Docker镜像私有仓库
在Docker中,当我们执行 docker pull xxx 的时候 ,它实际上是从 hub.docker.com 这个地址去查找,这就是 Docker 公司为我们提供的公共仓库。在工作中,我们不可能把企业项目 push 到公有仓库进行管理。所以为了更好的管理镜像,Docker 不仅提供了一个中央仓库,同时也允许我们搭建本地私有仓库。docker容器镜像仓库分类:
- 公网仓库:docker hub
- 私网仓库: registry、harbor
## 一、registry镜像仓库### 1.1、 registry 仓库搭建**搭建步骤**- 拉取 registry 容器镜像- 创建 registry 仓库容器- 测试容器应用**搭建过程**a、拉取registry容器镜像```docker pull registry ```b、创建registry仓库容器```1、创建持久化存储,将容器镜像存储目录/var/lib/registry挂载到本地/opt/myregistry下:mkdir /opt/myregistry2、创建 registry 容器:docker run -d -p 5000:5000 -v /opt/myregistry:/var/lib/registry--restart=always registry:latest3、查看容器是否运行docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES6b20b55fe6f8 registry:latest "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp busy_mclean```c、测试容器应用```# curl http://192.168.1.150:5000/v2/_catalog{"repositories":[]}显示仓库中没有任何镜像```### 1.2、registry仓库应用-上传镜像**上传镜像步骤**- 设置docker仓库为registry本地仓库- 给需要存储的镜像打tag- 上传镜像到registry仓库**演示案例****将baishuming2020/centos_nginx:latest上传到仓库****查看当前本地镜像**```# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEbaishuming2020/centos_nginx latest bcd9f28f6126 33 minutes ago 447MBbaishuming2020/centos_8_base latest 3e9f682f8459 47 minutes ago 200MBcentos latest 0f3e07c0138f 6 weeks ago 220MBregistry latest f32a97de94e1 8 months ago 25.8MB```a、设置docker仓库为registry本地仓库```#1、修改docker进程启动文件,修改其启动方式,目的是为了让通过docker配置文件启动# sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service#2、设置docker 守护进程的配置文件 /etc/docker/daemon.json,默认没有该文件# cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.1.150:5000"]}insecure-registries 指定非安全的仓库地址,多个用逗号隔开#3、重启docker生效配置文件# systemctl daemon-reload# systemctl restart docker```b、给需要存储的镜像打tag```# docker tag baishuming2020/centos_nginx:latest 192.168.1.150:5000/centos_nginx:v1# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.98.240:5000/centos_nginx v1 bcd9f28f6126 45 minutes ago 447MBbaishuming2020/centos_nginx latest bcd9f28f6126 45 minutes ago 447MBbaishuming2020/centos_8_base latest 3e9f682f8459 59 minutes ago 200MBcentos latest 0f3e07c0138f 6 weeks ago 220MBregistry latest f32a97de94e1 8 months ago 25.8MB```c、上传镜像到registry仓库```#1、上传镜像# docker push 192.168.98.240:5000/centos_nginx:v1The push refers to repository 1da799aaf1ec: Pushed f598357997c6: Pushed 630012d2d35b: Pushed 4dcde7ab808a: Pushed 64dc1b92ebb6: Pushed 7db2133dafb9: Pushed fd05189e6e81: Pushed ee645629aa71: Pushed v1: digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b size: 1996#2、查看上传# curl http://192.168.98.240:5000/v2/_catalog{"repositories":["centos_nginx"]}#查看存储文件夹# ls /opt/docker_repos/docker/registry/v2/repositories/centos_nginx/_layers_manifests_uploads```### 1.3、 registry仓库应用-客户端下载镜像- 设置客户端docker仓库为registry仓库- 拉取镜像到本地**演示案例****要求192.168.98.241机器的容器可以下载registry仓库中的镜像**a、设置192.168.1.151机器的docker仓库为registry仓库```#1、设置docker启动文件# sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service#2、设置docker配置文件# cat/etc/docker/daemon.json { "insecure-registries": ["http://192.168.1.150:5000"]}```b、下载镜像192.168.1.151机器上的docker可以拉取registry仓库中的192.168.1.150:5000/centos_nginx:v1容器镜像```# docker pull 192.168.1.150:5000/centos_nginx:v1v1: Pulling from