current position:Home>Configuration and use of private image warehouse of microservice architect docker

Configuration and use of private image warehouse of microservice architect docker

2022-01-27 05:37:49 Learning God is coming

docker Introduction to privatized warehouse

Introduction to private warehouse

dockerhub Do you remember what you do ? Store the mirror image , Public Warehouse Official website : Docker hub Official website :registry.hub.docker.com Sometimes use Docker Hub Such a public warehouse may not be convenient ( Sometimes you can't access ), Users can create a local warehouse for private use , You can use official tools docker-registry To configure the private image repository

1、 Use official tools to configure docker-registry It's an official tool , It can be used to build a private image warehouse . registry [ˈredʒɪstri] Record , registration

What are the advantages of a private image warehouse ?

The benefits of a private warehouse : 1、 Fast 2、 Convenient maintenance 3、 Security

The idea of building a private warehouse : Old ideas : Download the source code tar/yum install -》 install -》 Modify the configuration file -》 Start the service Use docker Ideas : Download and use directly registry The image starts docker example , In this way, the warehouse will be built successfully .

With docker in the future , All software is no longer in the form of office.exe or lrzsz.rpm Form release , And then docker Image Publishing . You just need to download docker Mirror and run a docker example . With docker in the future , No longer need to install linux Worry about service !

Experimental environment planning

Experimental environment : docker Private warehouse address :xuegod64 xuegod64 The machine needs at least 2G, What I assigned was 6G docker Server address : xuegod63 ,xuegod63 Will use xuegod64 On docker Private warehouse pull/push Mirror image , Experimental Topology :  Insert picture description here

Use registry build docker Private warehouse

Docker service : The host name is xuegod63 host ip: 192.168.1.63( This ip You can configure according to your environment , Configure as static IP) To configure :4vCPU/4Gi Memory

Prepare the experimental environment : Create a new centos7.6 64 Bit virtual machine The host name is xuegod64 host ip: 192.168.1.64( This ip You can configure according to your environment , Configure as static IP) To configure :4vCPU/4Gi Memory

Initialize the experimental environment - install docker

# Configure static IP Configure the virtual machine or physical machine to be static ip Address , So when the machine restarts ip The address will not change . With xuegod64 For example, the host computer , Modify static IP: modify /etc/sysconfig/network-scripts/ifcfg-ens33 file , Change to the following :

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.1.64
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
# After modifying the configuration file, you need to restart the network service to make the configuration take effect , The command to restart the network service is as follows :
service network restart

# Configure host name :xuegod64
hostnamectl set-hostname xuegod64
# stay xuegod63 and xuegod64 On the configuration hosts file , Let two hosts hosts Documents are consistent 
[[email protected] ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.63 xuegod63
192.168.1.64 xuegod64
[[email protected] ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.63 xuegod63
192.168.1.64 xuegod64
# close firewalld A firewall 
[[email protected] ~]# systemctl stop firewalld ; systemctl disable firewalld
# close iptables A firewall 
[[email protected] ~]# yum install iptables-services -y # install iptables
# Ban iptables
[[email protected] ~]# service iptables stop && systemctl disable iptables
 Clear firewall rules 
[[email protected] ~]# iptables -F 
# close selinux
[[email protected] ~]# setenforce 0 # Temporarily disabled 
# Permanently disabled 
[[email protected] ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
 Be careful : modify selinux After the configuration file , Restart the machine ,selinux In order to be permanent 
[[email protected] ~]# getenforce
Disabled
# Configure time synchronization 
[[email protected] ~]# ntpdate cn.pool.ntp.org
# Planning task 
crontab -e
* */1 * * * /usr/sbin/ntpdate   cn.pool.ntp.org
 restart crond Service makes configuration effective :
service crond restart
 Copy code 

Method 1: Online installation docker-ce , Configure domestic docker-ce Of yum Source ( Alibaba cloud )

[[email protected] ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
 Copy code 

To configure docker-ce Off line yum Source : Method 2: It is recommended that you use offline installation , What is needed below k8s-docker.tar.gz Compressed private mail me [[email protected] ~]# tar xf k8s-docker.tar.gz -C /opt/ [[email protected] ~]# tee /etc/yum.repos.d/k8s-docker.repo << 'EOF' [k8s-docker] name=k8s-docker baseurl=file:///opt/k8s-docker enable=1 gpgcheck=0 EOF

Install the base package

[[email protected] ~]# yum install -y wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl
 curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel  python-devel epel-release 
 openssh-server socat  ipvsadm conntrack ntpdate  telnet
 Copy code 

install docker Environment depends on

[[email protected] ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
 Copy code 

install docker-ce

[[email protected] ~]# yum install docker-ce docker-ce-cli containerd.io -y
 Copy code 

notes :docker-ce-cli Role is docker Command line toolkit containerd.io Functions are container interface related packages yum info The name of the package , You can view the specific functions of a package .

