Table of contents:
- What is Docker Registry
- Mirror warehouse life case
- Mirror warehouse classification
- Mirror warehouse working mechanism
- Commonly used mirror warehouses
- Mirror warehouse command
- Command list
- docker login
- docker pull
- docker push
- docker search
- docker logout
- Mirror command [section]
- docker images
- docker image inspect
- docker tag
- Container commands [section]
- docker run
- docker ps
- Docker image warehouse practice
- Comprehensive practice one: Build an nginx service
- Comprehensive practice two: Create your own private warehouse on Docker hub
- Comprehensive actual practice three: Tencent Cloud creates its own private warehouse
- Comprehensive practical experience 4. Alibaba Cloud creates its own private warehouse
- Practical experience
1.What is Docker Registry
Docker Registry is responsible for storing, managing and distributing images, and provides login authentication capabilities and establishes an index for the warehouse. The mirror warehouse manages multiple Repositories, and the Repositories are distinguished by naming. Each Repository contains one or more images, which are distinguished by image names and tags. The overall view is as follows:
- Mirror warehouse (Registry): From which mirror warehouse to pull the image, a mirror warehouse such as hub.docker.com is usually determined through DNS or IP address; multiple Repositories can exist in a Registry·Repository can be divided into "top-level warehouses" " and "User Warehouse"; ·The format of the user warehouse name is "user name/warehouse name" ·Each warehouse can contain multiple Tags (tags), and each tag corresponds to an image
- Repository: ·A mirror warehouse composed of all iterative versions of a specific docker image
- Image name (name) + tag (tag): such as nginx:latest
- Authentication capabilities: Provide user registration, login, and logout capabilities
- Index: Provides index information of the image to facilitate retrieval.
- A container image contains two parts. One is metadata, which is actually a description file built by dockerfile. This description file will tell you how many layers the container image has, what is in each layer, and its checksum. Record it, and where the final executable file is is in the stored data, which is in blobs one by one. It is these blobs that really occupy space.
2. Mirror warehouse life case
You can compare it to a supermarket. A Repository is a shelf, the white elephant is the organizer, and the different labels on the products on the shelf are the corresponding tags.
3. Mirror warehouse classification
Dividing according to whether it is open to the outside world is also what R&D personnel often say.
- Public warehouses: Put them on the public network like Alibaba Cloud, Dockerhub, etc., and you can download the image without logging in for everyone to access.
- Private warehouse: Not open to the public, often located on a private network, only available to internal personnel of the company. By supplier and target group
- sponsor registry: a third-party registry for use by customers and docker community edition
- Mirror registry: a third-party registry that is only used by customers. For example, Alibaba Cloud must be registered before it can be used.
- vendor registry: a registry provided by a vendor that publishes docker images. For example, Google and Redhat provide image warehouse services.
- private registry: a registry provided through a private entity without firewalls and additional layers of security, for internal use only
4. Mirror warehouse working mechanism
1. Image warehouse usage process
- Log in to the warehouse through docker login
- Docker pull pulls the required image
- After making the image through dockerfile or commit, upload it to the warehouse through docker push.
2. How to use the mirror warehouse in actual research and development
- Images in the Docker Registry are usually made by developers and then pushed to a "public" or "private" Registry for use by others, such as "deployment" to a production environment;
Glossary
- Development environment: a set of environments used by developers
- Test environment: After the requirements are developed, it is released to an environment for testers to test.
