Docker学习笔记 —— 镜像仓库制作(公有+私有+Harbor)
Posted 爱敲代码的三毛
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker学习笔记 —— 镜像仓库制作(公有+私有+Harbor)相关的知识,希望对你有一定的参考价值。
文章目录
一、官方仓库
- 公有仓库
- 私有仓库
1.官方镜像仓库
公有的官方镜像仓库dockerhub
1) web页面登录
2) Linux命令行登录
[root@docker ~]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: hehayu # 用户
Password: # 密码
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
退出登录
[root@docker ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
2. dockerhup镜像上传、下载
1) 镜像上传
我们从dockerhub上下载的公开镜像是不能直接上传的,要先tag(打标签,类似于重新指定路径并命名)
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker tag centos:latest hehayu/centos:v1
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hehayu/centos v1 5d0da3dc9764 12 months ago 231MB
centos latest 5d0da3dc9764 12 months ago 231MB
把已打标记的容器镜像上传到公有仓库
[root@docker ~]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: hehayu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]# docker push hehayu/centos:v1
The push refers to repository [docker.io/hehayu/centos]
74ddd0ec08fa: Mounted from library/centos
v1: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
2) 镜像下载
可以先删除掉原来的镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker ~]# docker pull hehayu/centos:v1
v1: Pulling from hehayu/centos
a1d0c7532777: Already exists
Digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc
Status: Downloaded newer image for hehayu/centos:v1
docker.io/hehayu/centos:v1
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hehayu/centos v1 5d0da3dc9764 12 months ago 231MB
3. 镜像加速器
1) 阿里云加速器
修改/etc/docker/daemon.json
重启服务
systemctl daemon-reload
systemctl restart docker
二、docker本地容器镜像仓库
- 在局域内使用
- 方便与其它系统进行集成
- 上传下载大镜像时
环境准备
2台CentOS机器,都安装docker环境。
一台用来测试参仓库下载,一台安装registry做镜像仓库。
要在同一网段,关闭防火墙SELinux
1.使用registry容器镜像实现本地非安全镜像仓库
1) 下载registry容器镜像
[root@registry ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b8604a3fe854 10 months ago 26.2MB
2) 创建用于挂载至registry镜像启动的仓库中,便于容器镜像持久保存
[root@registry ~]# mkdir /opt/dockerregistry
3) 启动容器获取镜像仓库
- –restart=always:一种重启策略,假如物理机关机重启,容器也会自动重启,不用手动重启
- /var/lib/registr :registry指定要挂载到的目录
[root@registry ~]# docker run -d -p 5000:5000 --restart=always -v /opt/dockerregistry:/var/lib/registry registry:latest
c9b86d83720fe550142063fdebc87adadd64a4d6840c8d471399f2d5726233db
[root@registry ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c9b86d83720f registry:latest "/entrypoint.sh /etc…" 7 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp nostalgic_cerf
4) 验证是否可用
[root@registry ~]# curl http://192.168.44.120:5000/v2/_catalog
"repositories":[]
[root@registry ~]# vim /etc/docker/daemon.json
"insecure-registries": ["http://192.168.44.120:5000"]
[root@registry ~]# systemctl restart docker
给镜像打标记
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b8604a3fe854 10 months ago 26.2MB
centos latest 5d0da3dc9764 12 months ago 231MB
[root@registry ~]# docker tag centos:latest 192.168.44.120:5000/centos:v1
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b8604a3fe854 10 months ago 26.2MB
192.168.44.120:5000/centos v1 5d0da3dc9764 12 months ago 231MB
centos latest 5d0da3dc9764 12 months ago 231MB
上传到仓库
[root@registry ~]# docker push 192.168.44.120:5000/centos:v1
The push refers to repository [192.168.44.120:5000/centos]
74ddd0ec08fa: Pushed
v1: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