# start-up docker service

[[email protected] ~]# systemctl start docker && systemctl enable docker
 Copy code 

# see Docker Version information

[[email protected] ~]# docker version 
[[email protected] ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-04-20 10:07:23 CST; 9s ago
 Copy code 

Turn on packet forwarding function and modify kernel parameters

Kernel parameter modification :

[[email protected] ~]# modprobe br_netfilter
[[email protected] ~]# echo "modprobe br_netfilter" >> /etc/profile
[[email protected] ~]# cat > /etc/sysctl.d/docker.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[[email protected] ~]# sysctl -p /etc/sysctl.d/docker.conf
 Copy code 

# restart docker

[[email protected] ~]# systemctl restart docker
 Copy code 

What is? br_netfilter? linux iptables/netfilter Through the and linux bridge Functional linkage , To achieve transparent firewall function .

Transparent firewall (Transparent Firewall) Also known as bridge mode firewall (Bridge Firewall). Simply speaking , Is to add the firewall function to the bridge device . Transparent firewall has strong deployment capability 、 Good concealment 、 Advantages of high security .

Why should we execute modprobe br_netfilter? stay /etc/sysctl.conf Add :

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1 
 Copy code 

perform sysctl -p When :

resolvent :

modprobe br_netfilter
 Copy code 

Remember net.bridge.bridge-nf-call-ip6tables and net.ipv4.ip_forward Do you ?

net.ipv4.ip_forward: stand-alone docker A host is essentially installed on the network docker0 The bridge , When accessing the inside of the container from the outside, you only need to access the address of the host and the corresponding container mapped address , After the packets are accessed to the host computer, they pass through ip After the package is parsed, the destination is passed port and iptables The rules of will send packets from eth0 Network card forward to docker0 Next routing on the bridge . So if the host of the container ip_forward Not opened , The container on the host cannot be accessed by other hosts

net.bridge.bridge-nf-call-ip6tables: By default , Traffic sent from the container to the default bridge , It will not be forwarded to the outside . To enable forwarding :net.bridge.bridge-nf-call-ip6tables = 1

To configure xuegod64 by docker Private warehouse server

1. Pull registry Mirror image . registry The image includes software for building a local private warehouse :

registry   [ˈredʒɪstri]    Record , registration   ;  pull  PULL  ; push  PUSH 
 Copy code 

hold registry.tar Upload to xuegod64 On Import local image :

[[email protected] ~]# docker load -i registry.tar
 Copy code 
  1. see registry Mirror image
[[email protected] ~]# docker images 
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
registry      latest              047218491f8c        3 weeks ago         33.17 MB
 Copy code 
  1. actual combat : Use registry The image builds a private warehouse

Use registry The image builds a private warehouse . registry The private library program has been installed in the image , I just need to use registry Running a mirror docker Instance is OK .

registry The service listens to the port number , The default is 5000

[[email protected]~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry registry:latest
e4698f625a56661edd2678269215ba42d4fa41c2da881768a741a72b4a3d0c60
 Copy code 

By default ,Registry The directory where the image is stored is /var/lib/registry Under the table of contents , So if the container is deleted , The image stored in the container will also be lost , Therefore, we usually specify a directory of the local physical machine, such as /opt/registry Attached to the container /var/lib/registry Next . Use -v Parameters , Specify a local persistent path .

[[email protected]~]# ls /opt/registry #  This directory will be created automatically 
[[email protected]~]# docker ps
CONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                    NAMES
90cc7afb477e   registry:latest   "/entrypoint.sh /etc…"   34 seconds ago   Up 33 seconds   0.0.0.0:5000->5000/tcp   registry
[[email protected] ~]# netstat -antup | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      4032/docker-proxy
 Copy code 

explain , The private library has been started successfully .

