docker鏡像倉庫

公有倉庫和私有倉庫:

速度:公有倉庫走的公網(wǎng),速度較慢;私有倉庫走的是內(nèi)網(wǎng),即局域網(wǎng);
安全性:公有倉庫存放在公共硬盤上;私有倉庫存在自己服務(wù)器硬盤上。

公有倉:

最權(quán)威的,但速度比較慢:
https://hub.docker.com/

image.png

首先登陸:

$ docker login -usmallsoup 
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

打標(biāo)簽,push鏡像到hub倉庫:

docker tag zookeeper:3.5 smallsoup/zookeeper:3.5
docker push smallsoup/zookeeper:3.5

已push成功,可以在hub上看到:


image.png

私有倉:

用docker提供的registry在本地搭建私有倉:

docker pull registry:2.5.2
docker run -d -p 5000:5000 registry:2.5.2
docker tag zookeeper:3.5 localhost:5000/zookeeper:3.5
docker push zookeeper:3.5 localhost:5000/zookeeper:3.5

因沒有設(shè)置安全性,所以直接可以push上去。

由于是本地倉庫,所以pull的速度很快。

[root@localhost micro-service]# docker pull localhost:5000/zookeeper:3.5
3.5: Pulling from zookeeper
Digest: sha256:3474ec46da9db9dc27a431f9645a2df9c91d5b969f591fe0ccd4c40f2bfd1579
Status: Image is up to date for localhost:5000/zookeeper:3.5

但是這個(gè)私有倉不能滿足我們的需求,生產(chǎn)線上萬一該私有倉服務(wù)器故障,其他服務(wù)器也無法接管。再者,也沒有頁面可以便于管理。

業(yè)內(nèi)出現(xiàn)了harbor,適用于生產(chǎn)環(huán)境。

harbor私有倉庫搭建

github地址:
https://github.com/goharbor/harbor/releases

下載地址:
https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz

這個(gè)連接速度太慢,可以在這里下載:
http://harbor.orientsoft.cn/

以下使用的harbor版本是harbor-offline-installer-v1.5.0.tgz
首先解壓:

tar -zxf harbor-offline-installer-v1.5.0.tgz

然后運(yùn)行./install腳本進(jìn)行安裝,如果需要特殊設(shè)置,可以先修改harbor.cfg和docker-compose.yml后在進(jìn)行./install安裝操作

[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... 
Creating redis              ... error
Creating harbor-db          ... 
Creating registry           ... 
Creating harbor-adminserver ... done
ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done

ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use by container "c3813d66ccad284d3529227fabf3d5c19cb991237de8d3e72fc470ffd2cbfa99". You have to remove (or rename) that container to be able to reuse that name.'
ERROR: Encountered errors while bringing up the project.

安裝過程中報(bào)以上錯(cuò)誤,是因?yàn)榉?wù)器上已經(jīng)有了名為redis的容器名,和harbor將要安裝的redis容器名重名,需要rename服務(wù)器上已有的redis容器名為micro-service-redis:

$ docker ps -a --filter name=redis
CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   redis

$ docker rename redis micro-service-redis 
$ docker ps -aq --filter name=redis
c3813d66ccad

$ docker ps -a --filter name=redis
CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   micro-service-redis

然后重新執(zhí)行./install

[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... 
Creating nginx              ... 

ERROR: for harbor-jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for nginx  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)

ERROR: for proxy  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
If you encounter this issue regularly because of slow network conditions, consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).

又報(bào)以上的錯(cuò),可能是由于網(wǎng)絡(luò)問題,導(dǎo)致失敗,重新./install試試:

[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done
Creating harbor-jobservice  ... done

? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://hub.smallsoup.com. 
For more details, please visit https://github.com/vmware/harbor .

