Docker Registry && Docker Compose

于 2018-08-23 16:40:06 发布
阅读量1.2k 收藏
点赞数
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/JaneNancy/article/details/81982331
本文详细介绍了Docker仓库的运作机制,包括公开和私有仓库,以及如何在本地部署仓库。接着,文章讲解了Docker证书的创建和配置,确保安全访问私有仓库。此外,还探讨了如何利用htpasswd设置用户名和密码控制权限。然后,介绍了Docker Compose作为微服务集群管理工具的作用,展示了如何封装web镜像和创建volume容器。最后,通过编写docker-compose.yml文件和配置haproxy,实现了多容器的管理和负载均衡。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一、docker仓库

仓库是集中存放镜像文件的场所。有时候会把仓库和仓库注册服务器(Registry)混为一谈,并不严格区分。实际上,仓库注册服务器上往往存放着多个仓库,每个仓库中又包含了多个镜像,每个镜像有不同的标签(tag)。
仓库分为公开仓库(Public)和私有仓库(Private)两种形式。最大的公开仓库是 Docker Hub,存放了数量庞大的镜像供用户下载。 国内的公开仓库包括 Docker Pool等,可以提供大陆用户更稳定快速的访问。
当然,用户也可以在本地网络内创建一个私有仓库。当用户创建了自己的镜像之后就可以使用 push 命令将它上传到公有或者私有仓库,这样下次在另外一台机器上使用这个镜像时候,只需要从仓库上 pull 下来就可以了。

这里写图片描述

1.Docker 官方已经把仓库封装为镜像,直接通过启动容器就可以部署完成仓库

[root@foundation50 docker]# docker images registry
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            latest              bca04f698ba8        2 years ago         423 MB
[root@foundation50 docker]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
4064ffdc82fe: Pull complete 
c12c92d1c5a2: Pull complete 
4fbc9b6835cc: Pull complete 
765973b0f65f: Pull complete 
3968771a7c3a: Pull complete 
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:2
6a8183c460abf1488290425789e20a4d074096a0c0763c5e30c9e0f9db264e5a
[root@foundation50 docker]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
6a8183c460ab        registry:2          "/entrypoint.sh /e..."   13 seconds ago      Up 7 seconds        0.0.0.0:5000->5000/tcp   nervous_hawking
ab2d23164525        ubuntu              "/bin/bash"              15 minutes ago      Up 15 minutes                                vm1
[root@foundation50 docker]# docker stop mv1
Error response from daemon: No such container: mv1
[root@foundation50 docker]# docker stop vm1
vm1
[root@foundation50 docker]# docker rm vm1
vm1
[root@foundation50 docker]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
6a8183c460ab        registry:2          "/entrypoint.sh /e..."   2 minutes ago       Up 2 minutes        0.0.0.0:5000->5000/tcp   nervous_hawking

这里写图片描述

2.给Docker 镜像命名

[root@foundation50 docker]# ping westos.org
[root@foundation50 docker]# vim /etc/hosts   ##加入本机解析  172.25.50.250  westos.org

这里写图片描述

3.推送镜像到 localhost:5000 仓库

[root@foundation50 docker]# docker tag nginx westos.org:5000/nginx
[root@foundation50 docker]# docker tag nginx localhost:5000/nginx
[root@foundation50 docker]# docker push localhost:5000/nginx

这里写图片描述

[root@foundation50 registry]# ls
docker
[root@foundation50 registry]# docker pull localhost:5000/nginx
[root@foundation50 registry]# docker rmi localhost:5000/nginx  ##删除本地 nginx 镜像的 TAG

这里写图片描述

[root@foundation50 registry]# docker rmi westos.org:5000/nginx
Untagged: westos.org:5000/nginx:latest
[root@foundation50 registry]# docker rmi localhost:5000/nginx
Untagged: localhost:5000/nginx:latest
Untagged: localhost:5000/nginx@sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
[root@foundation50 registry]# docker rmi nginx
Untagged: nginx:latest
Deleted: sha256:c82521676580c4850bb8f0d72e47390a50d60c8ffe44d623ce57be521bca9869
Deleted: sha256:2c1f65d17acf8759019a5eb86cc20fb8f8a7e84d2b541b795c1579c4f202a458
Deleted: sha256:8f222b457ca67d7e68c3a8101d6509ab89d1aad6d399bf5b3c93494bbf876407
Deleted: sha256:cdb3f9544e4c61d45da1ea44f7d92386639a052c620d1550376f22f5b46981af
[root@foundation50 registry]# docker pull localhost:5000/nginx   拉取镜像到本地
Using default tag: latest
latest: Pulling from nginx
2da35ff30a7d: Pull complete 
831fb1a65ced: Pull complete 
7a63da4e8a19: Pull complete 
Digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
Status: Downloaded newer image for localhost:5000/nginx:latest
[root@foundation50 registry]# docker images

