K8S:基础篇之Docker(Docker Registry篇)

原创清酒和歌 2020-08-13

3341

概述

这是一个Kubernetes系列文章，主要将我所学过，所使用过的经验、使用方法等记录在此。将会持续更新。
紧接上篇内容《Dockerfile的使用》讲述，首先我们有了自定义镜像，随着自定义镜像越来越多，机器也不断增长，也不可能一直使用docker save进行迁移。
这时候，Docker Registry派上用场，官方提供了一个Docker Hub的仓库，当然也可以在自己本地搭建私有仓库，更有harbor这样的企业级私有仓库供你选择。

Docker Hub使用

注册

要使用官方镜像，首先需要注册一个账号，到https://hub.docker.com这个网址注册账号

登陆

在命令行登陆，使用方法：

docker login --username=<你的用户名> --password=<你的密码>
复制

拉取镜像

一般来说，官方提供的镜像有两种，一种是官方自己的，通常在library/<镜像名>，docker pull命令默认就是去这个仓库下找的。
还有一种是用户自己打的，一般以用户名开头的仓库，如tenant/nginx，这里的tenant就是用户名。
前面的文章讲过如何拉取镜像，所以这里再次演示一次：

[root@localhost opt]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
Digest: sha256:36b74457bccb56fbf8b05f79c85569501b721d4db813b684391d63e02287c0b2
Status: Image is up to date for nginx:latest
docker.io/library/nginx:latest
复制

可以看到就是从默认的library仓库下找到的，这也是官方的镜像。

推送镜像

前提是创建了账号，登陆之后才可以推送，假设这里使用docker login登陆了，现在，我们要推送自己打的镜像：

docker tag nginx:v1 username/nginx:vv1
docker push username/nginx:vv1
复制

注意，这里需要将自己本地的镜像重新命名，命名格式必须为：username/<自定义标签>。
之后，就可以推送到自己账户下的仓库了，推送命令也非常简单：docker push sername/<自定义标签>。

注销

docker logout
复制

Docker私有仓库

要在国内拉取，推送Docker官方镜像是件不容易的事情，为了更方便我们存取镜像，现在需要docker-registry登场了。
这是一个Docker官方提供的私有仓库镜像，可以直接在本地运行起来，作为私有仓库使用。

[root@localhost opt]# docker run -d -p 5000:5000 -v /data/docker-registry:/var/lib/registry --restart=always --name registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete 
47112e65547d: Pull complete 
46bcb632e506: Pull complete 
c1cc712bcecd: Pull complete 
3db6272dcbfa: Pull complete 
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
1bcee4ddba2493f88c6e6123f23c80480bdf9e86367b54c89a929592cd2df51c
[root@localhost opt]# 
[root@localhost opt]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
1bcee4ddba24        registry            "/entrypoint.sh /etc…"   47 seconds ago      Up 45 seconds       0.0.0.0:5000->5000/tcp   registry
[root@localhost opt]# 
复制

好了，本地仓库搭建完毕，现在开始推送镜像到这个本地仓库里：

[root@localhost opt]# docker tag nginx:v1 127.0.0.1:5000/nginx:vv1
[root@localhost opt]# docker push 127.0.0.1:5000/nginx:vv1
The push refers to repository [127.0.0.1:5000/nginx]
2a352c0fd7f1: Pushed 
291f6e44771a: Pushed 
vv1: digest: sha256:513099224a7bdcc2fe4667b2c10b27fce54e0feba6fb2bd15c4e5b505ed7b9ff size: 741
[root@localhost opt]# 
[root@localhost opt]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":["nginx"]}
[root@localhost opt]# 
复制

可以看到本地仓库里已经存在了nginx:vv1的镜像了。
如果想要其他机器也是用这个仓库，那么需要在/etc/docker/daemon.json写入仓库地址以信任这台机器，另外，Docker默认是HTTPS协议传输，一般内网环境用不到HTTPS，所以在写入配置时写HTTP协议即可。

[root@localhost opt]# cat /etc/docker/daemon.json 
{
	"insecure-registries": [
		"172.16.150.133:5000"
] 
}
[root@localhost opt]# 
复制

