Docker Registry (mirror warehouse) - 4

Table of contents:

1. What is Docker Registry
2. Mirror warehouse life case
3. Mirror warehouse classification
4. Mirror warehouse working mechanism
5. Commonly used mirror warehouses
6. Mirror warehouse command
   1. Command list
   2. docker login
   3. docker pull
   4. docker push
   5. docker search
   6. docker logout
7. Mirror command [section]
   1. docker images
   2. docker image inspect
   3. docker tag
8. Container commands [section]
   1. docker run
   2. docker ps
9. Docker image warehouse practice
   1. Comprehensive practice one: Build an nginx service
   2. Comprehensive practice two: Create your own private warehouse on Docker hub
   3. Comprehensive actual practice three: Tencent Cloud creates its own private warehouse
   4. Comprehensive practical experience 4. Alibaba Cloud creates its own private warehouse
   5. Practical experience

1.What is Docker Registry

Docker Registry is responsible for storing, managing and distributing images, and provides login authentication capabilities and establishes an index for the warehouse. The mirror warehouse manages multiple Repositories, and the Repositories are distinguished by naming. Each Repository contains one or more images, which are distinguished by image names and tags. The overall view is as follows:

• Mirror warehouse (Registry): From which mirror warehouse to pull the image, a mirror warehouse such as hub.docker.com is usually determined through DNS or IP address; multiple Repositories can exist in a Registry·Repository can be divided into "top-level warehouses" " and "User Warehouse"; ·The format of the user warehouse name is "user name/warehouse name" ·Each warehouse can contain multiple Tags (tags), and each tag corresponds to an image
• Repository: ·A mirror warehouse composed of all iterative versions of a specific docker image
• Image name (name) + tag (tag): such as nginx:latest
• Authentication capabilities: Provide user registration, login, and logout capabilities
• Index: Provides index information of the image to facilitate retrieval.
• A container image contains two parts. One is metadata, which is actually a description file built by dockerfile. This description file will tell you how many layers the container image has, what is in each layer, and its checksum. Record it, and where the final executable file is is in the stored data, which is in blobs one by one. It is these blobs that really occupy space.

2. Mirror warehouse life case

You can compare it to a supermarket. A Repository is a shelf, the white elephant is the organizer, and the different labels on the products on the shelf are the corresponding tags.

3. Mirror warehouse classification

Dividing according to whether it is open to the outside world is also what R&D personnel often say.

1. Public warehouses: Put them on the public network like Alibaba Cloud, Dockerhub, etc., and you can download the image without logging in for everyone to access.
2. Private warehouse: Not open to the public, often located on a private network, only available to internal personnel of the company. By supplier and target group

• sponsor registry: a third-party registry for use by customers and docker community edition
• Mirror registry: a third-party registry that is only used by customers. For example, Alibaba Cloud must be registered before it can be used.
• vendor registry: a registry provided by a vendor that publishes docker images. For example, Google and Redhat provide image warehouse services.
• private registry: a registry provided through a private entity without firewalls and additional layers of security, for internal use only

4. Mirror warehouse working mechanism

1. Image warehouse usage process

• Log in to the warehouse through docker login
• Docker pull pulls the required image
• After making the image through dockerfile or commit, upload it to the warehouse through docker push.

2. How to use the mirror warehouse in actual research and development

• Images in the Docker Registry are usually made by developers and then pushed to a "public" or "private" Registry for use by others, such as "deployment" to a production environment;

Glossary

• Development environment: a set of environments used by developers
• Test environment: After the requirements are developed, it is released to an environment for testers to test.
• Pre-release environment: After version testing is completed, release to an environment similar to production to simulate production release in advance
• Production environment: a truly customer-facing environment

3. Pull mechanism of mirror warehouse

When starting a container, the docker daemon will try to obtain the relevant image from the local; if the local image does not exist, it will download the image from the Registry and save it locally;
 

5. Commonly used mirror warehouses

1. DockerHub
What is Docker Hub
Docker Hub is a managed repository service provided by Docker for finding container images and connecting them with your Team sharing. It has the following functions:
(1) Individuals can register private warehouses and publish their own images
(2) Provide image retrieval capabilities
(3) Provide a large number of images from official and certified organizations
(4) Automatically build container images from GitHub and Bitbucket and push them to Docker Hub
( 5) Support webhook (webhook is a callback function based on HTTP. When a specified event occurs, the server will automatically send the relevant payload to the client's webhook URL)
>