- Pre-release environment: After version testing is completed, release to an environment similar to production to simulate production release in advance
- Production environment: a truly customer-facing environment
3. Pull mechanism of mirror warehouse
When starting a container, the docker daemon will try to obtain the relevant image from the local; if the local image does not exist, it will download the image from the Registry and save it locally;
5. Commonly used mirror warehouses
1. DockerHub
What is Docker Hub
Docker Hub is a managed repository service provided by Docker for finding container images and connecting them with your Team sharing. It has the following functions:
(1) Individuals can register private warehouses and publish their own images
(2) Provide image retrieval capabilities
(3) Provide a large number of images from official and certified organizations
(4) Automatically build container images from GitHub and Bitbucket and push them to Docker Hub
( 5) Support webhook (webhook is a callback function based on HTTP. When a specified event occurs, the server will automatically send the relevant payload to the client's webhook URL)
>
Docker Hub feature tour
Mirror search
Mirror tag search
Corresponding version pull command
Image size, id, cpu architecture view
2. Domestic image source
In China, you sometimes encounter difficulties in pulling images from Docker Hub. In this case, you can configure an image accelerator. Many domestic cloud service providers provide domestic image accelerator services, such as: Alibaba Cloud Accelerator (click the management console-> Login account (Taobao account) -> Mirror tool on the right-> Image accelerator-> Copy the accelerator address)
NetEase Cloud Accelerator address https://hub-mirror.c.163.com
Baidu Cloud Accelerator address "https://mirror.baidubce.com" ;
You can write the following content in /etc/docker/daemon.json (if the file does not exist, please create a new file)
After the addition is completed, you need to reload the configuration and restart Docker:
3. Private warehouse
Private image warehouse refers to the image warehouse deployed within a company or organization for the storage and distribution of its own application Docker images
. In the process of building an automated release system for internal use of the company, from a security perspective, the packaged images used will generally only be stored in private image warehouses. The CI/CD process The connection point is also completed through the operations of uploading and pulling images to the private image warehouse.
Common private warehouse tools:
Harbor: Harbor is an enterprise-level Docker Registry project recently open sourced by VMware. Its goal is to help users quickly build an enterprise-level Docker registry service. It is based on Docker's open source registry and provides functions required by enterprise users such as management UI, role-based access control (Role Based Access Control), AD/LDAP integration, and audit logging, while also natively supporting Chinese. Each component of Harbor is built as a Docker container and is deployed using DockerCompose.
Nexus: Nexus is a warehouse (Repository) management software released by Sonatype. It is currently often used as Maven private server and Docker private server.
Docker registry: A private server officially provided by docker, similar to docker hub. Used to save Docker images uploaded by departments within the company.
6. Mirror warehouse command
Command list
docker login
Function
Log in to a Docker image warehouse. If the image warehouse address is not specified, the default is the official warehouse Docker Hub.
grammar
docker login [OPTIONS] [SERVER]
key parameter
- -u: Login user name
- -p: Login password
Sample
docker login -u 用户名 -p 密码
docker pull
Function
Pull or update the specified image from the image warehouse
grammar
docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Alias
docker image pull
key parameter
-a: Pull all tagged images
--disable-content-trust: Ignore image verification, enabled by default
Sample
docker pull nginx:1.23.3
docker push
Function
To upload a local image to the mirror warehouse, you must first log in to the mirror warehouse.
grammar
docker push [OPTIONS] NAME[:TAG]
Alias
docker image push
key parameter
-a: Push all tagged images
--disable-content-trust: Ignore image verification, enabled by default
Sample
docker push myapache:v1
docker search
Function
Find images from Docker Hub
grammar
docker search [OPTIONS] TERM
key parameter
--no-trunc: display complete image description;
-f <Filter conditions>: List the images whose collection number is not less than the specified value.
Sample
#从 Docker Hub 查找所有镜像名包含 nginx,并且 star 数大于 10 的镜像
docker search -f stars=10 nginx
docker logout
Function
Log out of a Docker image repository. If the image repository address is not specified, the default is the official repository Docker Hub.
grammar
docker logout [SERVER]
Sample
docker logout
7. Mirror command [Part]
docker images
Function
List local mirrors.
grammar
docker images [OPTIONS] [REPOSITORY[:TAG]]
Alias
docker image ls, docker image list
key parameter
- -a: List all local images (including intermediate image layers, by default, the intermediate image layers are filtered out);
- --digests: Display summary information of the image;
- -f: Display images that meet the conditions;
- --format: Specify the template file for the return value;
- --no-trunc: Display complete image information;
- -q: Display only the image ID.
Sample
#列出本地全部镜像
docker images
#列出本地镜像中 REPOSITORY 为 ubuntu 的镜像列表。
docker images ubuntu
docker image inspect
Function
View image details
grammar
docker image inspect [OPTIONS] IMAGE [IMAGE...]
