镜像仓库
仓库,顾名思义,就是存放东西的地方,Docker仓库,理所当然,就是存放docker镜像的地方了。
Docker仓库分公有仓库和私有仓库。共有仓库有hub.docker.com、gcr.io、k8s.gcr.io等,一般常用开源应用程序的官方镜像都存放于共有仓库,但是鉴于这些仓库都在国外,下载速度比较慢。尤其k8s相关的镜像。
私有仓库一般是公司内部自行搭建,用于存放内部构建的docker镜像,部署服务时从私有仓库下载,分发速度快。
Docker 官方提供了一个搭建私有仓库的镜像 registry ,只需把镜像下载下来,运行容器并暴露5000端口,就可以使用了。这里不做详细介绍。
harbor
一个用于存储docker镜像的企业级Registry服务。相比较于原生的Regisrty来说,它具有很多的优势。
- 提供分层传输机制,优化网络传输
- 提供WEB界面,优化用户体验
- 支持水平扩展集群
- 良好的安全机制
- Harbor提供了基于角色的访问控制机制,并通过项目来对镜像进行组织和访问权限的控制
harbor架构图
image.png安装harbor
PS:因为镜像仓库属于基础服务,建议使用单独的服务器部署。
1、下载离线安装包
# wget https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.0.2.tgz
2、解压并根据需求自行修改harbor.yml配置文件,这里直接是用默认
# tar -zxf harbor-offline-installer-v2.0.2.tgz
# cd harbor/
# mv harbor.yml.tmpl harbor.yml
3、执行安装命令
这里使用默认安装,感兴趣的可以安装更多Notary, Clair, or Chart Repository Service等服务。使用./install.sh --with-notary --with-clair --with-chartmuseum
./install.sh
Note: docker version: 19.03.12
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.26.2
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.0.2
Loaded image: goharbor/harbor-jobservice:v2.0.2
Loaded image: goharbor/harbor-registryctl:v2.0.2
Loaded image: goharbor/registry-photon:v2.0.2
Loaded image: goharbor/harbor-core:v2.0.2
Loaded image: goharbor/notary-signer-photon:v2.0.2
Loaded image: goharbor/clair-photon:v2.0.2
Loaded image: goharbor/trivy-adapter-photon:v2.0.2
Loaded image: goharbor/harbor-log:v2.0.2
Loaded image: goharbor/nginx-photon:v2.0.2
Loaded image: goharbor/clair-adapter-photon:v2.0.2
Loaded image: goharbor/chartmuseum-photon:v2.0.2
Loaded image: goharbor/harbor-portal:v2.0.2
Loaded image: goharbor/harbor-db:v2.0.2
Loaded image: goharbor/redis-photon:v2.0.2
Loaded image: goharbor/notary-server-photon:v2.0.2
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /opt/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
----Harbor has been installed and started successfully.----
查看下运行了哪些服务?
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8d746c430f3e goharbor/harbor-jobservice:v2.0.2 "/harbor/entrypoint." 4 minutes ago Up 4 minutes (healthy) harbor-jobservice
388f24831ec9 goharbor/nginx-photon:v2.0.2 "nginx -g 'daemon of" 4 minutes ago Up 4 minutes (healthy) 0.0.0.0:80->8080/tcp nginx
15bc12fd3826 goharbor/harbor-core:v2.0.2 "/harbor/entrypoint." 4 minutes ago Up 4 minutes (healthy) harbor-core
bb48e39130e5 goharbor/harbor-db:v2.0.2 "/docker-entrypoint." 4 minutes ago Up 4 minutes (healthy) 5432/tcp harbor-db
1bcd0ffcae82 goharbor/harbor-registryctl:v2.0.2 "/home/harbor/start." 4 minutes ago Up 4 minutes (healthy) registryctl
8ef9f3d3a668 goharbor/redis-photon:v2.0.2 "redis-server /etc/r" 4 minutes ago Up 4 minutes (healthy) 6379/tcp redis
e05d4d845f3f goharbor/harbor-portal:v2.0.2 "nginx -g 'daemon of" 4 minutes ago Up 4 minutes (healthy) 8080/tcp harbor-portal
c5fcd2369931 goharbor/registry-photon:v2.0.2 "/home/harbor/entryp" 4 minutes ago Up 4 minutes (healthy) 5000/tcp registry
61e69b171b33 goharbor/harbor-log:v2.0.2 "/bin/sh -c /usr/loc" 4 minutes ago Up 4 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
从输出信息可以看出,安装不服务组件还是挺多的,可以参考架构图。
至此,harbor安装好了,现在来测试下往这个仓库上传镜像、从这个私有仓库下载镜像
上传镜像
首先登陆私有仓库
docker login 10.26.27.106
Username: admin
Password:
Error response from daemon: Get https://10.26.27.106/v2/: dial tcp 10.26.27.106:443: connect: connection refused
image.png
发现,登陆失败,因为这里仓库没有配置https,docker默认只允许登陆https的服务,http认为是不安全的。
现在我们来修改docker的配置,允许docker登陆不安全的仓库
vim /etc/docker/daemon.json,添加"insecure-registries":["10.26.27.106"]
{
"registry-mirrors": ["https://ci7pm4nx.mirror.aliyuncs.com","https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
"insecure-registries":["10.26.27.106"]
}
再次登陆
# systemctl restart docker
# docker login http://10.26.27.106
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
现在看到,已经登陆成功了,让我们从公有仓库下载一个镜像,然后传到私有仓库中
docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
df8698476c65: Pull complete
Digest: sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
使用tag个给刚才下载的busybox镜像打标签,改为10.26.27.106/library/busybox:latest
# docker tag busybox:latest 10.26.27.106/library/busybox:latest
# docker push 10.26.27.106/library/busybox:latest
The push refers to repository [10.26.27.106/library/busybox]
be8b8b42328a: Pushed
latest: digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 size: 527
可以看到,已经上传成功。
下载镜像
首先我们删除所以的busybox镜像
docker images|grep busybox
10.26.27.106/libary/busybox latest 6858809bf669 4 days ago 1.23MB
10.26.27.106/library/busybox latest 6858809bf669 4 days ago 1.23MB
busybox latest 6858809bf669 4 days ago 1.23MB
docker rmi busybox 10.26.27.106/library/busybox 10.26.27.106/libary/busybox
Untagged: busybox:latest
Untagged: busybox@sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
Untagged: 10.26.27.106/library/busybox:latest
Untagged: 10.26.27.106/library/busybox@sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002
Untagged: 10.26.27.106/libary/busybox:latest
Deleted: sha256:6858809bf669cc5da7cb6af83d0fae838284d12e1be0182f92f6bd96559873e3
Deleted: sha256:be8b8b42328a15af9dd6af4cba85821aad30adde28d249d1ea03c74690530d1c
下载镜像
docker pull 10.26.27.106/library/busybox
Using default tag: latest
latest: Pulling from library/busybox
df8698476c65: Pull complete
Digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002
Status: Downloaded newer image for 10.26.27.106/library/busybox:latest
10.26.27.106/library/busybox:latest
可以看到,下载成功,收工¥#@¥#@¥@
image.png
注:文中图片来源于网络,如有侵权,请联系我及时删除。
网友评论