这里写图片描述

[root@foundation50 registry]# docker tag localhost:5000/nginx nginx
[root@foundation50 registry]# docker images
[root@foundation50 registry]# docker rmi localhost:5000/nginx
Untagged: localhost:5000/nginx:latest
Untagged: localhost:5000/nginx@sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f
[root@foundation50 registry]# docker images nginx
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              c82521676580        3 weeks ago         109 MB
[root@foundation50 registry]# docker images

这里写图片描述

二、docker 证书

1.创建服务端key以及证书

[root@foundation50 ~]# cd /tmp/docker/
[root@foundation50 docker]# ls
Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# pwd
/tmp/docker
[root@foundation50 docker]# mkdir certs
[root@foundation50 docker]# cd certs/
[root@foundation50 certs]# cd ..
[root@foundation50 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt   #-x509一般用于根证书,在生成服务端证书时不需要此参数
Generating a 4096 bit RSA private key
...................++
.............................................................................................................................................................................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn 
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org

这里写图片描述

[root@foundation50 docker]# ls
certs  Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# cd certs/
[root@foundation50 certs]# ls
domain.crt  domain.key
[root@foundation50 certs]# ll
total 8
-rw-r--r-- 1 root root 2098 Aug 21 18:53 domain.crt
-rw-r--r-- 1 root root 3272 Aug 21 18:53 domain.key
[root@foundation50 certs]# cd ..
[root@foundation50 docker]# pwd
/tmp/docker
[root@foundation50 docker]# ls
certs  Dockerfile  ssh  supervisord.conf  test  web  yum.repo

这里写图片描述

2.创建仓库
启动注册表,指示它使用TLS证书。这个命令将/certs/目录绑定到容器中/certs/,并设置环境变量来告诉容器在哪里找到/certs/domain.crt 和/certs/domain.key文件。注册表在端口443(默认的HTTPS端口)上运行。

[root@foundation50 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2
54d85a487407240f0fdd32da1d2aeb2a428c916fa5e16e43807501336bc50255

这里写图片描述

3.查看端口

[root@foundation50 docker]# netstat -antlp |grep :443

这里写图片描述

4.复制证书

[root@foundation50 ~]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
An image does not exist locally with the tag: westos.org/rhel7
[root@foundation50 ~]# cd /etc/docker/
[root@foundation50 docker]# ls
deamon.json  nginx.tar           registry.tar  stress.tar
key.json     registry-2.3.1.tar  rhel7.tar     ubuntu.tar
[root@foundation50 docker]# mkdir certs.d
[root@foundation50 docker]# cd certs.d/
[root@foundation50 certs.d]# mkdir westos.org
[root@foundation50 certs.d]# cd westos.org/
[root@foundation50 westos.org]# cp /tmp/docker/certs/domain.crt  ./ca.crt
[root@foundation50 westos.org]# ls
ca.crt
[root@foundation50 westos.org]# docker tag nginx westos.org/rhel7
[root@foundation50 westos.org]# docker push westos.org/rhel7
The push refers to a repository [westos.org/rhel7]
08d25fa0442e: Pushed 
a8c4aeeaa045: Pushed 
cdb3f9544e4c: Pushed 
latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948
[root@foundation50 westos.org]#

这里写图片描述

三、证书密码

清空环境,建立目录

[root@foundation50 bin]# cd /tmp/docker/
[root@foundation50 docker]# ls
certs  Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# cd certs/
[root@foundation50 certs]# ls
domain.crt  domain.key
[root@foundation50 certs]# cd ..
[root@foundation50 docker]# mkdir auth
[root@foundation50 docker]# cd auth/

这里写图片描述

1.配置用户权限
如果想要控制registry的使用权限,使其只有在登录用户名和密码之后才能使用的话,还需要做额外的设置。registry的用户名密码文件可以通过htpasswd来生成

[root@foundation50 docker]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@foundation50 docker]# docker run --entrypoint htpasswd registry:2 -Bbn jane westos > auth/htpasswd
[root@foundation50 docker]# docker run --entrypoint htpasswd registry:2 -Bbn admin admin > auth/htpasswd

