容器入门（5）- 在Registry之间复制镜像

最新推荐文章于 2023-10-10 18:30:41 发布

dawnsky.liu

最新推荐文章于 2023-10-10 18:30:41 发布

阅读量734

点赞数

分类专栏： Registry Image skopeo 文章标签： docker

本文链接：https://blog.csdn.net/weixin_43902588/article/details/106952147

版权

Registry 同时被 3 个专栏收录

15 篇文章 2 订阅

订阅专栏

Image

14 篇文章 1 订阅

订阅专栏

skopeo

2 篇文章 0 订阅

订阅专栏

《OpenShift 4.x HOL教程汇总》

通过oc命令复制镜像

Openshift的客户端工具oc命令提供了镜像mirror功能，可用来在2个Container Registry之间复制镜像。

说明：以下操作需要有2个Container Registry环境。本示例将hello-openshift镜像从“registry.domain.com”节点复制到“registry.example.internal”节点的Container Registry上。复制操作在“registry.domain.com”节点上进行，验证操作在“registry.example.internal”节点上进行。

在“registry.domain.com”节点上设置环境变量

$ SOURCE=registry.domain.com
$ TARGET=registry.example.internal

将访问“registry.example.internal”节点的Container Registry用到的公钥证书文件（例如support.crt）复制到“registry.domain.com”。

$ scp root@${TARGET}:/etc/pki/ca-trust/source/anchors/support.crt /etc/pki/ca-trust/source/anchors/
$ update-ca-trust

验证在“registry.domain.com”节点上可以同时访问2个Container Registry，且2个Registry中都没有hello-openshift镜像。

$ docker login ${SOURCE}:5000 -u user1 -p password1
Login Succeeded
$ docker login ${TARGET}:5000 -u openshift -p redhat
Login Succeeded
$ curl -u user1:password1 https://${SOURCE}:5000/v2/_catalog
{"repositories":["busybox"]}
curl -u openshift:redhat https://${TARGET}:5000/v2/_catalog
{"repositories":[]}

pull/push 镜像到“registry.domain.com”节点的Registry。

$ docker pull openshift/hello-openshift
Using default tag: latest
Trying to pull repository docker.io/openshift/hello-openshift ...
latest: Pulling from docker.io/openshift/hello-openshift
4f4fb700ef54: Pull complete
8b32988996c5: Pull complete
Digest: sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e
Status: Downloaded newer image for docker.io/openshift/hello-openshift:latest
 
$ docker tag docker.io/openshift/hello-openshift ${SOURCE}:5000/openshift/hello-openshift
 
$ docker push ${SOURCE}:5000/openshift/hello-openshift
The push refers to a repository [registry.domain.com:5000/openshift/hello-openshift]
da0e4d9121c7: Pushed
5f70bf18a086: Pushed
latest: digest: sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e size: 734

复制hello-openshift镜像。

$ oc image mirror ${SOURCE}:5000/openshift/hello-openshift ${TARGET}:5000/openshift/hello-openshift
registry.example.internal:5000/
  openshift/hello-openshift
    blobs:
      registry.domain.com:5000/openshift/hello-openshift sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 32B
      registry.domain.com:5000/openshift/hello-openshift sha256:7af3297a3fb4487b740ed6798163f618e6eddea1ee5fa0ba340329fcae31c8f6 1.336KiB
      registry.domain.com:5000/openshift/hello-openshift sha256:8b32988996c5d776076ea3cd672855f6d0faac87510064a15cce4bd02cdc9d13 2.067MiB
    manifests:
      sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e -> latest
  stats: shared=0 unique=3 size=2.068MiB ratio=1.00

phase 0:
  registry.example.internal:5000 openshift/hello-openshift blobs=3 mounts=0 manifests=1 shared=0

info: Planning completed in 40ms
uploading: registry.example.internal:5000/openshift4/hello-openshift sha256:8b32988996c5d776076ea3cd672855f6d0faac87510064a15cce4bd02cdc9d13 2.067MiB
sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e registry.example.internal:5000/openshift4/hello-openshift:latest
info: Mirroring completed in 390ms (5.426MB/s)

在目标“registry.example.internal”上运行hello-openshift镜像，确认容器启动成功。

$ curl -u openshift:redhat https://registry.example.internal:5000/v2/_catalog
{"repositories":["openshift/hello-openshift"}
$ docker run -it registry.example.internal:5000/openshift/hello-openshift
Unable to find image 'registry.example.internal:5000/openshift/hello-openshift:latest' locally
Trying to pull repository registry.example.internal:5000/openshift/hello-openshift ...
latest: Pulling from registry.example.internal:5000/openshift/hello-openshift
4f4fb700ef54: Pull complete
8b32988996c5: Pull complete
Digest: sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e
Status: Downloaded newer image for registry.example.internal:5000/openshift/hello-openshift:latest
serving on 8888
serving on 8080

通过skopeo命令复制镜像

所需环境同上一节。执行以下命令，在目标“registry.example.internal”节点上用skopeo命令复制“registry.domain.com”节点的openshift/hello-openshift镜像，并改名为“openshift/my-hello-openshift”。

$ skopeo copy docker://${SOURCE}:5000/openshift/hello-openshift docker://${TARGET}:5000/openshift/my-hello-openshift --src-creds=user1:password1 --dest-creds=openshift:redhat
Getting image source signatures
Copying blob 8b32988996c5 done
Copying blob 4f4fb700ef54 done
Copying config 7af3297a3f done
Writing manifest to image destination
Storing signatures
 
$ curl -u openshift:redhat https://${TARGET}:5000/v2/_catalog
{"repositories":["openshift/my-hello-openshift"}