搭建个私有docker镜像仓库

妖狐艹你老母 2023-06-08 10:49 96阅读 0赞

公有仓库和私有仓库:

**速度:**公有仓库走的公网,速度较慢;私有仓库走的是内网,即局域网;

**安全性:**公有仓库存放在公共硬盘上;私有仓库存在自己服务器硬盘上。

公有仓:

最权威的,但速度比较慢:

https://hub.docker.com/

image

首先登陆:

  1. $ docker login -usmallsoup 
  2. Password: 
  3. WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
  4. Configure a credential helper to remove this warning. See
  5. https://docs.docker.com/engine/reference/commandline/login/#credentials-store
  7. Login Succeeded

打标签,push镜像到hub仓库:

  1. docker tag zookeeper:3.5 smallsoup/zookeeper:3.5
  2. docker push smallsoup/zookeeper:3.5

已push成功,可以在hub上看到:

image

私有仓:

用docker提供的registry在本地搭建私有仓:

  1. docker pull registry:2.5.2
  2. docker run -d -p 5000:5000 registry:2.5.2
  3. docker tag zookeeper:3.5 localhost:5000/zookeeper:3.5
  4. docker push zookeeper:3.5 localhost:5000/zookeeper:3.5

因没有设置安全性,所以直接可以push上去。

由于是本地仓库,所以pull的速度很快。

  1. [root@localhost micro-service]# docker pull localhost:5000/zookeeper:3.5
  2. 3.5: Pulling from zookeeper
  3. Digest: sha256:3474ec46da9db9dc27a431f9645a2df9c91d5b969f591fe0ccd4c40f2bfd1579
  4. Status: Image is up to date for localhost:5000/zookeeper:3.5

但是这个私有仓不能满足我们的需求,生产线上万一该私有仓服务器故障,其他服务器也无法接管。再者,也没有页面可以便于管理。

业内出现的harbor,主要提供 Dcoker Registry 管理UI,可基于角色访问控制, AD/LDAP 集成,日志审核等功能,完全的支持中文,非常适用于生产环境。

harbor私有仓库搭建

github地址:

https://github.com/goharbor/harbor/releases

下载地址:

https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz

这个链接速度太慢,可以在这里下载:

http://harbor.orientsoft.cn/

以下使用的harbor版本是harbor-offline-installer-v1.5.0.tgz

首先解压:

  1. tar -zxf harbor-offline-installer-v1.5.0.tgz

然后运行./install脚本进行安装,如果需要特殊设置,可以先修改harbor.cfg和docker-compose.yml后在进行./install安装操作

  1. [Step 4]: starting Harbor ...
  2. Creating network "harbor_harbor" with the default driver
  3. Creating harbor-log ... done
  4. Creating harbor-adminserver ... 
  5. Creating redis              ... error
  6. Creating harbor-db          ... 
  7. Creating registry           ... 
  8. Creating harbor-adminserver ... done
  9. ERROR: for redis  Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use Creating harbor-db ... done Creating registry ... done Creating harbor-ui ... done Creating nginx ... done ERROR: for redis Cannot create container for service redis: b'Conflict. The container name "/redis" is already in use by container "c3813d66ccad284d3529227fabf3d5c19cb991237de8d3e72fc470ffd2cbfa99". You have to remove (or rename) that container to be able to reuse that name.'
  10. ERROR: Encountered errors while bringing up the project.

安装过程中报以上错误,是因为服务器上已经有了名为redis的容器名,和harbor将要安装的redis容器名重名,需要rename服务器上已有的redis容器名为micro-service-redis:

  1. $ docker ps -a --filter name=redis
  2. CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
  3. c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   redis
  5. $ docker rename redis micro-service-redis 
  6. $ docker ps -aq --filter name=redis
  7. c3813d66ccad
  9. $ docker ps -a --filter name=redis
  10. CONTAINER ID        IMAGE                              COMMAND             CREATED             STATUS              PORTS                    NAMES
  11. c3813d66ccad        hub.c.163.com/public/redis:2.8.4   "/run.sh"           2 days ago          Up 42 hours         0.0.0.0:6379->6379/tcp   micro-service-redis

然后重新执行./install

  1. [Step 4]: starting Harbor ...
  2. Creating network "harbor_harbor" with the default driver
  3. Creating harbor-log ... done
  4. Creating redis              ... done
  5. Creating harbor-db          ... done
  6. Creating harbor-adminserver ... done
  7. Creating registry           ... done
  8. Creating harbor-ui          ... done
  9. Creating harbor-jobservice  ... 
  10. Creating nginx              ... 
  12. ERROR: for harbor-jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
  14. ERROR: for nginx  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
  16. ERROR: for jobservice  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
  18. ERROR: for proxy  UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
  19. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
  20. If you encounter this issue regularly because of slow network conditions, consider setting COMPOSE_HTTP_TIMEOUT to a hig

又报以上的错,可能是由于网络问题,导致失败,重新./install试试:

  1. [Step 4]: starting Harbor ...
  2. Creating network "harbor_harbor" with the default driver
  3. Creating harbor-log ... done
  4. Creating redis              ... done
  5. Creating harbor-db          ... done
  6. Creating harbor-adminserver ... done
  7. Creating registry           ... done
  8. Creating harbor-ui          ... done
  9. Creating nginx              ... done
  10. Creating harbor-jobservice  ... done
  12.  ----Harbor has been installed and started successfully.----
  14. Now you should be able to visit the admin portal at http://hub.smallsoup.com. 
  15. For more details, please visit https://github.com/vmware/harbor .