View the list of images in the private warehouse :

curl http://192.168.1.64:5000/v2/_catalog 
{"repositories":[]}   
 Copy code 

# Find out , It's still empty , Later uploaded the local docker Mirror to private warehouse , There's data .

To configure xuegod63 Upper docker Use xuegod64 Private warehouse on the Internet

modify docker The configuration file , Appoint docker The image acceleration node is : The address of the private warehouse

[[email protected] ~]# vim /etc/docker/daemon.json 
 Copy code 

# modify daemon.json file , Write the following : "insecure-registries": [ "192.168.1.64:35000" ]
Modified /etc/docker/daemon.json The complete contents of the document are as follows :

{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker- cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub- mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com","https://rncxm540.mirror.aliyuncs.com"
,"https://e9yneuy4.mirror.aliyuncs.com"],
"insecure-registries": [ "192.168.1.64:5000" ]  
}
 Copy code 

notes : --insecure-registry Unsafe registration . Insecurity here means walking http agreement , To transfer images safely , Need to use https agreement . Our private warehouse is generally used in local area , So use it directly http The agreement will do . # Reload , Make configuration effective

[[email protected] ~]# systemctl daemon-reload
 Copy code 

# Restart docker service

[[email protected] ~]# systemctl restart docker 
 Copy code 

actual combat - Upload the local image to the private warehouse

  1. from Docker HUB Pull up a test image , name : busybox

Local import Upload busybox.tar Mirror to xuegod63 On , As a test image .

[[email protected] ~]# docker load -i busybox.tar
[[email protected] ~]# docker images 
REPOSITORY  TAG      IMAGE ID		     CREATED            SIZE
busybox      latest     00f017a8c2a6    	2 weeks ago         1.11 MB
 Copy code 

notes : BusyBox summary : BusyBox It is an integration of more than 100 most commonly used Linux Software for commands and tools .BusyBox Contains BusyBox Some simple tools , for example ls、cat and echo wait , It also includes some bigger 、 More sophisticated tools , example grep、find、mount as well as telnet. Some people will BusyBox be called Linux The Swiss Army knife in the tool . To put it simply BusyBox It's like a big toolbox , It's compressed and integrated Linux A lot of tools and commands for , Also includes Android The system comes with shell. Have you seen the Swiss Army knife ?  Insert picture description here

Official website : www.busybox.net  Insert picture description here 2 . Label the basic image ( Copy an image and give it a name ) grammar : docker tag Original image name : label Private warehouse address / New image name : label perform :

[[email protected] ~]# docker tag busybox:latest 192.168.1.64:5000/busybox:latest
 Copy code 

notes : Do not write mirror labels , The default is :latest

[[email protected] ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
192.168.1.64:5000/busybox   latest    00f017a8c2a6   4 years ago    1.11MB
 Copy code 

3. Put the newly labeled 192.168.1.64:35000/busybox Mirror image ,push To xuegod64 In a private warehouse .

[[email protected] ~]# docker push 192.168.1.64:5000/busybox 
 Copy code 

push : Transfer the image to the private image warehouse 4. Sign in xuegod64 On , View the storage directory and files of the image

[[email protected] ~]# yum install tree -y 
[[email protected] ~]# tree /opt/registry/docker/registry/v2/repositories/
/opt/registry/docker/registry/v2/repositories/
└── busybox   # You can see the uploaded image 
 Copy code 

visit http://192.168.1.64:5000/v2/_catalog
# You can view the list of images in the private warehouse , Here's the picture :

{"repositories":["busybox"]}
 Copy code 

3.2.6 actual combat - Create a service using an image in a private Repository delete mirror : grammar : docker rmi Mirror name : label
[[email protected] ~]# docker rmi 192.168.1.64:5000/busybox # delete mirror [[email protected] ~]# docker pull 192.168.1.64:5000/busybox # Download mirroring [[email protected] ~]# docker images # View the imported image REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.1.64:5000/busybox latest 00f017a8c2a6 2 weeks ago 1.11 MB

Use the newly imported image , Run a new docker example : [[email protected] ~]# docker run 192.168.1.64:5000/busybox:latest echo "hello"
hello The successful running .

summary Steps to build a private warehouse : 1、 hold registry Image import xuegod64 machine 2、 be based on registry Running a mirror docker example ,registry Default listening 5000 port , Mapping is required on the host 5000 port

The steps of transferring the image to the private warehouse : 1、 install docker service 2、 modify docker Service image source , Change to private warehouse address :