[root@registry ~]# ls /opt/dockerregistry/
docker
[root@registry ~]# ls /opt/dockerregistry/docker/
registry
[root@registry ~]# ls /opt/dockerregistry/docker/registry/
v2
[root@registry ~]# ls /opt/dockerregistry/docker/registry/v2/
blobs repositories
[root@registry ~]# ls /opt/dockerregistry/docker/registry/v2/repositories/
centos
5) 在其它主机中使用此镜像仓库
第一步修改:/usr/lib/systemd/system/docker.service ,容器间互联(–link)
[root@docker ~]# vim /usr/lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
第二步创建:/etc/docker/daemon.json
# vim /etc/docker/daemon.json
添加镜像仓库主机ip
"insecure-registries": ["http://192.168.122.33:5000"]
第三步:重启
[root@docker ~]# systemctl daemon-reload;systemctl restart docker
第四步:测试下载
[root@docker ~]# docker pull 192.168.44.120:5000/centos:v1
v1: Pulling from centos
a1d0c7532777: Pull complete
Digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc
Status: Downloaded newer image for 192.168.44.120:5000/centos:v1
192.168.44.120:5000/centos:v1
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.44.120:5000/centos v1 5d0da3dc9764 12 months ago 231MB
2. 使用Harbor实现本地通过web进行管理的非安全仓库
- vmware公司开源
- 良好的中文界面
- web管理界面
- 使用广泛
环境准备
1) 工具准备
- 使用docker-compose工具进行启动
在harbor机器上安装并启动docker
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum repolist
# yum -y install docker-ce
# systemctl start docker
再安装 compose
[root@harhor ~]# curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 11.6M 100 11.6M 0 0 2568k 0 0:00:04 0:00:04 --:--:-- 3427k
将可执行权限应用于二进制文件
[root@harhor ~]# chmod +x /usr/local/bin/docker-compose
创建指向/usr/bin或路径中任何其他目录的符号链接
[root@harhor ~]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
[root@harhor ~]# docker-compose version
docker-compose version 1.27.4, build 40524192
docker-py version: 4.3.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
查看版本
docker-compose version
2) 获取harbor
我这里是tar xf harbor-offline-installer-v1.10.14.tgz版本
[root@harhor ~]# tar xf harbor-offline-installer-v1.10.14.tgz
[root@harhor ~]# cd harbor
[root@harhor harbor]# vim harbor.yml
把这一项修改为本机ip
hostname: 192.168.44.110
默认的admin密码
harbor_admin_password: Harbor12345
3) 启动
# ./install.sh
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating redis ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
在浏览器上访问http://本机ip
公开项目: 下载镜像不需要docker login登录,但上传镜像还是需要docker
login登录
私有项目: 都需要docker login登录才以上传下载
4) 镜像上传下载操作
在docker主机下载一个随便下一个镜像测试,并打上标记
[root@docker ~]# docker pull centos
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 5d0da3dc9764 12 months ago 231MB
[root@docker ~]# docker tag centos:latest 192.168.44.110/test/centos-test:v1
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.44.110/test/centos-test v1 5d0da3dc9764 12 months ago 231MB
centos latest 5d0da3dc9764 12 months ago 231MB
在docker主机上安装docker,并修改配置文件
因为docker用https通讯,所以还需要做证书,太麻烦。
配置"insecure-registries": [“harbor服务器IP”]来使用http通讯
[root@docker ~]# vim /etc/docker/daemon.json
"insecure-registries": ["http://192.168.44.110"]
重启docker
# systemctl restart docekr
上传镜像
[root@docker ~]# docker login http://192.168.44.110
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]# docker push 192.168.44.110/test/centos-test:v1
The push refers to repository [192.168.44.110/test/centos-test]
74ddd0ec08fa: Pushed
v1: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
回到网页查看
以上是关于Docker学习笔记 —— 镜像仓库制作(公有+私有+Harbor)的主要内容,如果未能解决你的问题,请参考以下文章