centos_nginxdcd04d454f16: Pull complete 5cb2e05aa6e1: Pull complete 870634eb98b4: Pull complete 0fae9697ee4b: Pull complete 18ad57cfcecb: Pull complete 64dd6f0d85c1: Pull complete 7178b0b4388e: Pull complete 34de8795cd41: Pull complete Digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816bStatus: Downloaded newer image for 192.168.98.240:5000/centos_nginx:v1192.168.98.240:5000/centos_nginx:v1#验证下载# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.1.150:5000/centos_nginx v1 bcd9f28f6126 4 hours ago 447MB```### 1.4、registry带basic认证的仓库**实现步骤**- 安装需要认证的包- 创建存放认证信息的文件- 创建认证信息- 创建带认证的registry容器- 指定仓库地址- 登录认证**实现过程**a、安装需要认证的包```yum -y install httpd-tools```b、创建存放认证信息的文件```mkdir -p /opt/registry-var/auth```c、创建认证信息```htpasswd -Bbn zutuanxue 123456 >> /opt/registry-var/auth/htpasswd```d、创建带认证的registry容器```docker run -d -p 10000:5000 --restart=always --name registry \-v/opt/registry-var/auth:/auth \-v /opt/myregistry:/var/lib/registry \-e "REGISTRY_AUTH=htpasswd" \-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \registry:latest```e、指定仓库地址```cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.1.150:5000","http://192.168.1.150:10000"]}```f、登录认证```docker login 192.168.1.150:10000Username:zutuanxuePassword:123456```### 二、 harbor镜像仓库Harbor离线安装包下载地址:https://github.com/goharbor/harbordocker-compose版本选择:https://github.com/docker/compose/releases### 2.1 harbor下载```# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.2-rc1.tgz```### 2.2 docker-compose安装容器编排工具,执行./install.sh时需要。如果不安装,一会重启docker服务,相关的harbor容器会死掉,安装后就会被随着docker重启```curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-compose```### 2.3 harbor安装```# tar xf harbor-offline-installer-v1.9.2-rc1.tgz # mv harbor /opt/# /opt/harbor/prepare prepare base dir is set to /opt/harborUnable to find image 'goharbor/prepare:v1.9.2' locallyv1.9.2: Pulling from goharbor/prepareb950b5dd94ab: Pull complete cc7bb94ca291: Pull complete d6a642502e65: Pull complete 21510274066b: Pull complete 04998692a2c0: Pull complete ae8f4647fe53: Pull complete cee24c721c12: Pull complete Digest: sha256:a647780bcd7f5fdcc9696332c9bca90f290912ecb41bd15c4c1a516450597bc2Status: Downloaded newer image for goharbor/prepare:v1.9.2Generated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /secret/keys/secretkeyGenerated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crtGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir修改配置文件中的主机名为本机域名或IP# grep "^hostname" /opt/harbor/harbor.yml hostname: 192.168.98.240# /opt/harbor/install.sh : checking installation environment ...Note: docker version: 19.03.1/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!RequestsDependencyWarning)Note: docker-compose version: 1.24.1: loading Harbor images ...6ef530defbe4: Loading layer63.49MB/63.49MB55872518448e: Loading layer54.42MB/54.42MB070787ce276e: Loading layer5.632kB/5.632kB1ddc8ebef7e9: Loading layer2.048kB/2.048kB94ec70036213: Loading layer 2.56kB/2.56kB87f88832870d: Loading layer 2.56kB/2.56kB208968317bf9: Loading layer 2.56kB/2.56kBab6259c81a01: Loading layer10.24kB/10.24kBLoaded image: goharbor/harbor-db:v1.9.292e51ca4c459: Loading layer9.005MB/9.005MB9e12eb4a5a82: