Docker seventh back (private Registry)

Others 2019-10-04 21:15:30 views: null

A, Docker Registry of classification

Registry docker for holding the mirror, including the mirror and metadata hierarchy, a user may self Registry, the official may be used Hub docker

  • Sponsor Registry: third-party Registry, for customers to use and docker community

  • Mirror Registry: third-party Registry, only allow customers to use

  • Vendor Registry: Registry provided by the publisher Docker mirror supplier

  • Private Registry: Registry provided by private entities have a firewall and additional security layer

 

二、Docker Distribution

docker distribution warehouse is private package docker provides us, it can also run in a container. Therefore, it is mirrored in the docker hub. But docker distribution and no web interface, like a docker hub is not supported as web browsing, search for images, but do not support the use of docker file automatically build the mirror in the docker hub. To achieve this function, you can use the harbor

 

1, docker distribution installation

  • By docker distribution mirrors on download ducker hub to make it run in a container, because once the container is stopped, the data will be deleted features, we also provide storage volume for it, using the mirrored data network file system to persist in the warehouse

  • yum installation, docker distribution installation package Extras yum warehouse can be installed directly

     

 

2, yum docker distribution installation

2.1 Installation

[root@centos7-node2 ~]# yum info docker-distribution
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.ustc.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
Installed Packages
Name        : docker-distribution
Arch        : x86_64 Version : 2.6.2 Release : 2.git48294d9.el7 Size : 12 M Repo : installed From repo : extras Summary : Docker toolset to pack, ship, store, and deliver content URL : https://github.com/docker/distribution License : ASL 2.0 Description : Docker toolset to pack, ship, store, and deliver content [root@centos7-node2 ~]# yum install docker-distribution [root@centos7-node2 ~]# rpm -ql docker-distribution /etc/docker-distribution/registry/config.yml /usr/bin/registry /usr/lib/systemd/system/docker-distribution.service /usr/share/doc/docker-distribution-2.6.2 /usr/share/doc/docker-distribution-2.6.2/AUTHORS /usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md /usr/share/doc/docker-distribution-2.6.2/LICENSE /usr/share/doc/docker-distribution-2.6.2/MAINTAINERS /usr/share/doc/docker-distribution-2.6.2/README.md /var/lib/registry [root@centos7-node2 ~]# service docker-distribution start Redirecting to /bin/systemctl start docker-distribution.service [root@centos7-node2 ~]# netstat -tlunp |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 2912/registry
 

2.2, Configuration

The default configuration files, according to their needs change

[root@centos7-node2 ~]# vim /etc/docker-distribution/registry/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000
 

 

3, mirrored and upload docker-distribution

3.1, mirrored and upload

[root@bogon ~]# docker tag httpd:1.1 centos7-node2.local:5000/httpd:1.1
[root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 Error response from daemon: Get https://centos7-node2.local:5000/v2/: dial tcp 192.168.31.187:5000: connect: no route to host [root@bogon ~]# vim /etc/docker/daemon.json "insecure-registries": ["centos7-node2.local:5000"] [root@bogon ~]# service docker restart Redirecting to /bin/systemctl restart docker.service [root@bogon ~]# docker push centos7-node2.local:5000/httpd:1.1 The push refers to repository [centos7-node2.local:5000/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.1: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741
 

# Docker client communications using https and Registry default, if the warehouse is private http protocol, we need to change docker client configuration file

3.2, docker distribution verify

[root@centos7-node2 ~]# ll /var/lib/registry/docker/registry/v2/repositories/httpd/_layers/sha256/
total 0
drwxr-xr-x. 2 root root 18 Nov 20 17:15 bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32
drwxr-xr-x. 2 root root 18 Nov 20 17:15 f06537d9e799fdeca094e95d56295b96359d188988b5d78353f716de5856b5b1
drwxr-xr-x. 2 root root 18 Nov 20 17:15 f9f73d801f0558b085ffa505240a065319269c4cefbe9c2e60103d58761edfa8
 

3.3, just delete the docker client image and retrieve

[root@bogon ~]# docker image rm centos7-node2.local:5000/httpd:1.1
Untagged: centos7-node2.local:5000/httpd:1.1
Untagged: centos7-node2.local:5000/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5
[root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB [root@bogon ~]# docker pull centos7-node2.local:5000/httpd:1.1 1.1: Pulling from httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local:5000/httpd:1.1 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB
 

 

Third, what is the harbor

harbor by Google, IBM, Microsoft co-founded CNCF (native cloud computing Foundation), a specialized third-party maintenance organization k8s other projects. It maintains the project k8s, prometheus, etc., including just joined the harbor (private warehouse server software) project. harbor is now an enterprise-class warehouse applications. VMWare on the basis of a docker distribution made on the secondary development project, adding a lot of extra programs, including a web interface. So, we can build a complete local private warehouse harbor.

