镜像仓库
Docker
镜像仓库
Docker

镜像仓库

阿里云镜像仓库

1. 登录阿里云Docker Registry

$ docker login --username=aliyun6292352240 registry.cn-hangzhou.aliyuncs.com

用于登录的用户名为阿里云账号全名,密码为开通服务时设置的密码。

您可以在访问凭证页面修改凭证密码。
2. 从Registry中拉取镜像

$ docker pull registry.cn-hangzhou.aliyuncs.com/shuzihan/publicstore:[镜像版本号]

3. 将镜像推送到Registry

$ docker login --username=aliyun6292352240 registry.cn-hangzhou.aliyuncs.com
$ docker tag [ImageId] registry.cn-hangzhou.aliyuncs.com/shuzihan/publicstore:[镜像版本号]
$ docker push registry.cn-hangzhou.aliyuncs.com/shuzihan/publicstore:[镜像版本号]

请根据实际镜像信息替换示例中的[ImageId]和[镜像版本号]参数。
4. 选择合适的镜像仓库地址

从ECS推送镜像时,可以选择使用镜像仓库内网地址。推送速度将得到提升并且将不会损耗您的公网流量。

如果您使用的机器位于VPC网络,请使用 registry-vpc.cn-hangzhou.aliyuncs.com 作为Registry的域名登录。
5. 示例

使用"docker tag"命令重命名镜像,并将它通过专有网络地址推送至Registry。

$ docker images
REPOSITORY                                                         TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
registry.aliyuncs.com/acs/agent                                    0.7-dfb6816         37bb9c63c8b2        7 days ago          37.89 MB
$ docker tag 37bb9c63c8b2 registry-vpc.cn-hangzhou.aliyuncs.com/acs/agent:0.7-dfb6816

使用 "docker push" 命令将该镜像推送至远程。

$ docker push registry-vpc.cn-hangzhou.aliyuncs.com/acs/agent:0.7-dfb6816

Docker镜像仓库

#首次登陆生成key.json文件
[root@localhost ~]#docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: shuzihan
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

#打标签上传镜像
[root@localhost ~]#docker tag ubuntu2204:v1.0 docker.io/shuzihan/ubuntu2004:v1.0
[root@localhost ~]#docker push docker.io/shuzihan/ubuntu2004:v1.0

Harbor镜像仓库

#脚本一件安装harbor2.6.1
[root@ubuntu2004 ~]#vim install_harbor.sh 
#!/bin/bash
# 
#********************************************************************
#Author:            shuhong
#QQ:                985347841
#Date:              2022-10-21
#FileName:          install_harbor.sh
#URL:               hhhhh
#Description:       The test script
#Copyright (C):     2022 All rights reserved
#********************************************************************

read -p "请输入harbor版本(2.6.1):" HARBOR_VERSION
#HARBOR_VERSION=2.6.1
#HARBOR_VERSION=2.6.0
HARBOR_BASE=/apps
HARBOR_NAME=www.shuhong.com
#HARBOR_NAME=hostname -I|awk '{print $1}'

DOCKER_VERSION="20.10.10"
#DOCKER_VERSION="19.03.14"
DOCKER_URL="http://mirrors.ustc.edu.cn"
#DOCKER_URL="https://mirrors.tuna.tsinghua.edu.cn"

DOCKER_COMPOSE_VERSION=2.6.1
#DOCKER_COMPOSE_VERSION=1.29.2
DOCKER_COMPOSE_FILE=docker-compose-Linux-x86_64


HARBOR_ADMIN_PASSWORD=123456

HARBOR_IP=hostname -I|awk '{print $1}'


COLOR_SUCCESS="echo -e \\033[1;32m"
COLOR_FAILURE="echo -e \\033[1;31m"
END="\033[m"

. /etc/os-release
UBUNTU_DOCKER_VERSION="5:${DOCKER_VERSION}~3-0~${ID}-${UBUNTU_CODENAME}"

color () {
    RES_COL=60
    MOVE_TO_COL="echo -en \\033[${RES_COL}G"
    SETCOLOR_SUCCESS="echo -en \\033[1;32m"
    SETCOLOR_FAILURE="echo -en \\033[1;31m"
    SETCOLOR_WARNING="echo -en \\033[1;33m"
    SETCOLOR_NORMAL="echo -en \E[0m"
    echo -n "$1" && $MOVE_TO_COL
    echo -n "["
    if [ $2 = "success" -o $2 = "0" ] ;then
        ${SETCOLOR_SUCCESS}
        echo -n $"  OK  "    
    elif [ $2 = "failure" -o $2 = "1"  ] ;then
        ${SETCOLOR_FAILURE}
        echo -n $"FAILED"
    else
        ${SETCOLOR_WARNING}
        echo -n $"WARNING"
    fi
    ${SETCOLOR_NORMAL}
    echo -n "]"
    echo 
}