Docker Hub feature tour

Mirror search

Mirror tag search

Corresponding version pull command

Image size, id, cpu architecture view

2. Domestic image source
In China, you sometimes encounter difficulties in pulling images from Docker Hub. In this case, you can configure an image accelerator. Many domestic cloud service providers provide domestic image accelerator services, such as: Alibaba Cloud Accelerator (click the management console-> Login account (Taobao account) -> Mirror tool on the right-> Image accelerator-> Copy the accelerator address)
NetEase Cloud Accelerator address https://hub-mirror.c.163.com
Baidu Cloud Accelerator address "https://mirror.baidubce.com" ;
You can write the following content in /etc/docker/daemon.json (if the file does not exist, please create a new file)

After the addition is completed, you need to reload the configuration and restart Docker:

3. Private warehouse

Private image warehouse refers to the image warehouse deployed within a company or organization for the storage and distribution of its own application Docker images
. In the process of building an automated release system for internal use of the company, from a security perspective, the packaged images used will generally only be stored in private image warehouses. The CI/CD process The connection point is also completed through the operations of uploading and pulling images to the private image warehouse.

Common private warehouse tools:

Harbor: Harbor is an enterprise-level Docker Registry project recently open sourced by VMware. Its goal is to help users quickly build an enterprise-level Docker registry service. It is based on Docker's open source registry and provides functions required by enterprise users such as management UI, role-based access control (Role Based Access Control), AD/LDAP integration, and audit logging, while also natively supporting Chinese. Each component of Harbor is built as a Docker container and is deployed using DockerCompose.

Nexus: Nexus is a warehouse (Repository) management software released by Sonatype. It is currently often used as Maven private server and Docker private server.

Docker registry: A private server officially provided by docker, similar to docker hub. Used to save Docker images uploaded by departments within the company.

 

6. Mirror warehouse command

Command list

docker login

Function

Log in to a Docker image warehouse. If the image warehouse address is not specified, the default is the official warehouse Docker Hub.

grammar

docker login [OPTIONS] [SERVER]

key parameter

• -u: Login user name
• -p: Login password

Sample

docker login -u 用户名 -p 密码

docker pull

Function

Pull or update the specified image from the image warehouse

grammar

docker pull [OPTIONS] NAME[:TAG|@DIGEST]

Alias

docker image pull

key parameter

-a: Pull all tagged images

--disable-content-trust: Ignore image verification, enabled by default

Sample

docker pull nginx:1.23.3

docker push

Function

To upload a local image to the mirror warehouse, you must first log in to the mirror warehouse.

grammar

docker push [OPTIONS] NAME[:TAG]

Alias

docker image push

key parameter

-a: Push all tagged images

--disable-content-trust: Ignore image verification, enabled by default

Sample

docker push myapache:v1

docker search

Function

Find images from Docker Hub

grammar

docker search [OPTIONS] TERM

key parameter

--no-trunc: display complete image description;

-f <Filter conditions>: List the images whose collection number is not less than the specified value.

Sample

#从 Docker Hub 查找所有镜像名包含 nginx，并且 star 数大于 10 的镜像
docker search -f stars=10 nginx

docker logout

Function

Log out of a Docker image repository. If the image repository address is not specified, the default is the official repository Docker Hub.

grammar

docker logout [SERVER]

Sample 

docker logout

7. Mirror command [Part]

docker images

Function

List local mirrors.

grammar

docker images [OPTIONS] [REPOSITORY[:TAG]]

Alias

docker image ls, docker image list

key parameter

• -a: List all local images (including intermediate image layers, by default, the intermediate image layers are filtered out);
• --digests: Display summary information of the image;
• -f: Display images that meet the conditions;
• --format: Specify the template file for the return value;
• --no-trunc: Display complete image information;
• -q: Display only the image ID.

Sample

#列出本地全部镜像
docker images
#列出本地镜像中 REPOSITORY 为 ubuntu 的镜像列表。
docker images ubuntu

docker image inspect

Function

View image details

grammar

docker image inspect [OPTIONS] IMAGE [IMAGE...]