这里写图片描述

这里写图片描述

2.创建仓库

[root@foundation50 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry:2
[root@foundation50 docker]# docker push westos.org/rhel7

这里写图片描述

2.输入用户名和密码

[root@foundation50 docker]# cat auth/htpasswd    ##用这里看到的用户和密码登陆
[root@foundation50 docker]# docker login -u admin -p admin westos.org

这里写图片描述

3.可以查看到登陆的信息

[root@foundation50 .docker]# cat config.json
[root@foundation50 .docker]# netstat -antlp |grep :443

这里写图片描述

[root@foundation50 ~]# docker push westos.org/nginx
[root@foundation50 ~]# docker tag nginx westos.org/nginx
[root@foundation50 ~]# docker push westos.org/nginx

这里写图片描述

四、Docker Compose

安装与简介

Docker 可以极为方便地部署单个服务,但这时候我们需要一个工具来整合 Docker 的功能,使之能够更便捷地去管理整个微服务集群的部署和迁移,Docker Compose 正是应此而生。他是由 Python 编写的程序,能够根据指令结合配置文件转换成对应的 Docker API 的操作,并直接体现到 Docker Daemon 中,这就代替我们完成了重复输入复杂指令的过程,主要功能可分为以下两点:

Service:代表的是运行同种应用程序的一个或多个相同容器的抽象定义,也是我们在Docker Compose 中配置的主要对象。在每个 Docker Compose 的配置文件中,我们可以定义多个服务,并定义服务的配置,以及服务于服务之间的以来关系。
Project:代表的是由多个服务所组成的一个相对完整的业务单元。

这里写图片描述

封装一个web镜像

1.封装一个网页的镜像

[root@foundation50 ~]# cd /tmp/docker/
[root@foundation50 docker]# cp web/index.html test/
[root@foundation50 docker]# cd test/
[root@foundation50 test]# pwd
/tmp/docker/test
[root@foundation50 test]# ls
Dockerfile  index.html
[root@foundation50 test]# vim Dockerfile   ##编写Dockerfile文件
[root@foundation50 test]# cat Dockerfile 

FROM rhel7
ADD html.tar /usr/share
VOLUME {"/usr/share/nginx/html"}
[root@foundation50 test]# ls
Dockerfile  index.html
[root@foundation50 test]# mkdir nginx/html -p
[root@foundation50 test]# mv index.html  nginx/html/
[root@foundation50 test]# cat nginx/html/index.html 
<h1>hello jane </h1>
[root@foundation50 test]# tar cf html.tar nginx/
[root@foundation50 test]# ls
Dockerfile  html.tar  nginx

这里写图片描述

[root@foundation50 test]# tar tf html.tar
nginx/
nginx/html/
nginx/html/index.html
[root@foundation50 test]# cat Dockerfile 
FROM rhel7
ADD html.tar /usr/share 
VOLUME {"/usr/share/nginx/html"}

这里写图片描述

2.创建 volume 容器

[root@foundation50 test]# docker ps -a
[root@foundation50 test]# docker build -t rhel7:v4 .
[root@foundation50 test]# docker create --name vol rhel7:v4 bash
[root@foundation50 test]# docker run -d --name vm1 --volumes-from vol nginx  ##在容器中添加并挂载该数据卷

这里写图片描述

[root@foundation50 test]# docker inspect vm1
[root@foundation50 test]# curl 172.17.0.2

这里写图片描述

我们只能将静态的数据放到镜像中用来移动或者 copy。

5.查看文件路径来源:

这里写图片描述

五、管理多容器,实现负载均衡

1.编写compose配置文件

编写 docker-compose.yml 文件,这个是 Compose 使用的主模板文件。内容指定 2个 web 容器,以及 1 个 haproxy 容器

[root@foundation50 ~]# cd /tmp/docker/
[root@foundation50 docker]# ls
auth  certs  Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# mkdir compose
[root@foundation50 docker]# cd compose/
[root@foundation50 compose]# pwd
/tmp/docker/compose
[root@foundation50 compose]# ls
[root@foundation50 compose]# vim docker-compose.yml

apache:
    image: rhel7:v1
    expose:
        - 80
    volumes:
        - ./web:/var/www/html

nginx:
    image: nginx
    expose:
        - 80

haproxy:
    image: haproxy
    volumes:
        - ./haproxy:/usr/local/etc/haproxy
    links:
        - apache
        - nginx
    ports:
        - "8080:80"
    expose:
        - 80
[root@foundation50 compose]# ls
docker-compose.yml
[root@foundation50 compose]# cd ..
[root@foundation50 docker]# cp -r web/ compose/
[root@foundation50 docker]# ls
auth  certs  compose  Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# cd compose/
[root@foundation50 compose]# ls
docker-compose.yml  web