install_docker(){
    if [ $ID = "centos" -o $ID = "rocky" ];then
        if [ $VERSION_ID = "7" ];then
            cat >  /etc/yum.repos.d/docker.repo  <<EOF
[docker]
name=docker
gpgcheck=0
#baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
baseurl=${DOCKER_URL}/docker-ce/linux/centos/7/x86_64/stable/
EOF
        else
            cat >  /etc/yum.repos.d/docker.repo  <<EOF
[docker]
name=docker
gpgcheck=0
#baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/8/x86_64/stable/
baseurl=${DOCKER_URL}/docker-ce/linux/centos/8/x86_64/stable/
EOF
        fi
        yum clean all
        ${COLOR_FAILURE} "Docker有以下版本"${END}
        yum list docker-ce --showduplicates
        ${COLOR_FAILURE}"5秒后即将安装: docker-"${DOCKER_VERSION}" 版本....."${END}
        ${COLOR_FAILURE}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
        sleep 5
        yum -y install docker-ce-$DOCKER_VERSION docker-ce-cli-$DOCKER_VERSION  \
            || { color "Base,Extras的yum源失败,请检查yum源配置" 1;exit; }
    else
        dpkg -s docker-ce &> /dev/null && $COLOR"Docker已安装,退出" 1 && exit
        apt update || { color "更新包索引失败" 1 ; exit 1; }
        apt  -y install apt-transport-https ca-certificates curl software-properties-common || \
            { color "安装相关包失败" 1 ; exit 2;  }
        curl -fsSL ${DOCKER_URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
        add-apt-repository "deb [arch=amd64] ${DOCKER_URL}/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
        apt update
        ${COLOR_FAILURE} "Docker有以下版本"${END}
        apt-cache madison docker-ce
        ${COLOR_FAILURE}"5秒后即将安装: docker-"${UBUNTU_DOCKER_VERSION}" 版本....."${END}
        ${COLOR_FAILURE}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
        sleep 5
        apt -y  install docker-ce=${UBUNTU_DOCKER_VERSION} docker-ce-cli=${UBUNTU_DOCKER_VERSION}
    fi
    if [ $? -eq 0 ];then
        color "安装软件包成功"  0
    else
        color "安装软件包失败,请检查网络配置" 1
        exit
    fi

    mkdir -p /etc/docker
    tee /etc/docker/daemon.json <<-'EOF'
{
      "registry-mirrors": ["https://si7y70hh.mirror.aliyuncs.com"],
      "insecure-registries": ["www.shuhong.com"]
}
EOF
    systemctl daemon-reload
    systemctl enable docker
    systemctl restart docker
    docker version && color "Docker 安装成功" 0 ||  color "Docker 安装失败" 1
    echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrc
    echo 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}



install_docker_compose(){
    if [ $ID = "centos" -o $ID = "rocky" ];then
        ${COLOR_SUCCESS}"开始安装 Docker compose....."${END}
        sleep 1
        if [ ! -e  ${DOCKER_COMPOSE_FILE} ];then
            #curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/${DOCKER_COMPOSE_FILE} -o /usr/bin/docker-compose
            curl -L https://get.daocloud.io/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
        else
            mv ${DOCKER_COMPOSE_FILE} /usr/bin/docker-compose
        fi
        chmod +x /usr/bin/docker-compose
    else
        apt -y install docker-compose
    fi
    if docker-compose --version ;then
        ${COLOR_SUCCESS}"Docker Compose 安装完成"${END}
    else
        ${COLOR_FAILURE}"Docker compose 安装失败"${END}
        exit
    fi
}

install_harbor(){
    ${COLOR_SUCCESS}"开始安装 Harbor....."${END}
    sleep 1
    if  [ ! -e  harbor-offline-installer-v${HARBOR_VERSION}.tgz ] ;then
        wget https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/harbor-offline-installer-v${HARBOR_VERSION}.tgz || ${COLOR_FAILURE} "下载失败!" ${END}
    fi
    [ -d ${HARBOR_BASE} ] ||  mkdir ${HARBOR_BASE}
    tar xvf harbor-offline-installer-v${HARBOR_VERSION}.tgz  -C ${HARBOR_BASE}
    cd ${HARBOR_BASE}/harbor
    cp harbor.yml.tmpl harbor.yml
    sed -ri "/^hostname/s/reg.mydomain.com/${HARBOR_NAME}/" harbor.yml
    sed -ri "/^https/s/(https:)/#\1/" harbor.yml
    sed -ri "s/(port: 443)/#\1/" harbor.yml
    sed -ri "/certificate:/s/(.*)/#\1/" harbor.yml
    sed -ri "/private_key:/s/(.*)/#\1/" harbor.yml
    sed -ri "s/Harbor12345/${HARBOR_ADMIN_PASSWORD}/" harbor.yml
    sed -i 's#^data_volume: /data#data_volume: /data/harbor#' harbor.yml
    #mkdir -p /data/harbor
    ${HARBOR_BASE}/harbor/install.sh && ${COLOR_SUCCESS}"Harbor 安装完成"${END} ||  ${COLOR_FAILURE}"Harbor 安装失败"${END}
    cat > /lib/systemd/system/harbor.service <<EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f  ${HARBOR_BASE}/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f ${HARBOR_BASE}/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target
EOF