Sample

#查看镜像详细信息
docker images inspect nginx:1.23.3

docker tag

Function

Mark the local image and classify it into a certain warehouse.

grammar

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Alias

docker image tag

 Sample

docker tag ubuntu:22.04 myregistry.com/myubuntu:22.04

8. Container commands [section]

docker run

Function

Create a new container and run a command

grammar

docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Alias

docker container run

key parameter

• -d: Run the container in the background and return the container ID;
• -i: Run the container in interactive mode, usually used together with -t;
• -P: Random port mapping, the container’s internal port is randomly mapped to the host’s port
• -p: Specify port mapping, the format is: host (host) port: container port
• -t: Reassign a pseudo input terminal to the container, usually used together with -i;
• --name="nginx-lb": Specify a name for the container;
• -h "mars": Specifies the hostname of the container;
• -e username="ritchie": Set environment variables;
• --cpuset-cpus="0-2" or --cpuset-cpus="0,1,2": Bind the container to the specified CPU to run;
• -m: Set the maximum memory used by the container;
• --network="bridge": Specifies the network connection type of the container;
• --link=[]: Add a link to another container;
• --volume, -v: Bind a volume
• --rm :shell automatically deletes the container when exiting

Sample

#使用 docker 镜像 nginx:latest 以后台模式启动一个容器,并将容器命名为
mynginx。
docker run --name mynginx -d nginx:latest
#使用镜像 nginx:latest，以后台模式启动一个容器,将容器的 80 端口映射到主
机的 80 端口,主机的目录 /data 映射到容器的 /data。
docker run -p 80:80 -v /data:/data -d nginx:latest

docker ps

Function

list containers

grammar

docker ps [OPTIONS]

Alias

docker container ls, docker container list, docker container ps

key parameter

• -a: Display all containers, including those that are not running.
• -f: Filter the displayed content based on conditions.
• --format: Specify the template file for the return value. Such as json or table
• -l: Display the latest container.
• -n: List the n most recently created containers.
• --no-trunc: Do not truncate output.
• -q: Silent mode, only the container number is displayed.
• -s: Display the total file size.

Sample

docker ps -a

9. Docker image warehouse practice

Comprehensive practice one: Build an nginx service 

basic knowledge

Web server

A web server, generally referred to as a "website server," refers to a program that resides on a certain type of computer on the Internet. A web server can provide documents to clients such as web browsers, can also place website files for the world to browse, and can also place data files for the world to download. Web server, also known as "WWW server" (full English: World Wide Web, translated into Chinese: World Wide Web or Global Information Network), its main function is to "provide online information browsing services." WWW is a multimedia information query tool for the Internet (Internet). It is a service developed on the Internet (Internet). It is also the fastest growing and currently the most widely used service. It is precisely because of the WWW tool that the Internet has prospered and developed rapidly in the past decade, and the number of users has soared. According to the latest data, the global population currently reaches 7.676 billion, of which the global "netizens" (Internet users) reach a staggering 4.388 billion. For example, Baidu is a web server that provides search services

Nginx

Nginx is a free, open source, high-performance HTTP server and reverse proxy server; it is also an IMAP, POP3, and SMTP proxy server; Nginx can be used as an HTTP server for website publishing and processing, and Nginx can be used as a reverse proxy server. The proxy implements load balancing. It can be understood that Nginx is an implementation of a web server.

Web server 

As a web server, Nginx can provide browsing services to various browsers and other clients. For example, we can access Baidu through mobile phones, computers, and tablets to access the web server.

forward proxy

 

Due to the firewall, we cannot access Google directly, so we can use a VPN. This is an example of a simple forward proxy. Here you can find that the forward proxy "proxies" the client, and the client knows the target, but the target does not know that the client is accessed through VPN.

reverse proxy

When we access Baidu from the external network, we will actually perform a forwarding and proxy to the internal network. This is the so-called reverse proxy, that is, the reverse proxy "acts" on the server side, and this process is very difficult for the client. Be transparent.
 

 Install

# centos
# centos 配置 nginx 源
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginxrelease-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx

Start nginx as a website

1. Check whether nginx is started

2. If it does not start, manually start nginx

#查看版本
nginx -v
#手动启动
nginx

3. Visit nginx homepage

4. nginx adjust configuration

 

5. Home page content

6. Stop nginx and kill the master process to kill the process

Find nginx mirror

Docker search can be used to search, but we cannot see the detailed tags of nginx.