成功了。

可以訪問harbor部署服務(wù)器IP:docker-compose.yml中80映射到宿主機(jī)上的端口;
用戶名是admin,密碼是harbor.cfg中harbor_admin_password的值訪問管理頁面:

image.png

可以創(chuàng)建一個(gè)私有倉庫micro-service:


image.png

在系統(tǒng)管理->用戶管理中添加用戶,然后點(diǎn)開上一步創(chuàng)建的項(xiàng)目-->>成員-->>新建成員,并設(shè)置權(quán)限。

項(xiàng)目管理員:有pull和push以及項(xiàng)目其他管理權(quán)限;
開發(fā)人員:有pull和push權(quán)限;
訪客:只有pull權(quán)限。


image.png

將該項(xiàng)目的各個(gè)微服務(wù)image push到harbor的micro-service項(xiàng)目里:

$ docker images |grep -v "vmware"
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
api-gateway-zuul                latest              8a814cf9bb65        23 hours ago        476MB
course-service                  latest              673d4501353e        23 hours ago        462MB
course-edge-service             latest              854d5d8bddaa        23 hours ago        484MB
message-thrift-python-service   latest              4317a76b387e        24 hours ago        926MB
user-edge-service               latest              ff07d54a02ba        25 hours ago        469MB
user-thrift-service             latest              02dd6fd0f239        26 hours ago        456MB
python-base                     latest              81ad8926a9d9        26 hours ago        926MB
zookeeper                       3.5                 c41e1dcd86e4        2 weeks ago         128MB
smallsoup/zookeeper             3.5                 c41e1dcd86e4        2 weeks ago         128MB
localhost:5000/zookeeper        3.5                 c41e1dcd86e4        2 weeks ago         128MB
elasticsearch                   latest              5acf0e8da90b        2 weeks ago         486MB
registry                        2.5.2               96ca477b7e56        3 weeks ago         37.8MB
registry                        2                   2e2f252f3c88        3 weeks ago         33.3MB
python                          3.6                 4f13b7f2138e        4 weeks ago         918MB
openjdk                         8-jre               66bf39162ea7        4 weeks ago         443MB
mysql                           latest              6a834f03bd02        4 weeks ago         484MB
hub.c.163.com/public/redis      2.8.4               4888527e1254        2 years ago         190MB

打標(biāo)簽:

docker tag openjdk:8-jre 192.168.1.103:80/micro-service/openjdk:8-jre

查看鏡像:

$ docker images |grep -v "vmware" | grep open
openjdk                                    7-jre               e4c851ec3393        4 weeks ago         329MB
192.168.1.103:80/micro-service/openjdk   8-jre               66bf39162ea7        4 weeks ago         443MB
openjdk                                    8-jre               66bf39162ea7        4 weeks ago         443MB

push鏡像:

$ docker push 192.168.1.103:80/micro-service/openjdk:8-jre
The push refers to repository [192.168.1.103:80/micro-service/openjdk]
Get https://192.168.1.103:80/v2/: http: server gave HTTP response to HTTPS client

push報(bào)錯(cuò)。由于默認(rèn)采用的是http協(xié)議,即harbor.cfg中的ui_url_protocol值。https的比較麻煩,需要生成證書等步驟,可以參考:
為Harbor設(shè)置Https

這里暫且用http的方式。

以上報(bào)錯(cuò)解決辦法:
在”/etc/docker/“目錄下,創(chuàng)建”daemon.json“文件。在文件中寫入:

{
  "insecure-registries": [
        "hub.smallsoup.com:80",
        "192.168.1.103:80"
  ]
}

重啟docker:

systemctl restart docker

docker重啟后,./install或者docker-compose down;docker-compose up -d重啟harbor即可。

題外話:

在安裝過程中,將80端口映射到宿主機(jī)的8081端口,push的時(shí)候遇到很多問題(報(bào)錯(cuò)80端口連接拒絕,大概就是這個(gè)issue),查找了很多資料,還是放棄了,最后映射到宿主機(jī)80端口,push一切ok。

將基礎(chǔ)鏡像和各個(gè)服務(wù)鏡像push到庫上:


image.png

由于用域名的方式push得設(shè)置hosts以及端口轉(zhuǎn)發(fā),比較麻煩,以上采用了IP:PORT方式:
刪除用域名打的標(biāo)簽:

docker rmi -f hub.smallsoup.com:80/micro-service/openjdk:8-jre
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容