Loading layer3.072kB/3.072kB913c064dae30: Loading layer21.76MB/21.76MBb28cae8255d8: Loading layer3.072kB/3.072kB890572f32fd2: Loading layer8.661MB/8.661MB6f00be7ade9a: Loading layer30.42MB/30.42MBLoaded image: goharbor/harbor-registryctl:v1.9.251bada9a03ba: Loading layer78.25MB/78.25MBbdd423614a28: Loading layer3.072kB/3.072kBe44c809a7328: Loading layer 59.9kB/59.9kB07d91c85aa68: Loading layer61.95kB/61.95kBLoaded image: goharbor/redis-photon:v1.9.2e0a372c4d5d3: Loading layer10.84MB/10.84MBLoaded image: goharbor/nginx-photon:v1.9.299f324455426: Loading layer115.7MB/115.7MBdbde533bd1f2: Loading layer12.29MB/12.29MB32adabde1b24: Loading layer2.048kB/2.048kBcdedbb7b738d: Loading layer48.13kB/48.13kB60eb6ca8f5f9: Loading layer3.072kB/3.072kB05fadada21a7: Loading layer12.34MB/12.34MBLoaded image: goharbor/clair-photon:v2.0.9-v1.9.2fbe05936a49e: Loading layer12.77MB/12.77MB8dc691e9365f: Loading layer55.38MB/55.38MBc83233ecc176: Loading layer5.632kB/5.632kBde775c6f50f5: Loading layer36.35kB/36.35kB525709237f01: Loading layer55.38MB/55.38MBLoaded image: goharbor/harbor-core:v1.9.2734abd864add: Loading layer12.77MB/12.77MB74033d37bf08: Loading layer48.13MB/48.13MBLoaded image: goharbor/harbor-jobservice:v1.9.26677f529d41e: Loading layer9.005MB/9.005MB019a95ff5e80: Loading layer3.072kB/3.072kB4b3792cedc69: Loading layer 2.56kB/2.56kB274f5851694b: Loading layer21.76MB/21.76MB68e937b2af9e: Loading layer21.76MB/21.76MBLoaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.9.2Loaded image: goharbor/prepare:v1.9.20566b1894f2e: Loading layer9.009MB/9.009MBb99c86e48679: Loading layer44.41MB/44.41MB283ba1db5c52: Loading layer2.048kB/2.048kB701de676a8f6: Loading layer3.072kB/3.072kBc923d0b0255c: Loading layer44.41MB/44.41MBLoaded image: goharbor/chartmuseum-photon:v0.9.0-v1.9.2ef4a961407c7: Loading layer9.004MB/9.004MB7cf94e5011b7: Loading layer6.239MB/6.239MB5c984b34ecb2: Loading layer 16.4MB/16.4MBf06fb877e324: Loading layer29.21MB/29.21MBae07ec384ebd: Loading layer22.02kB/22.02kB864698f2b94d: Loading layer51.85MB/51.85MBLoaded image: goharbor/notary-server-photon:v0.6.1-v1.9.2c953b6400a8b: Loading layer 50.3MB/50.3MB2ee784d17d84: Loading layer3.584kB/3.584kBc71f6b26fd01: Loading layer3.072kB/3.072kBbb6389098841: Loading layer 2.56kB/2.56kBb63da553de9f: Loading layer3.072kB/3.072kB62a479d14974: Loading layer3.584kB/3.584kBaa3fee5917b8: Loading layer12.29kB/12.29kBLoaded image: goharbor/harbor-log:v1.9.2691af8d2c981: Loading layer 14.9MB/14.9MB7878347ee491: Loading layer29.21MB/29.21MB433f16e7c539: Loading layer22.02kB/22.02kBad0202306aed: Loading layer50.34MB/50.34MBLoaded image: goharbor/notary-signer-photon:v0.6.1-v1.9.262247cb7cb19: Loading layer337.8MB/337.8MBd8b748aaf7dd: Loading layer119.8kB/119.8kBLoaded image: goharbor/harbor-migrator:v1.9.2d9705202f79f: Loading layer7.036MB/7.036MB3fdb77b47894: Loading layer196.6kB/196.6kB8901bb1db41e: Loading layer 172kB/172kBbaf9307d1844: Loading layer15.36kB/15.36kB1dcfba9b1bd1: Loading layer3.584kB/3.584kB90a90fef2f80: Loading layer10.84MB/10.84MBLoaded image: goharbor/harbor-portal:v1.9.2: preparing environment ...prepare base dir