Sample
#查看镜像详细信息
docker images inspect nginx:1.23.3
docker tag
Function
Mark the local image and classify it into a certain warehouse.
grammar
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Alias
docker image tag
Sample
docker tag ubuntu:22.04 myregistry.com/myubuntu:22.04
8. Container commands [section]
docker run
Function
Create a new container and run a command
grammar
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Alias
docker container run
key parameter
- -d: Run the container in the background and return the container ID;
- -i: Run the container in interactive mode, usually used together with -t;
- -P: Random port mapping, the container’s internal port is randomly mapped to the host’s port
- -p: Specify port mapping, the format is: host (host) port: container port
- -t: Reassign a pseudo input terminal to the container, usually used together with -i;
- --name="nginx-lb": Specify a name for the container;
- -h "mars": Specifies the hostname of the container;
- -e username="ritchie": Set environment variables;
- --cpuset-cpus="0-2" or --cpuset-cpus="0,1,2": Bind the container to the specified CPU to run;
- -m: Set the maximum memory used by the container;
- --network="bridge": Specifies the network connection type of the container;
- --link=[]: Add a link to another container;
- --volume, -v: Bind a volume
- --rm :shell automatically deletes the container when exiting
Sample
#使用 docker 镜像 nginx:latest 以后台模式启动一个容器,并将容器命名为
mynginx。
docker run --name mynginx -d nginx:latest
#使用镜像 nginx:latest,以后台模式启动一个容器,将容器的 80 端口映射到主
机的 80 端口,主机的目录 /data 映射到容器的 /data。
docker run -p 80:80 -v /data:/data -d nginx:latest
docker ps
Function
list containers
grammar
docker ps [OPTIONS]
Alias
docker container ls, docker container list, docker container ps
key parameter
- -a: Display all containers, including those that are not running.
- -f: Filter the displayed content based on conditions.
- --format: Specify the template file for the return value. Such as json or table
- -l: Display the latest container.
- -n: List the n most recently created containers.
- --no-trunc: Do not truncate output.
- -q: Silent mode, only the container number is displayed.
- -s: Display the total file size.
Sample
docker ps -a
9. Docker image warehouse practice
Comprehensive practice one: Build an nginx service
basic knowledge
Web server
A web server, generally referred to as a "website server," refers to a program that resides on a certain type of computer on the Internet. A web server can provide documents to clients such as web browsers, can also place website files for the world to browse, and can also place data files for the world to download. Web server, also known as "WWW server" (full English: World Wide Web, translated into Chinese: World Wide Web or Global Information Network), its main function is to "provide online information browsing services." WWW is a multimedia information query tool for the Internet (Internet). It is a service developed on the Internet (Internet). It is also the fastest growing and currently the most widely used service. It is precisely because of the WWW tool that the Internet has prospered and developed rapidly in the past decade, and the number of users has soared. According to the latest data, the global population currently reaches 7.676 billion, of which the global "netizens" (Internet users) reach a staggering 4.388 billion. For example, Baidu is a web server that provides search services
Nginx
Nginx is a free, open source, high-performance HTTP server and reverse proxy server; it is also an IMAP, POP3, and SMTP proxy server; Nginx can be used as an HTTP server for website publishing and processing, and Nginx can be used as a reverse proxy server. The proxy implements load balancing. It can be understood that Nginx is an implementation of a web server.
Web server
As a web server, Nginx can provide browsing services to various browsers and other clients. For example, we can access Baidu through mobile phones, computers, and tablets to access the web server.
forward proxy
Due to the firewall, we cannot access Google directly, so we can use a VPN. This is an example of a simple forward proxy. Here you can find that the forward proxy "proxies" the client, and the client knows the target, but the target does not know that the client is accessed through VPN.
reverse proxy
When we access Baidu from the external network, we will actually perform a forwarding and proxy to the internal network. This is the so-called reverse proxy, that is, the reverse proxy "acts" on the server side, and this process is very difficult for the client. Be transparent.
Install
# centos
# centos 配置 nginx 源
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginxrelease-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx
Start nginx as a website
1. Check whether nginx is started
2. If it does not start, manually start nginx
#查看版本
nginx -v
#手动启动
nginx
3. Visit nginx homepage
4. nginx adjust configuration
5. Home page content
6. Stop nginx and kill the master process to kill the process
Find nginx mirror
Docker search can be used to search, but we cannot see the detailed tags of nginx.