修改配置后，docker需要重启。

Harbor仓库

私有仓库对于个人来说够用了，但是对于企业来说，功能就不太完善了。Harbor是一个企业级的仓库中心，它提供了镜像管理，过期清理，用户权限管理，LDAP等功能。

安装

安装Harbor之前，需要安装docker和docker-compose。关于docker-compose的使用在之后的文章中讲。这里只用做Harbor安装启动的组件。
项目地址：Harbor Git下载
Harbor官方提供了几种包，有在线安装的，有离线包，这里为选择在线包。

[root@localhost opt]# tar -zxf harbor-online-installer-v1.10.3.tgz 
[root@localhost opt]# cd harbor
[root@localhost harbor]# ls
common.sh  harbor.yml  install.sh  LICENSE  prepare
[root@localhost harbor]# cat harbor.yml|grep -E 'port|hostname|harbor_admin_password'
hostname: 172.16.150.133	#需要修改
port: 80			#改成自己需要的
harbor_admin_password: 12345	#admin账号的密码
--我这里直接注释掉了HTTPS模块，要求安全的话，可以使用openssl生成自签名证书。
[root@localhost harbor]# ./prepare 
prepare base dir is set to /opt/harbor
Unable to find image 'goharbor/prepare:v1.10.3' locally
v1.10.3: Pulling from goharbor/prepare
a10779388d4e: Pull complete 
12b8569f46a6: Pull complete 
298230e0a21f: Pull complete 
ea3847dc8bc4: Pull complete 
1b52894b31e5: Pull complete 
ae5b50c2a4c9: Pull complete 
8b279542d577: Pull complete 
Digest: sha256:c757f65f753a73618c7bea3b6e5d0ab281bb60b91ae8d85b20f6d8657d703861
Status: Downloaded newer image for goharbor/prepare:v1.10.3
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[root@localhost harbor]# ls
common  common.sh  docker-compose.yml  harbor.yml  install.sh  LICENSE  prepare