Project Harbor is an open source trusted cloud native Registry project that stores, signs, adn scans content。

Harbor extends the open source Docker Distribution by adding the functionalities  usually required by users such as security,identity and management

Harbor supports advanced features such as user management,access control,activity monitoring, and replication  between instances

 

1, harbor features

  • Support for multi-tenancy, a harbor that allows many users to manage their own registration come in warehouse

  • Support for security, risk analysis

  •  Support audit log

  • Role-based access control

  • Support replication between multiple harbor

  • Scalable api, ui graphical interface

  • International, currently supports english and chinese

 

2, harbor installation

To simplify its official harbor installation, the harbor made the application running in the container, since the harbor is dependent on mysql, redis many other storage systems. So it is necessary to work together multiple containers. So vmware the harbor at the time of deployment and use need to use stand-alone variable set of tools compose docker

Download: https: //github.com/goharbor/harbor/releases

Installation documentation: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

 

[root@centos7-node2 src]# wget  
[root@centos7-node2 src]# tar -zxvf harbor-offline-installer-v1.5.4.tgz -C /usr/local/ [root@centos7-node2 src]# cd /usr/local/harbor/ [root@centos7-node2 harbor]# sed -i 's/hostname = reg.mydomain.com/hostname = centos7-node2.local/g' ./harbor.cfg [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# yum install epel-release [root@centos7-node2 harbor]# yum install docker-compose [root@centos7-node2 harbor]# ./install.sh ?.----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://centos7-node2.local. For more details, please visit https://github.com/vmware/harbor . [root@centos7-node2 harbor]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2ecc079867c6 vmware/nginx-photon:v1.5.4 "nginx -g 'daemon of?? 14 seconds ago Up 12 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx a1b51d6d296a vmware/harbor-jobservice:v1.5.4 "/harbor/start.sh" 14 seconds ago Up 12 seconds harbor-jobservice 0ffb3f2a442e vmware/harbor-ui:v1.5.4 "/harbor/start.sh" 16 seconds ago Up 14 seconds (health: starting) harbor-ui 1c5e3590ac25 vmware/registry-photon:v2.6.2-v1.5.4 "/entrypoint.sh serv?? 19 seconds ago Up 16 seconds (health: starting) 5000/tcp registry fd09682ac89a vmware/harbor-adminserver:v1.5.4 "/harbor/start.sh" 19 seconds ago Up 16 seconds (health: starting) harbor-adminserver 054710b41aa2 vmware/harbor-db:v1.5.4 "/usr/local/bin/dock?? 19 seconds ago Up 16 seconds (health: starting) 3306/tcp harbor-db c03daf7e3bb1 vmware/redis-photon:v1.5.4 "docker-entrypoint.s?? 19 seconds ago Up 17 seconds 6379/tcp redis b1fcf0c916a1 vmware/harbor-log:v1.5.4 "/bin/sh -c /usr/loc?? 22 seconds ago Up 18 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log [root@centos7-node2 harbor]#
 

After a successful installation will start eight container harbor.

Note: Due to harbor the network is nat, so to open the firewall service, otherwise it will not install.

The last successful installation of the web interface

image.png

 

3, using the harbor web interface

3.1, create a new project

image.png

 

3.2, click the newly created project, there is no mirror

image.png

 

3.3, using a docker client mirrored and upload

[root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.2
[root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker tag centos7-node2.local:5000/httpd:1.1 centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker login centos7-node2.local Username: gouyacai Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.2 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Pushed da6517724f67: Pushed 1.2: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.3 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.3: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741 [root@bogon ~]# docker push centos7-node2.local/development/httpd:1.4 The push refers to repository [centos7-node2.local/development/httpd] ddcb568d3d1e: Layer already exists da6517724f67: Layer already exists 1.4: digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 size: 741
 

image.png

 

3.4, from the mirror to the harbor pulls client docker

[root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.2
Untagged: centos7-node2.local/development/httpd:1.2
[root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.3 Untagged: centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker image rm centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd:1.4 Untagged: centos7-node2.local/development/httpd@sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 [root@bogon ~]# [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos7-node2.local:5000/httpd 1.1 bbffcf779dd4 2 weeks ago 264MB httpd 1.1 bbffcf779dd4 2 weeks ago 264MB nginx stable ecc98fc2f376 5 weeks ago 109MB centos 6.6 4e1ad2ce7f78 5 weeks ago 203MB redis 4-alpine 05097a3a0549 6 weeks ago 30MB [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.2 1.2: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.2 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.3 1.3: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.3 [root@bogon ~]# docker pull centos7-node2.local/development/httpd:1.4 1.4: Pulling from development/httpd Digest: sha256:e40c5748459eb28eb7cb39eb35f863abcd6b1aa1f341f1f8e999a27537d34bb5 Status: Downloaded newer image for centos7-node2.local/development/httpd:1.4 [root@bogon ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE httpd 1.1 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.2 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.3 bbffcf779dd4 2 weeks ago 264MB centos7-node2.local/development/httpd 1.4 bbffcf779dd4 2 weeks ago 264MB

 

 

Guess you like

Origin www.cnblogs.com/baomaggie/p/11622765.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com