成功了。

可以访问harbor部署服务器IP:docker-compose.yml中80映射到宿主机上的端口;

用户名是admin,密码是harbor.cfg中harbor_admin_password的值访问管理页面:

image

可以创建一个私有仓库micro-service:

image

在系统管理->用户管理中添加用户,然后点开上一步创建的项目–>>成员–>>新建成员,并设置权限。

项目管理员:有pull和push以及项目其他管理权限;

开发人员:有pull和push权限;

访客:只有pull权限。

访客:只有pul

image

将该项目的各个微服务image push到harbor的micro-service项目里:

  1. $ docker images |grep -v "vmware"
  2. REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
  3. api-gateway-zuul                latest              8a814cf9bb65        23 hours ago        476MB
  4. course-service                  latest              673d4501353e        23 hours ago        462MB
  5. course-edge-service             latest              854d5d8bddaa        23 hours ago        484MB
  6. message-thrift-python-service   latest              4317a76b387e        24 hours ago        926MB
  7. user-edge-service               latest              ff07d54a02ba        25 hours ago        469MB
  8. user-thrift-service             latest              02dd6fd0f239        26 hours ago        456MB
  9. python-base                     latest              81ad8926a9d9        26 hours ago        926MB
  10. zookeeper                       3.5                 c41e1dcd86e4        2 weeks ago         128MB
  11. smallsoup/zookeeper             3.5                 c41e1dcd86e4        2 weeks ago         128MB
  12. localhost:5000/zookeeper        3.5                 c41e1dcd86e4        2 weeks ago         128MB
  13. elasticsearch                   latest              5acf0e8da90b        2 weeks ago         486MB
  14. registry                        2.5.2               96ca477b7e56        3 weeks ago         37.8MB
  15. registry                        2                   2e2f252f3c88        3 weeks ago         33.3MB
  16. python                          3.6                 4f13b7f2138e        4 weeks ago         918MB
  17. openjdk                         8-jre               66bf39162ea7        4 weeks ago         443MB
  18. mysql                           latest              6a834f03bd02        4 weeks ago         484MB
  19. hub.c.163.com/public/redis      2.8.4               4888527e1254        2 years ago         190MB

打标签:

  1. docker tag openjdk:8-jre 192.168.1.103:80/micro-service/openjdk:8-jre

查看镜像:

  1. $ docker images |grep -v "vmware" | grep open
  2. openjdk                                    7-jre               e4c851ec3393        4 weeks ago         329MB
  3. 192.168.1.103:80/micro-service/openjdk   8-jre               66bf39162ea7        4 weeks ago         443MB
  4. openjdk

push镜像:

  1. $ docker push 192.168.1.103:80/micro-service/openjdk:8-jre
  2. The push refers to repository [192.168.1.103:80/micro-service/openjdk]
  3. Get https://192.168.1.103:80/v2/: http: server gave HTTP response to HTTPS client

push报错。由于默认采用的是http协议,即harbor.cfg中的ui_url_protocol值。https的比较麻烦,需要生成证书等步骤,可以参考:

为Harbor设置Https

http://gapme.cn/2017/10/25/harbor-ui-https/

这里暂且用http的方式。

以上报错解决办法:

在”/etc/docker/“目录下,创建”daemon.json“文件。在文件中写入:

  1. { 
  2.   "insecure-registries": [
  3.         "hub.smallsoup.com:80",
  4.         "192.168.1.103:80"
  5.   ]
  6. }

重启docker:

  1. systemctl restart docker

docker重启后,./install或者docker-compose down;docker-compose up -d重启harbor即可。

将基础镜像和各个服务镜像push到库上:

image

题外话:

在安装过程中,将80端口映射到宿主机的8081端口,push的时候遇到很多问题(报错80端口连接拒绝,大概就是这个issue

https://github.com/goharbor/harbor/issues/192),查找了很多资料,还是放弃了,最后映射到宿主机80端口,push一切ok。

由于用域名的方式push得设置hosts以及端口转发,比较麻烦,以上采用了IP:PORT方式:

删除用域名打的标签:

  1. docker rmi -f hub.smallsoup.com:80/micro-service/openjdk:8-jre

harbor也可以在公众号后台回复【2】加小编微信索取。

作者简洁

作者:小碗汤,一位热爱、认真写作的小伙,目前维护原创公众号:『我的小碗汤』,专注于写golang、docker、kubernetes等知识等提升硬实力的文章,期待你的关注。 转载说明:务必注明来源(注明:来源于公众号:我的小碗汤, 作者:小碗汤)

发表评论

表情:
评论列表 (有 0 条评论,96人围观)

还没有评论,来说两句吧...

相关阅读