"insecure-registries": [ "192.168.1.64:5000" ] 
 Copy code 

3、 Label the image to be imported, such as : 192.168.1.64:5000/busybox:latest 4、 Upload the tagged image to the private warehouse : docker push 192.168.1.64:5000/busybox:latest

Download images from private repositories : 1、 modify docker Service image source , Change to private warehouse address :

"insecure-registries": [ "192.168.1.64:5000" ]
 Copy code 

2、 Download the image just uploaded : docker pull 192.168.1.64:5000/busybox:latest 3、 View the list of images in the private warehouse :http://192.168.1.64:5000/v2/_catalog

actual combat : Use harbor build Docker Private warehouse

harbor Introduce Docker The development and operation of container application cannot do without reliable image management , although Docker The government also provides a public image warehouse , But in terms of safety and efficiency , Deploy the Registry It is also very necessary .Harbor By VMware Open source enterprise level Docker Registry Management project , It includes rights management (RBAC)、LDAP、 Log audit 、 Management interface 、 Self registration 、 Image copy and Chinese support . Official website address :github.com/goharbor/ha…  Insert picture description here

harbor ['hɑ:bə] Gulf

Experimental environment : xuegod64 The machine needs at least 2G, What I assigned was 6G notes : install harbor, The free space of the system root partition needs to be greater than 6G, Otherwise, insufficient space will be reported during installation . Memory 2G above  Insert picture description here

by harbor grant a certificate

[[email protected] ~]# mkdir /data/ssl -p
[[email protected] ~]# cd /data/ssl/
 Copy code 

Generate ca certificate :

[[email protected] ssl]# openssl genrsa -out ca.key 3072
 Copy code 

# Generate a 3072 Bit key, That's the private key

[[email protected] ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
 Copy code 

# Generate a digital certificate ca.pem,3650 Indicates that the valid time of the certificate is 3 year , Just fill in according to the arrow prompt , If there is no arrow mark, it is empty :

[[email protected] ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BJ Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:xuegod Organizational Unit Name (eg, section) []:CA Common Name (eg, your name or your server's hostname) []:xuegod64.cn Email Address []:[email protected]  Copy code 

# Generate a certificate for the domain name :

[[email protected] ssl]# openssl genrsa -out harbor.key 3072
 Copy code 

# Generate a 3072 Bit key, That's the private key

[[email protected] ssl]# openssl req -new -key harbor.key -out harbor.csr
 Copy code 

# Generate a certificate request , It will be necessary to issue the certificate later , If marked with arrows, fill in as prompted , If there is no arrow mark, it is empty :

[[email protected] ssl]# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BJ Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:xuegod Organizational Unit Name (eg, section) []:CA Common Name (eg, your name or your server's hostname) []:xuegod64.cn Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:  Copy code 

grant a certificate :

[[email protected] ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
 Copy code 

It is shown as follows , Explain that the certificate has been issued :  Insert picture description here Check whether the certificate is valid :

openssl x509 -noout -text -in harbor.pem 
 Copy code 

It is shown as follows , The description is valid :

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            cd:21:3c:44:64:17:65:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CH, ST=BJ, L=BJ, O=Default Company Ltd
        Validity
            Not Before: Dec 26 09:29:19 2020 GMT
            Not After : Dec 24 09:29:19 2030 GMT
        Subject: C=CH, ST=BJ, L=BJ, O=Default Company Ltd, CN=harbor
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:60:c3:e6:35:70:11:c8:73:83:38:9a:7e:b8:
                    ...
 Copy code 

install harbor

# Before deleting registry Containers , Prevent heel installation harbor Conflict

[[email protected] ssl]# docker rm -f registry
 Copy code 

Create installation directory

[[email protected] ssl]# mkdir /data/install -p
[[email protected] ssl]# cd /data/install/
 Copy code 

install harbor /data/ssl There are the following files in the directory :

ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem

[[email protected] install]# cd /data/install/
 Copy code 

# hold harbor The offline package of harbor-offline-installer-v1.5.0.tgz Upload to this directory , The offline package provides , You can download it yourself : decompression :

[[email protected] install]# tar zxvf harbor-offline-installer-v1.5.0.tgz
[[email protected] install]# cd harbor
[[email protected] harbor]# ls
 Copy code 

# You can see the following table of contents : #common Catalog : Store template configuration #ha Catalog : do harbor Highly available

Modify the configuration file :