这里写图片描述

2.建立haproxy 目录,生成一个 haproxy.cfg 文件

[root@foundation50 compose]# ls web/
index.html  nginx.tar
[root@foundation50 compose]# ls
docker-compose.yml  web
[root@foundation50 compose]# mkdir haproxy
[root@foundation50 compose]# cd haproxy/
[root@foundation50 haproxy]# ls
[root@foundation50 haproxy]# vim haproxy.cfg
[root@foundation50 haproxy]# cat haproxy.cfg 
global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    stats uri /status
frontend balancer
    bind 0.0.0.0:80
    default_backend web_backends
backend web_backends
    balance roundrobin
    server web1 apache:80 check
    server web2 nginx:80 check
[root@foundation50 haproxy]# cd ..
[root@foundation50 compose]# ls
docker-compose.yml  haproxy  web

这里写图片描述

[root@foundation50 compose]# cd
[root@foundation50 ~]# cd /tmp/docker/
[root@foundation50 docker]# ls
auth  certs  compose  Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# vim Dockerfile 
[root@foundation50 docker]# cat Dockerfile 
FROM rhel7
ENV HOSTNAME server1
MAINTAINER 229683481@qq.com
EXPOSE 80
COPY yum.repo /etc/yum.repos.d/yum.repo
RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all
VOLUME ["/var/www/html"]
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

[root@foundation50 docker]# docker build -t rhel7:v1

这里写图片描述

这里写图片描述

[root@foundation50 ~]# cd /tmp/docker/
[root@foundation50 docker]# ls
auth  certs  compose  Dockerfile  ssh  supervisord.conf  test  web  yum.repo
[root@foundation50 docker]# cd compose/
[root@foundation50 compose]# ls
docker-compose.yml  haproxy  web
[root@foundation50 compose]# docker-compose up

这里写图片描述

在网页上访问被映射的端口

这里写图片描述

不断刷新,测试查看,实现负载均衡

这里写图片描述

这里写图片描述

我们打开一个监控:

这里写图片描述

测试:

当我们关掉 apache

[root@foundation50 compose]# docker-compose start
Starting apache  ... done
Starting nginx   ... done
Starting haproxy ... done
[root@foundation50 compose]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
d43edd398798        haproxy             "/docker-entrypoin..."   25 minutes ago      Up 25 minutes       0.0.0.0:8080->80/tcp   compose_haproxy_1
efebb476bb67        nginx               "nginx -g 'daemon ..."   25 minutes ago      Up 25 minutes       80/tcp                 compose_nginx_1
144b15829126        rhel7:v1            "/usr/sbin/httpd -..."   25 minutes ago      Up 25 minutes       80/tcp                 compose_apache_1
[root@foundation50 compose]# docker stop compose_apache_1
compose_apache_1
[root@foundation50 compose]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
d43edd398798        haproxy             "/docker-entrypoin..."   26 minutes ago      Up 26 minutes       0.0.0.0:8080->80/tcp   compose_haproxy_1
efebb476bb67        nginx               "nginx -g 'daemon ..."   26 minutes ago      Up 26 minutes       80/tcp                 compose_nginx_1

这里写图片描述

再去网页访问,就只能看到 nginx

这里写图片描述

这里写图片描述

再开启,apache

[root@foundation50 compose]# docker start compose_apache_1
compose_apache_1
[root@foundation50 compose]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
d43edd398798        haproxy             "/docker-entrypoin..."   29 minutes ago      Up 29 minutes       0.0.0.0:8080->80/tcp   compose_haproxy_1
efebb476bb67        nginx               "nginx -g 'daemon ..."   29 minutes ago      Up 29 minutes       80/tcp                 compose_nginx_1
144b15829126        rhel7:v1            "/usr/sbin/httpd -..."   29 minutes ago      Up 1 second         80/tcp                 compose_apache_1

这里写图片描述

这里写图片描述

这里写图片描述

这里写图片描述

Nancy_Jane
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值