is set to /opt/harborClearing the configuration file: /config/log/logrotate.confClearing the configuration file: /config/log/rsyslog_docker.confClearing the configuration file: /config/nginx/nginx.confClearing the configuration file: /config/core/envClearing the configuration file: /config/core/app.confClearing the configuration file: /config/registry/config.ymlClearing the configuration file: /config/registryctl/envClearing the configuration file: /config/registryctl/config.ymlClearing the configuration file: /config/db/envClearing the configuration file: /config/jobservice/envClearing the configuration file: /config/jobservice/config.ymlGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlloaded secret from file: /secret/keys/secretkeyGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!RequestsDependencyWarning): starting Harbor .../usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!RequestsDependencyWarning)Creating network "harbor_harbor" with the default driverCreating harbor-log ... doneCreating harbor-portal ... doneCreating redis ... doneCreating registryctl ... doneCreating registry ... doneCreating harbor-db ... doneCreating harbor-core ... doneCreating nginx ... doneCreating harbor-jobservice ... done✔ ----Harbor has been installed and started successfully.----Now you should be able to visit the admin portal at http://192.168.98.240. For more details, please visit https://github.com/goharbor/harbor .```### 2.4 docker设置仓库为harbor```1、docker服务启动文件#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 注释或者将[-H fd:// --containerd=/run/containerd/containerd.sock]删除ExecStart=/usr/bin/dockerd 这样做的目的是让daemon.json管理docker进程2、创建docker守护进程配置文件# cat /etc/docker/daemon.json { "insecure-registries": ["http://192.168.98.240"]}```### 2.5 镜像上传到harbor```#登陆harbor# docker login http://192.168.98.240 -u admin -p Harbor12345WARNING! Using --password via the CLI is insecure. Use --password-stdin.WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded#修改镜像name:tag为harbor仓库名# docker tag baishuming2020:latest 192.168.98.240/library/centos_web:v1#上传镜像# docker push 192.168.98.240/library/centos_web:v1The push refers to repository 968786242e9d: Pushed v1: digest: sha256:d204253a33c6c2c74273fbd003cf3e14a48bcdd5c7bc10f51ccbad9e4dd39699 size: 528```## 常见问题docker-compose命令无法使用# docker-compose psERROR:Can’t find a suitable configuration file in this directory or anyparent. Are you in the right directory?``` Supported filenames: docker-compose.yml, docker-compose.yaml```原因: **当前目录没有配置文件**```正确执行路径 harbor安装目录# docker-compose ps Name Command State Ports -----------------------------------------------------------------------------------------harbor-core /harbor/harbor_core Up harbor-db /docker-entrypoint.sh Up 5432/tcp harbor-jobservice /harbor/harbor_jobservice... Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcpharbor-portal nginx -g daemon off; Up 8080/tcp nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp redis redis-server /etc/redis.conf Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up 5000/tcp registryctl /harbor/start.sh Exit 137 ```
怪物之所以是怪物,不是因为做了什么,而是它为什么做。
页:
[1]