[[email protected] harbor]# vim harbor.cfg
hostname = xuegod64
 Copy code 

# modify hostname, Keep consistent with the domain name of the certificate issued above

ui_url_protocol = https
 Copy code 

# For agreement https

ssl_cert = /data/ssl/harbor.pem
ssl_cert_key = /data/ssl/harbor.key
 Copy code 

Mail and ldap No configuration required , stay harbor Of web The interface can be configured Other configurations can be configured by default Save and exit after modification notes :harbor Default account password :admin/Harbor12345

install docker-compose Method 1: Offline upload docker-compose To the server Download binaries and upload to linux( Course materials have been provided docker-compose Binary files can be uploaded directly )

[[email protected] ~]# rz
 Copy code 

 Insert picture description here

[[email protected] ~]# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
 Copy code 

Add execute permission

[[email protected] ~]# chmod +x /usr/local/bin/docker-compose
 Copy code 

notes : docker-compose The project is Docker Official open source projects , Be responsible for the realization of Docker The rapid arrangement of container clusters .Docker-Compose The default project configuration file is docker-compose.yml,Docker-Compose There must be a in the running directory docker-compose.yml.docker-compose Can manage multiple docker example .

Method 2: Online installation :

[[email protected] ~]# curl -L https://github.com/docker/compose/releases/download/1.26.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
 Copy code 

Add execute permission

[[email protected] ~]# chmod +x /usr/local/bin/docker-compose
 Copy code 

install harbor Offline image package required docker-harbor.tar.gz In the courseware , Can be uploaded to xuegod64, adopt docker load -i decompression

[[email protected] ~]# docker load -i docker-harbor.tar.gz
[[email protected] install]# cd /data/install/harbor
[[email protected] harbor]# ./install.sh --with-notary --with-clair
 Copy code 

#clair Open the vulnerability scanning of the image .Clair It's an open source project , It provides a tool , Through static analysis appc and docker To monitor the security of the container .Clair It's a API Driven analysis engine , It checks the container layer by layer for known safety defects . Use Clair, You can easily build services that provide continuous monitoring of container vulnerabilities .  Insert picture description here  Insert picture description here The above interface will appear during installation , The installation is normal ,docker ps It is shown as follows , It indicates that the container starts normally  Insert picture description here Modify on your own computer hosts file  Insert picture description here stay hosts Add the following line to the file , And save it

192.168.1.64  xuegod64
 Copy code 

Expand : How to stop harbor: You can use docker-compose To turn on or off Harbor service . But it must be with docker-compose.yml Run in the same directory .

[[email protected] harbor]# cd /data/install/harbor
[[email protected] harbor]# docker-compose stop 
 or :docker-compose stop  -f /data/install/docker-compose.yml
 Copy code 

How to start harbor:

[[email protected] harbor]# cd /data/install/harbor
[[email protected] harbor]# docker-compose start
docker-compose start	
 Copy code 

If docker-compose start start-up harbor after , Still can't visit , Then you need to restart the virtual machine

harbor Instructions for using the graphical interface

Type in the browser : https://xuegod64  Insert picture description here Accept the risk and continue , The following interface appears , Indicates that the access is normal  Insert picture description here account number :admin password :Harbor12345 Enter the account and password as follows :  Insert picture description here All basic images will be placed in library Inside , This is an open image repository

New projects -> Name a project test( Make the access level public , So that the project can be used publicly )  Insert picture description here  Insert picture description here

stay xuegod63 The test uses xuegod64 Of harbor Mirror warehouse

# modify docker To configure

[[email protected] ~]# vim /etc/docker/daemon.json

{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com","https://rncxm540.mirror.aliyuncs.com","https://e9yneuy4.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.1.64"]
}
 Copy code 

Make the configuration effective after modifying the configuration :

[[email protected] ~]# systemctl daemon-reload && systemctl restart docker
 Copy code 

# see docker Startup successful

[[email protected] ~]# systemctl status docker
 Copy code 

# It is shown as follows , Indicating successful startup :

Active: active (running) since Fri … ago
 Copy code 

Be careful : A new line has been added to the configuration as follows :

"insecure-registries":["192.168.1.64"], 
 Copy code 

The content added above indicates our intranet access harbor When I left http,192.168.1.64 It's installation harbor Mechanical ip

Sign in harbor:

[[email protected]]# docker login 192.168.1.64

Username:admin 
Password:  Harbor12345
 Copy code 

After entering the account and password, you will see the following , It means the login is successful :

