docker仓库的工作原理和maven的类似,他们都提供了提供了一个中央仓库,允许用户科技直接从中央仓库下载,同时我们也可以搭建自己的本地私有仓库。下面我们将完整的说明使用docker registry 搭建docker私有镜像仓库和管理工具harbor的过程。
docker本地私有镜像仓库的优点:

  1. 从私有仓库中下载节省网络带宽;
  2. 从私有仓库中下载速度快,一般都是局域网络内部署;
  3. 托管不对外的内部镜像;

安装dokcer服务

配置源wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

安装docker-ce容器服务: yum -y install docker-ce
添加docker服务开机自启动: systemctl enable docker && systemctl start docker
修改docker启动参数:

1
2
3
4
5
6
7
8
9
10
11
cat  > /etc/docker/daemon.json  <<EOF
{
"registry-mirrors": [
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://registry.docker-cn.com"
],
"insecure-registries": ["192.168.100.10"],
   "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

注意:客户机的该文件也需要加如下配置: “insecure-registries”: [“192.168.100.10”]

修改docker的启动服务脚本docker.service:
在[Service]节点下增加
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
修改完成使用systemctl daemon-reload && systemctl restart docker重启服务

启动docker服务: systemctl start docker
查看docker版本号: docker –version

查看docker详细信息: docker info

拉取registry镜像

执行拉取镜像命令:docker pull registry

执行查看镜像命令:docker images

挂载镜像存储目录

将容器内的数据映射挂载在自己指定的目录上,以/work/docker-repo为镜像存储的目录

执行如下命令:

1
docker run -d -p 5000:5000 --privileged=true -v /work/docker-repo:/var/lib/registry --name docker-registry registry

-d : 让容器可以后台运行
-p :指定映射端口(前者是宿主机的端口号,后者是容器的端口号)
-v :数据挂载(前者是宿主机的目录,后者是容器的目录)
–name : 为运行的容器命名

重启容器并开启registry服务

重启docker服务:systemctl restart docker
开启registry服务:docker start docker-registry

安装epel

执行安装命令:yum install -y epel-release

安装pip

执行安装命令:yum install -y python-pip

升级pip

执行升级命令:pip install –upgrade pip

安装docker-compose

执行安装命令:pip install docker-compose

安装Harbor

官网地址:https://github.com/goharbor/harbor/releases
最新地址:https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
下载安装包:wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz

解压安装包:tar xvf harbor-offline-installer-v1.9.0.tgz

修改harbor.yml配置

执行修改命令:vi /work/harbor/harbor.yml
将hostname改为本机机器ip,登录密码改为123456(实际环境请改为复杂密码)

安装启动harbor

执行 ./install.sh

看到如下日志,即为安装启动成功:

我们在工作机器访问:http://192.168.100.10
用户:admin 密码:123456

登录成功如下:

harbor简单使用

首选创建一个kubernets的项目

然后在/work/docker-pull目录下创建拉取k8s v1.15.3所需的镜像脚本

k8s-v1.15.3-pull.sh内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google-containers/flannel:v0.9.0-amd64

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3 192.168.100.10/kubernetes/kube-apiserver:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3 192.168.100.10/kubernetes/kube-controller-manager:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3 192.168.100.10/kubernetes/kube-scheduler:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3 192.168.100.10/kubernetes/kube-proxy:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 192.168.100.10/kubernetes/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10 192.168.100.10/kubernetes/etcd:3.3.10
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1 192.168.100.10/kubernetes/coredns:1.3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google-containers/flannel:v0.9.0-amd64 192.168.100.10/kubernetes/flannel:v0.9.0-amd64

docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google-containers/flannel:v0.9.0-amd64

docker push 192.168.100.10/kubernetes/kube-apiserver:v1.15.3
docker push 192.168.100.10/kubernetes/kube-controller-manager:v1.15.3
docker push 192.168.100.10/kubernetes/kube-scheduler:v1.15.3
docker push 192.168.100.10/kubernetes/kube-proxy:v1.15.3
docker push 192.168.100.10/kubernetes/pause:3.1
docker push 192.168.100.10/kubernetes/etcd:3.3.10
docker push 192.168.100.10/kubernetes/coredns:1.3.1
docker push 192.168.100.10/kubernetes/flannel:v0.9.0-amd64


完成后执行chmod +x k8s-v1.15.3-pull.sh

执行./k8s-v1.15.3-pull.sh

在push过程中发生错误:

虽然是公开仓库,是允许公开pull,但是push是需要登录的,我们这里登录harbor的管理员账号:

再次执行基本,可以看到正常push了

镜像操作完成docker images查看

查看镜像存储目录,发现私有库中已存在镜像

登录harbor中查看,也已经存在镜像

至此docker 私有镜像仓库以及管理服务Harbor搭建完成。