A, Docker Registry of classification
Registry docker for holding the mirror, including the mirror and metadata hierarchy, a user may self Registry, the official may be used Hub docker
-
Sponsor Registry: third-party Registry, for customers to use and docker community
-
Mirror Registry: third-party Registry, only allow customers to use
-
Vendor Registry: Registry provided by the publisher Docker mirror supplier
-
Private Registry: Registry provided by private entities have a firewall and additional security layer
二、Docker Distribution
docker distribution warehouse is private package docker provides us, it can also run in a container. Therefore, it is mirrored in the docker hub. But docker distribution and no web interface, like a docker hub is not supported as web browsing, search for images, but do not support the use of docker file automatically build the mirror in the docker hub. To achieve this function, you can use the harbor
1, docker distribution installation
-
By docker distribution mirrors on download ducker hub to make it run in a container, because once the container is stopped, the data will be deleted features, we also provide storage volume for it, using the mirrored data network file system to persist in the warehouse
-
yum installation, docker distribution installation package Extras yum warehouse can be installed directly
2, yum docker distribution installation
2.1 Installation
2.2, Configuration
The default configuration files, according to their needs change
3, mirrored and upload docker-distribution
3.1, mirrored and upload
# Docker client communications using https and Registry default, if the warehouse is private http protocol, we need to change docker client configuration file
3.2, docker distribution verify
3.3, just delete the docker client image and retrieve
Third, what is the harbor
harbor by Google, IBM, Microsoft co-founded CNCF (native cloud computing Foundation), a specialized third-party maintenance organization k8s other projects. It maintains the project k8s, prometheus, etc., including just joined the harbor (private warehouse server software) project. harbor is now an enterprise-class warehouse applications. VMWare on the basis of a docker distribution made on the secondary development project, adding a lot of extra programs, including a web interface. So, we can build a complete local private warehouse harbor.
Project Harbor is an open source trusted cloud native Registry project that stores, signs, adn scans content。
Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security,identity and management
Harbor supports advanced features such as user management,access control,activity monitoring, and replication between instances
1, harbor features
-
Support for multi-tenancy, a harbor that allows many users to manage their own registration come in warehouse
-
Support for security, risk analysis
-
Support audit log
-
Role-based access control
-
Support replication between multiple harbor
-
Scalable api, ui graphical interface
-
International, currently supports english and chinese
2, harbor installation
To simplify its official harbor installation, the harbor made the application running in the container, since the harbor is dependent on mysql, redis many other storage systems. So it is necessary to work together multiple containers. So vmware the harbor at the time of deployment and use need to use stand-alone variable set of tools compose docker
Download: https: //github.com/goharbor/harbor/releases
Installation documentation: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
After a successful installation will start eight container harbor.
Note: Due to harbor the network is nat, so to open the firewall service, otherwise it will not install.
The last successful installation of the web interface
3, using the harbor web interface
3.1, create a new project
3.2, click the newly created project, there is no mirror
3.3, using a docker client mirrored and upload
3.4, from the mirror to the harbor pulls client docker