Docker搭建私有镜像仓库

原创
2019/10/08 15:05
阅读数 160

docker仓库的工作原理和maven的类似,他们都提供了提供了一个中央仓库,允许用户科技直接从中央仓库下载,同时我们也可以搭建自己的本地私有仓库。

docker本地私有镜像仓库的优点:

  1. 从私有仓库中下载节省网络带宽;
  2. 从私有仓库中下载速度快,一般都是局域网络内部署;
  3. 托管不对外的内部镜像;

下面我们将完整的说明使用docker registry 搭建docker私有镜像仓库和管理工具harbor的过程

1.安装dokcer服务

配置源wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

安装docker-ce容器服务

yum -y install docker-ce

添加docker服务开机自启动systemctl enable docker &&  systemctl start docker

修改docker启动参数

cat  > /etc/docker/daemon.json  <<EOF

{

"registry-mirrors": [

"https://registry.docker-cn.com",

"http://hub-mirror.c.163.com",

"https://registry.docker-cn.com"

],

"insecure-registries":["192.168.100.10"],

    "exec-opts": ["native.cgroupdriver=systemd"]

}

EOF

注意:客户机的该文件也需要加如下配置

"insecure-registries":["192.168.100.10"]

修改docker的启动服务脚本docker.service:

在[Service]节点下增加

ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT

修改完成使用systemctl daemon-reload && systemctl restart docker重启服务

启动docker服务 systemctl start docker

查看docker版本号docker --version

查看docker详细信息docker info

2.拉取registry镜像

docker pull registry

docker images

3.挂载镜像存储目录

将容器内的数据映射挂载在自己指定的目录上,以/work/docker-repo镜像存储的目录

docker run -d -p 5000:5000 --privileged=true -v /work/docker-repo:/var/lib/registry --name docker-registry registry

-d : 让容器可以后台运行

-p :指定映射端口(前者是宿主机的端口号,后者是容器的端口号)

-v :数据挂载(前者是宿主机的目录,后者是容器的目录)

--name : 为运行的容器命名

4.重启容器并开启registry服务

重启docker服务systemctl restart docker

开启registry服务docker start docker-registry

5.安装epel

yum install -y epel-release

6.安装pip

yum install -y python-pip

7.升级pip

pip install --upgrade pip

8.安装docker-compose

pip install docker-compose

9.安装Harbor

官网地址:https://github.com/goharbor/harbor/releases

最新地址:

https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz

下载解压

wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz

tar xvf harbor-offline-installer-v1.9.0.tgz

10.修改harbor.yml配置

vi /work/harbor/harbor.yml

将hostname改为本机机器ip,登录密码改为123456(实际环境请改为复杂密码)

11.安装启动harbor

执行 ./install.sh

看到如下日志,即为安装启动成功:

我们在工作机器访问:http://192.168.100.10

用户:admin   密码:123456

登录成功如下:

12.harbor简单使用

首选创建一个kubernets的项目

然后在/work/docker-pull目录下创建拉取k8s v1.15.3所需的镜像脚本

k8s-v1.15.3-pull.sh内容如下:

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google-containers/flannel:v0.9.0-amd64


docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3 192.168.100.10/kubernetes/kube-apiserver:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3 192.168.100.10/kubernetes/kube-controller-manager:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3 192.168.100.10/kubernetes/kube-scheduler:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3 192.168.100.10/kubernetes/kube-proxy:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 192.168.100.10/kubernetes/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10 192.168.100.10/kubernetes/etcd:3.3.10
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1 192.168.100.10/kubernetes/coredns:1.3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google-containers/flannel:v0.9.0-amd64 192.168.100.10/kubernetes/flannel:v0.9.0-amd64


docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google-containers/flannel:v0.9.0-amd64


docker push 192.168.100.10/kubernetes/kube-apiserver:v1.15.3
docker push 192.168.100.10/kubernetes/kube-controller-manager:v1.15.3
docker push 192.168.100.10/kubernetes/kube-scheduler:v1.15.3
docker push 192.168.100.10/kubernetes/kube-proxy:v1.15.3
docker push 192.168.100.10/kubernetes/pause:3.1
docker push 192.168.100.10/kubernetes/etcd:3.3.10
docker push 192.168.100.10/kubernetes/coredns:1.3.1
docker push 192.168.100.10/kubernetes/flannel:v0.9.0-amd64

完成后执行chmod +x k8s-v1.15.3-pull.sh

执行./k8s-v1.15.3-pull.sh

在push过程中发生错误:

虽然是公开仓库,是允许公开pull,但是push是需要登录的,我们这里登录harbor的管理员账号:

再次执行基本,可以看到正常push了

镜像操作完成docker images查看

查看镜像存储目录,发现私有库中已存在镜像

登录harbor中查看,也已经存在镜像

至此docker 私有镜像仓库以及管理服务Harbor搭建完成。

 

展开阅读全文
加载中
点击引领话题📣 发布并加入讨论🔥
0 评论
0 收藏
0
分享
返回顶部
顶部