Pull the Nginx image and start the Nginx site
1. Pull nginx image
We go to https://hub.docker.com/ to find the nginx image
2. Check whether the image exists locally
3. Run the image
4. Check that we are now in the shell of the container, execute cat /etc/*release* to check that the operating system is not Ubuntu
5. Start nginx
6. If the shell does not exit, open another shell window and execute the curl command. You can see the welcome message returned by nginx.
If port 80 of your server is externally accessible, you can use a browser to see the welcome page of nginx. Note that cloud vendors generally block port 80, and you need to contact customer service to enable it.
7. Exit the shell and observe and then curl and find that our pings are different, indicating that nginx is in the container and not in the server.
Comprehensive practice two: Create your own private warehouse on Docker hub
basic knowledge
Busybox
BusyBox is a software that integrates more than three hundred of the most commonly used Linux commands and tools. BusyBox includes simple tools such as ls, cat, and echo, as well as larger and more complex tools such as grep, find, mount, and telnet. Some people call BusyBox the Swiss Army Knife of Linux tools. To put it simply, BusyBox is like a big toolbox. It integrates and compresses many tools and commands of Linux, and also includes the Linux system’s own shell. busybox is a software that integrates more than a hundred of the most commonly used Linux commands and tools. It even integrates an http server and a telnet server, and all these functions are only about 1M in size. Due to the small overseas bandwidth, We pull the image and push it to our own warehouse.
Install
#Ubuntu 安装
apt install -y busybox
#CentOS 安装
wget https://busybox.net/downloads/binaries/1.28.1-defconfigmultiarch/busybox-x86_64 --no-check-certificate
mv busybox-x86_64 busybox
chmod +x busybox
./busybox
Excuting an order
busybox ls
busybox ifconfig
busybox ifconfig |busybox grep lo
If you don’t use it, you can uninstall it later.
#ubuntu 卸载
apt --purge autoremove busybox
#centos 卸载
#清理对应目录就好
Create an account
Enter https://hub.docker.com/, click the registration button, and enter the registration information
Create warehouse
After logging in, click on the warehouse and we create a personal warehouse
We enter the warehouse information, visible information, click Create to complete
Push the image to the warehouse
Pull the busybox image
Tag the image
docker tag busybox:latest maxhou/mybusybox:v0.1
At this time, we have an additional mirror
When pushing the image to the warehouse, an error is reported because there is no login.
Login to docker hub
Image pushed successfully
Check it out in our docker hub repository
quit
docker logout
Comprehensive actual practice three: Tencent Cloud creates its own private warehouse
Create an account
Enter https://cloud.tencent.com/ to complete the registration. You can use WeChat to quickly register
After logging in, enter the container image service
Click to shop now
Click on the mirror warehouse on the left
Create warehouse
Click New, we create a personal private warehouse and configure the corresponding parameters
You can see that our warehouse has been created successfully
Push the image to the warehouse
Click the shortcut command to see the login and push instructions. Let’s log in first.
Tag, push
View our warehouse on Tencent Cloud
Sign out
docker logout ccr.ccs.tencentyun.com
Comprehensive practical experience 4. Alibaba Cloud creates its own private warehouse
Create an account
Enter Alibaba Cloud https://www.aliyun.com/, click on the upper right corner to complete the registration, you can use Alipay to quickly register
Create warehouse
Search for container image services on product
Click on Management Console
Click to create a personal instance
After creation, you are prompted to set a login password.
Complete the setting of the login password. This password is our docker login password.
Click to create a mirror warehouse and you will be prompted to create a namespace.
Configure warehouse parameters
Set the warehouse as a local warehouse and complete the creation
Push the image to the warehouse
You can see that Alibaba Cloud also provides shortcut instructions
Log in
Tag the image and push it to the warehouse
View server image
quit
Practical experience
Q: I joined a company and developed an image. How do I choose which one to use as the base image? A: Generally, large companies have their own dedicated image production organizations. They will select the corresponding system version as the base image. For example, a certain department of Huawei selects Euler to make the base image, and Tencent chooses its own TLinux to make the base image. This will not happen because of the emergence of CentOS. If they are not maintained, they cannot be used, and these images generally undergo strict security scanning and are then provided to various departments as basic components. Most companies will often agree to the basic version of the image, so individuals generally don’t have to worry too much about this choice.