Login Succeeded
 Copy code 

# Import tomcat Mirror image ,tomcat.tar.gz In the courseware

[[email protected] ~]# docker load -i tomcat.tar.gz
 Copy code 

# hold tomcat Image tagging

[[email protected] ~]# docker tag tomcat:latest 192.168.1.64/test/tomcat:v1
 Copy code 

Executing the above command will put 192.168.1.64/test/tomcat:v1 Upload to harbor Inside test Under the project

[[email protected] ~]# docker push 192.168.1.64/test/tomcat:v1
 Copy code 

Executing the above command will put 192.168.1.64/test/tomcat:v1 Upload to harbor Inside test Under the project  Insert picture description here

from harbor Warehouse Download Image

stay xuegod63 Delete the image on the machine

[[email protected] ~]# docker rmi -f 192.168.1.64/test/tomcat:v1
 Copy code 

Pull the mirror image

[[email protected] ~]#docker pull 192.168.1.64/test/tomcat:v1
 Copy code 

Expand : If you want to go safe https visit harbor, You can use the following methods

# Log in to xuegod63 machine , Create certificate storage directory

[[email protected]]# mkdir -p /etc/docker/certs.d/xuegod64
 Copy code 

#xuegod64 yes harbor The host name specified when issuing the certificate

# Sign in harbor The server , hold ca Copy the certificate to use docker On the machine

[[email protected] ~]# cd /data/ssl
[[email protected] ~]# scp ca.pem xuegod63:/etc/docker/certs.d/xuegod64/
 Copy code 

# Log in to xuegod63 machine

[[email protected]]# mv /etc/docker/certs.d/xuegod64
[[email protected] ~]# mv ca.pem ca.crt
 Copy code 

# modify docker To configure

[[email protected] ~]# vim /etc/docker/daemon.json

{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com","https://rncxm540.mirror.aliyuncs.com","https://e9yneuy4.mirror.aliyuncs.com"],
}
 Copy code 

# Delete "insecure-registries": ["192.168.1.64"]

# restart docker that will do

[[email protected]]# systemctl restart docker
[[email protected]]# docker login https://xuegod64

Username:admin 
Password:  Harbor12345
 Copy code 

Use Alibaba cloud's private warehouse to store your own docker Mirror image

Log in to alicloud developer platform developer.aliyun.com/service  Insert picture description here Log in with your own account , If not, register an account

cr.console.aliyun.com/cn-hangzhou…  Insert picture description here # Click Run personal  Insert picture description here Click... On this page “ Namespace ”- Create a namespace : testxuegod1  Insert picture description here  Insert picture description here Configure a password to access the private warehouse , User name is the user name you log in to the website .  Insert picture description here Create a mirror repository :  Insert picture description here Warehouse name :test  Insert picture description here  Insert picture description here Point management , See how to use :  Insert picture description here Click the management page , Check the operation guide :  Insert picture description here  Insert picture description here

Start using Alibaba cloud's private warehouse

Log in to alicloud docker registry:

[[email protected] ~]# docker login --username=lucky6a6a registry.cn-hangzhou.aliyuncs.com
 Copy code 

Sign in registry Your user name is the full name of the alicloud account , The password is the password set when opening the service . Sign in xuegod63 Mirror the local image tomcat Push to Alibaba cloud registry # hold tomcat Upload the image to xuegod63 On , Manually decompress

docker load  -i tomcat.tar.gz
 Copy code 

Label the basic image

[[email protected] ~]# docker tag tomcat registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
 Copy code 

# Upload the image to the alicloud host

[[email protected] ~]# docker push registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
 Copy code 

View on Alibaba cloud :  Insert picture description here  Insert picture description here Download an image : Log in to alicloud docker registry:

[[email protected] ~]# docker login --username=lucky6a6a registry.cn-hangzhou.aliyuncs.com
 Copy code 

Sign in registry Your user name is the full name of the alicloud account , The password is the password set when opening the service . See the following instructions to log in successfully :  Insert picture description here

[[email protected] ~]# docker pull registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
[[email protected] ~]# docker images
 Copy code 

# Configure alicloud image Accelerator

https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
 Copy code 

 Insert picture description here

copyright notice
author[Learning God is coming],Please bring the original link to reprint, thank you.
https://en.cdmana.com/2022/01/202201270537437709.html