基本环境
系统:Cent OS7.5
Docker:18.09.6
一、docker-registry的部署
查看docker-registry版本信息
yum info docker-registry
安装docker-registry
yum -y install docker-registry
查看安装后docker-distribution的的配置文件位置
rpm -ql docker-distribution
修改配置文件
vim /etc/docker-distribution/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /opt/module/docker-registry
http:
addr: :5000
启动服务
systemctl start docker-distribution
systemctl enable docker-distribution
这样我们就装好了docker-registry
二、测试
把node3机器上的镜像推到docker-registry机器上
[root@k8s-node3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql
准备把node3上的mysql:5.7.22镜像推到docker-registry机器上,需要先给node3机器上的镜像mysql打标签
docker tag mysql:5.7.22 docker-registry:5000/mysql:5.7.22
[root@k8s-node3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-registry.com:5000/mysql 5.7.22 6bb891430fb6 3 months ago 372 MB
注意,docker-registry是主机名,要用hosts文件解析到对应的registryip地址上。
[root@k8s-node3 ~]# docker push docker-registry:5000/mysql:5.7.22
The push refers to a repository [docker-registry:5000/mysql]
Get https://docker-registry:5000/v1/_ping: http: server gave HTTP response to HTTPS client
注意:如果上面写作docker-registry:5000/mysql,说明推送的是mysql顶级仓库下所有的镜像版本。
上面看到,我们docker push 时报错了,这是因为docker 客户端默认使用的https形式的,但是dockr registry server端是http形式的。
如果我们实在就用http的,那就需要对docker 客户端做如下修改:
[root@k8s-node3 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["docker-registry:5000"]
}
注意,上面的dokcer-registry是主机名。
[root@k8s-node3 ~]# systemctl restart docker
然后再推就能推上去了。
[root@k8s-node3 ~]# docker push docker-registry:5000/mysql:5.7.22
The push refers to a repository [docker-registry:5000/mysql]
a968f24d4187: Pushed
f8cb294d5d80: Pushed
489bddb9c55e: Pushed
22b402e93939: Pushed
8aeebb3964c1: Pushed
94f8d8f5acbf: Pushed
c0c26734fb83: Pushed
4801a487d51a: Pushed
aae63f31dee9: Pushed
6f8d38b0e2b6: Pushed
cdb3f9544e4c: Pushed
5.7.22: digest: sha256:1d3119703eb04855c971a9ec24646184444fa1bd889b201de3ce8904c35eb627 size: 2621
然后,我们登录到docker registry服务器,就能看到推送过来的镜像了:
[root@docker-registry ~]# ll /var/lib/registry/docker/registry/v2/repositories/mysql/
total 0
drwxr-xr-x. 3 root root 20 Oct 25 05:13 _layers
drwxr-xr-x. 4 root root 35 Oct 25 05:14 _manifests
drwxr-xr-x. 2 root root 6 Oct 25 05:14 _uploads
下面我们就让其他服务器从docker-registry服务器上下载镜像。
首先也需要在其他服务器上更改docker配置,加个"insecure-registries"参数,如下:
[root@k8s-node1 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["docker-registry:5000"]
}
[root@k8s-node1 ~]# systemctl restart docker
然后在这个机器上下载docker-registry机器上的镜像:
[root@k8s-node1 ~]# docker pull docker-registry:5000/mysql:5.7.22
5.7.22: Pulling from mysql
2da35ff30a7d: Pull complete
46459f75a599: Pull complete
fe071c86fe94: Pull complete
75457c650197: Pull complete
6506db22c932: Pull complete
a6e0a2acd728: Pull complete
3182738b1913: Pull complete
ea75bfdf07be: Pull complete
6b85e8810885: Pull complete
5dca51ac89bd: Pull complete
b3400d337f49: Pull complete
Digest: sha256:1d3119703eb04855c971a9ec24646184444fa1bd889b201de3ce8904c35eb627
Status: Downloaded newer image for docker-registry:5000/mysql:5.7.22
[root@k8s-node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 05af71dd9251 8 days ago 463 MB
docker-registry:5000/mysql 5.7.22 6bb891430fb6 3 months ago 372 MB
看到下载的镜像就是我们私有仓库里面的。
三、harbor的部署
我们看到上面搭建的docker私有仓库是命令行界面的,很丑陋。不过,好消息是,目前有个开源项目叫harbor,是在docker registry基础上做的,并带了个漂亮的web界面,还支持冗余等。是个非常不错的项目。另外,CNCF组织也非常青睐harbor,可见harbor的前景非常不错。
可是,harbor的部署是非常麻烦的。还好,现在可以用docker compose(单机编排工具)来做harbor的安装。
下面我们准备安装harbor试一下。
官方项目地址是: https://github.com/goharbor/harbor
官方安装文档:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
harbor官方要求配置为:
Software | Version | Description |
---|---|---|
Python | version 2.7 or higher | Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default |
Docker engine | version 1.10 or higher | For installation instructions, please refer to: https://docs.docker.com/engine/installation/ |
Docker Compose | version 1.6.0 or higher | For installation instructions, please refer to: https://docs.docker.com/compose/install/ |
Openssl | latest is preferred | Generate certificate and keys for Harbor |
先安装epel源
cd /etc/yum.repos.d/
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
看epel里面的docker-compose版本情况
yum info docker-compose
harbor下载地址:https://github.com/goharbor/harbor/releases
下载tar包后上传到/opt/software目录下,解压后移动到/opt/module目录下,然后进入harbor目录
修改harbor.yml
port: 20801
harbor_admin_password: 123456
其他默认即可
修改docker-compose.yml
porxy:
ports:
- 20801:80
停止docker-distribution
systemctl stop docker-distribution
安装docker-compose
yum install docker-compose
安装harbor
./prepare
./install.sh
备注:
harbor停止命令
docker-compose stop
或者
docker-compose down -v
重启
docker-compose start
或者
docker-compose up -d
或者
./install.sh
启动后访问ip:20801,用户名admin,密码123456
四、Harbor推送镜像
推送镜像首先解决Https的问题,
vim /opt/module/harbor/docker-compose.yml
修改daemon.json,增加配置
vim /etc/docker/daemon.json
"insecure-registries": [
"xxx.xxx.xxx.xxx"
]
修改docker.service,注释掉默认的ExecStart一行,并新增值
vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd
|--insecure-registry=10.19.46.15
重新加载docker.service,并重启docker
systemctl daemon-reload
systemctl restart docker
然后用另一台机器上的docker登录,使用本机无法登录
docker login xxx.xxx.xxx.xxx:20801
push镜像,在harbor页面有提示,进入到新增的dev项目中