 

Pull the Nginx image and start the Nginx site

1. Pull nginx image

We go to https://hub.docker.com/ to find the nginx image

 

2. Check whether the image exists locally

3. Run the image

4. Check that we are now in the shell of the container, execute cat /etc/*release* to check that the operating system is not Ubuntu
 

5. Start nginx

6. If the shell does not exit, open another shell window and execute the curl command. You can see the welcome message returned by nginx.

If port 80 of your server is externally accessible, you can use a browser to see the welcome page of nginx. Note that cloud vendors generally block port 80, and you need to contact customer service to enable it.

7. Exit the shell and observe and then curl and find that our pings are different, indicating that nginx is in the container and not in the server.

Comprehensive practice two: Create your own private warehouse on Docker hub

basic knowledge

Busybox

BusyBox is a software that integrates more than three hundred of the most commonly used Linux commands and tools. BusyBox includes simple tools such as ls, cat, and echo, as well as larger and more complex tools such as grep, find, mount, and telnet. Some people call BusyBox the Swiss Army Knife of Linux tools. To put it simply, BusyBox is like a big toolbox. It integrates and compresses many tools and commands of Linux, and also includes the Linux system’s own shell. busybox is a software that integrates more than a hundred of the most commonly used Linux commands and tools. It even integrates an http server and a telnet server, and all these functions are only about 1M in size. Due to the small overseas bandwidth, We pull the image and push it to our own warehouse.

Install

#Ubuntu 安装
apt install -y busybox
#CentOS 安装
wget https://busybox.net/downloads/binaries/1.28.1-defconfigmultiarch/busybox-x86_64 --no-check-certificate
mv busybox-x86_64 busybox
chmod +x busybox
./busybox

Excuting an order

busybox ls
busybox ifconfig
busybox ifconfig |busybox grep lo

If you don’t use it, you can uninstall it later.

#ubuntu 卸载
apt --purge autoremove busybox
#centos 卸载
#清理对应目录就好

Create an account

Enter https://hub.docker.com/, click the registration button, and enter the registration information

Create warehouse

After logging in, click on the warehouse and we create a personal warehouse

 

We enter the warehouse information, visible information, click Create to complete

Push the image to the warehouse

Pull the busybox image

Tag the image

docker tag busybox:latest maxhou/mybusybox:v0.1

 At this time, we have an additional mirror

When pushing the image to the warehouse, an error is reported because there is no login.

Login to docker hub

Image pushed successfully

Check it out in our docker hub repository

quit

docker logout

Comprehensive actual practice three: Tencent Cloud creates its own private warehouse

Create an account

Enter https://cloud.tencent.com/ to complete the registration. You can use WeChat to quickly register

After logging in, enter the container image service

Click to shop now

Click on the mirror warehouse on the left

Create warehouse

Click New, we create a personal private warehouse and configure the corresponding parameters

 

You can see that our warehouse has been created successfully

Push the image to the warehouse

Click the shortcut command to see the login and push instructions. Let’s log in first.

 

Tag, push

View our warehouse on Tencent Cloud

Sign out

docker logout ccr.ccs.tencentyun.com

Comprehensive practical experience 4. Alibaba Cloud creates its own private warehouse

Create an account

Enter Alibaba Cloud https://www.aliyun.com/, click on the upper right corner to complete the registration, you can use Alipay to quickly register

Create warehouse

Search for container image services on product

Click on Management Console

Click to create a personal instance

After creation, you are prompted to set a login password.

Complete the setting of the login password. This password is our docker login password.

Click to create a mirror warehouse and you will be prompted to create a namespace.

Configure warehouse parameters

Set the warehouse as a local warehouse and complete the creation

Push the image to the warehouse

You can see that Alibaba Cloud also provides shortcut instructions

 

Log in

Tag the image and push it to the warehouse

View server image

quit

Practical experience

Q: I joined a company and developed an image. How do I choose which one to use as the base image? A: Generally, large companies have their own dedicated image production organizations. They will select the corresponding system version as the base image. For example, a certain department of Huawei selects Euler to make the base image, and Tencent chooses its own TLinux to make the base image. This will not happen because of the emergence of CentOS. If they are not maintained, they cannot be used, and these images generally undergo strict security scanning and are then provided to various departments as basic components. Most companies will often agree to the basic version of the image, so individuals generally don’t have to worry too much about this choice.