = harbor12345
[root@docker harbor]#  ./prepare (读取配置文件,新版本无需此步骤操作)
将https:和port:443注释取消(新版本)
external_url: https://reg.goldenyin.com:8433(新版本)
[root@docker harbor]# ./install.sh 
✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://reg.goldenyin.com. 
For more details, please visit https://github.com/goharbor/harbor .

windows主机配置hosts(C:WindowsSystem32driversetchosts)
192.168.193.128 reg.goldenyin.com

    http://reg.goldenyin.com/

    https://reg.goldenyin.com/(未配置)

    docker主机访问Harbor

    [root@docker harbor]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.193.128 reg.goldenyin.com
[root@docker harbor]# docker login reg.goldenyin.com
创建证书保存目录
[root@docker harbor]# mkdir -p /etc/docker/certs.d/reg.goldenyin.com
拷贝证书
[root@docker reg.goldenyin.com]# ls
reg.goldenyin.com.crt
重新登录
[root@docker harbor]# docker login reg.goldenyin.com

    docker tag SOURCE_IMAGE[:TAG] reg.goldenyin.com/test/IMAGE[:TAG]
    docker push reg.goldenyin.com/test/IMAGE[:TAG]
  • 相关阅读:
    iscsi-分区类型
    NFS
    测试目录
    测试
    函数
    循环、枚举、条件判断、选择排序
    格式化、列表、元组、字典、集合
    常量、注释、变量、堆栈、数据类型、强制转换
    站点迁移至https://traceless.site/
    CENTOS7 源码安装NGINX
  • 原文地址:https://www.cnblogs.com/yinshoucheng-golden/p/11037500.html
Copyright © 2011-2022 走看看