[root@localhost harbor]# docker-compose up -d
Pulling log (goharbor/harbor-log:v1.10.3)...
v1.10.3: Pulling from goharbor/harbor-log
a10779388d4e: Already exists
28cbacec799c: Pull complete
c0c54bce5b24: Pull complete
d0730f309a63: Pull complete
4507fe7fe102: Pull complete
dc44c5b05c0c: Pull complete
1e1e88d434d9: Pull complete
cbb8c57dc618: Pull complete
ac053cfbd6b1: Pull complete
Digest: sha256:30ed6ecd430b639a18e773e7acb847aa470c348a78151341e0e7e76eba59a7b9
Status: Downloaded newer image for goharbor/harbor-log:v1.10.3
Pulling registry (goharbor/registry-photon:v1.10.3)...
v1.10.3: Pulling from goharbor/registry-photon
a10779388d4e: Already exists
e62ed2ce5ec7: Pull complete
d8334b830425: Pull complete
113b84d4f9f4: Pull complete
3dd6492b25b7: Pull complete
da931bf93bef: Pull complete
Digest: sha256:fae60ed6674fb5b38c25a9fd768e631f05252b631668ef744b43011ce28e098b
Status: Downloaded newer image for goharbor/registry-photon:v1.10.3
Pulling registryctl (goharbor/harbor-registryctl:v1.10.3)...
v1.10.3: Pulling from goharbor/harbor-registryctl
a10779388d4e: Already exists
4c32629e6610: Pull complete
8d59bf573912: Pull complete
73754b7f5122: Pull complete
c758afd6a1a7: Pull complete
af3d2665222a: Pull complete
9b909bd019a0: Pull complete
Digest: sha256:7903f39d47db4182f424539ec36294c407e7ac1e2e39fa095609a296e180b9e0
Status: Downloaded newer image for goharbor/harbor-registryctl:v1.10.3
Pulling postgresql (goharbor/harbor-db:v1.10.3)...
v1.10.3: Pulling from goharbor/harbor-db
a10779388d4e: Already exists
facf26279afd: Pull complete
da956f976a24: Pull complete
958372915106: Pull complete
6adc6448e298: Pull complete
ca3174a57019: Pull complete
85d01f99766c: Pull complete
9ebd4dc0acbe: Pull complete
29fd712cba5b: Pull complete
Digest: sha256:2a218a5416b4872d1709e4b98cf4cae609b7dd9f14d0a69d1c022220ec46bd91
Status: Downloaded newer image for goharbor/harbor-db:v1.10.3
Pulling portal (goharbor/harbor-portal:v1.10.3)...
v1.10.3: Pulling from goharbor/harbor-portal
a10779388d4e: Already exists
84c9884ba7eb: Pull complete
71d230c7f9d1: Pull complete
4e974cb55174: Pull complete
638daee86672: Pull complete
8982d17786f0: Pull complete
cfe2d2ee746e: Pull complete
Digest: sha256:c31da1851f3b5187e62f4e271676e69eb8a0c29869291caa815334115a0197c7
Status: Downloaded newer image for goharbor/harbor-portal:v1.10.3
Pulling redis (goharbor/redis-photon:v1.10.3)...
v1.10.3: Pulling from goharbor/redis-photon
a10779388d4e: Already exists
d50c5d78bc09: Pull complete
3838574cde0c: Pull complete
f2c8a87250a2: Pull complete
ae9b6fb22b9f: Pull complete
Digest: sha256:ca4d34c1d57678d1f6b3a0c1e12bfa3c58b3c1fe1e8b37dce810b85a8b299442
Status: Downloaded newer image for goharbor/redis-photon:v1.10.3
Pulling core (goharbor/harbor-core:v1.10.3)...
v1.10.3: Pulling from goharbor/harbor-core
a10779388d4e: Already exists
7db45f88cfc8: Pull complete
b6a144043955: Pull complete
a39cb7d2ce51: Pull complete
91735f4046fc: Pull complete
802b05415bbe: Pull complete
1a7438bf7875: Pull complete
Digest: sha256:93495b107d86c12192cf979142bf8b70bdb75c18715a5db78e28b0ed79f4c404
Status: Downloaded newer image for goharbor/harbor-core:v1.10.3
Pulling jobservice (goharbor/harbor-jobservice:v1.10.3)...
v1.10.3: Pulling from goharbor/harbor-jobservice
a10779388d4e: Already exists
76f02e516bda: Pull complete
4d6e41d8e60f: Pull complete
Creating harbor-log ... done
Status: Downloaded newer image for goharbor/harbor-jobservice:v1.10.3
Pulling proxy (goharbor/nginx-photon:v1.10.3)...
v1.10.3: Pulling from goharbor/nginx-photon
a10779388d4e: Already exists
Creating harbor-db ... done
Creating harbor-core ... done
Status: Downloaded newer image for goharbor/nginx-photon:v1.10.3
Creating harbor-jobservice ... done
Creating registry ... 
Creating redis ... 
Creating registryctl ... 
Creating harbor-portal ... 
Creating harbor-db ... 
Creating harbor-core ... 
Creating nginx ... 
Creating harbor-jobservice ... 
[root@localhost harbor]# 
                         
复制

Harbor已经启用，在浏览器访问：http://你的IP ，即可跳转到Harbor界面，输入上面设置的密码

使用

登陆

在命令行登陆到Harbor：

[root@localhost harbor]# docker login 170.16.150.133
Username: admin
Password: 
Error response from daemon: Get https://170.16.150.133/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

复制

这里登陆报错了，默认是HTTPS协议登陆的，需要修改/etc/docker/daemon.json文件，将Harbor加入到信任节点：

[root@localhost harbor]# cat /etc/docker/daemon.json
{
    "registry-mirrors": ["https://ebdx5h0p.mirror.aliyuncs.com"],
    "insecure-registries":["172.16.150.133:5000"],
    "insecure-registries":["172.16.150.133"]
}
[root@localhost harbor]# 
复制

推送

在Harbor界面上点击新建项目，新建一个项目仓库，如：generation

docker tag nginx:v1 172.16.150.133/generation/nginx:vv1
docker push 172.16.150.133/generation/nginx:vv1
复制

返回Harbor界面，进入generation项目仓库，即可看到刚推送到镜像。

拉取

我们可以在另外一台机器上拉取Harbor仓库中的镜像，需要在/etc/docker/daemon.json中也加入信任，拉取也非常简单：

docker pull 172.16.150.133/generation/nginx:vv1
复制

镜像仓库是构建K8S重要的一环，也是构建整个自动化流程的一环。

kubernetes docker

最后修改时间：2020-08-16 13:21:42

「喜欢这篇文章，您的关注和赞赏是给作者最好的鼓励」

关注作者