    systemctl daemon-reload
    systemctl enable  harbor &>/dev/null ||  ${COLOR}"Harbor已配置为开机自动启动"${END}
    if [ $?  -eq 0 ];then
        echo 
        color "Harbor安装完成!" 0
        echo "-------------------------------------------------------------------"
        echo -e "请访问链接: \E[32;1mhttp://${HARBOR_IP}/\E[0m" 
        echo -e "用户和密码: \E[32;1madmin/${HARBOR_ADMIN_PASSWORD}\E[0m" 
    else
        color "Harbor安装失败!" 1
        exit
    fi
    echo "$HARBOR_IP     $HARBOR_NAME"   >> /etc/hosts
}



docker info  &> /dev/null  && ${COLOR_FAILURE}"Docker已安装"${END} || install_docker

docker-compose --version &> /dev/null && ${COLOR_FAILURE}"Docker Compose已安装"${END} || install_docker_compose

install_harbor
[root@localhost ~]#vim /etc/docker/daemon.json 
    {
      "registry-mirrors": ["https://si7y70hh.mirror.aliyuncs.com","https://registry.cn-hangzhou.aliyuncs.com"],
      "insecure-registries": ["10.0.0.201","10.0.0.202"] //加上私仓地址
     }
[root@localhost ~]#docker login 10.0.0.201
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost ~]#docker login 10.0.0.202
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@localhost ~]#docker tag ubuntu2204:v1.0 10.0.0.201/public/ubuntu2204:v1.0
[root@localhost ~]#docker push 10.0.0.201/public/ubuntu2204:v1.0
The push refers to repository [10.0.0.201/public/ubuntu2204]
75004da5ffb5: Pushed 
55439565899f: Pushed 
950d1cd21157: Pushed 
v1.0: digest: sha256:bc45c1f028eabecdc82def0c5592d19387b9865831e110820c3dddac12ccc079 size: 948

配置harbor集群双向复制(高可用还可以使用ceph分布式存储,共享存储)

初始化同步
#在10.0..0.201上做相同配置实现双向复制

#测试分别在201和202上传不同镜像
[root@localhost ~]#docker tag jdk8u341:v1.0 10.0.0.201/public/jdk8u341:v1.0
[root@localhost ~]#docker push 10.0.0.201/public/jdk8u341:v1.0
The push refers to repository [10.0.0.201/public/jdk8u341]
07cc6a232432: Pushed 
2511ca3702e4: Pushed 
c1ab25fd6049: Pushed 
75004da5ffb5: Mounted from public/ubuntu2204 
55439565899f: Mounted from public/ubuntu2204 
950d1cd21157: Mounted from public/ubuntu2204 
v1.0: digest: sha256:c73c5c30ac8111c8f1a1a7cd8e20fcf4487bc07bf8b8e8498fcb533b00c85c96 size: 1575

[root@localhost ~]#docker tag tomcat9.0.65:v1.0 10.0.0.201/public/tomcat9.0.65:v1.0
[root@localhost ~]#docker login 10.0.0.202
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost ~]#docker push 10.0.0.201/public/tomcat9.0.65:v1.0
The push refers to repository [10.0.0.201/public/tomcat9.0.65]
7df9b9b96147: Pushed 
0f22a5e73f4e: Pushed 
808846401514: Pushed 
5afea52a49ce: Pushed 
942af327c611: Pushed 
be3983177bd2: Pushed 
84bca088201d: Pushed 
07cc6a232432: Mounted from public/jdk8u341 
2511ca3702e4: Mounted from public/jdk8u341 
c1ab25fd6049: Mounted from public/jdk8u341 
75004da5ffb5: Mounted from public/jdk8u341 
55439565899f: Mounted from public/jdk8u341 
950d1cd21157: Mounted from public/jdk8u341 
v1.0: digest: sha256:6b30fa57e9bf78f0883108299fee1c9c9dc8b68b117c0bd1a0d72a9bcd2571ac size: 3037

harbor配置证书实现https

#使用crts.sh脚本生成证书
[root@easzlab-k8s-harbor-01 harbor]#ll certs/
total 32
drwxr-xr-x 2 root root  146 Oct 13 15:58 ./
drwxr-xr-x 4 root root  193 Oct 21 14:43 ../
-rw-r--r-- 1 root root 2045 Sep 27 19:41 ca.crt
-rw------- 1 root root 3243 Sep 27 19:41 ca.key
-rw-r--r-- 1 root root   41 Sep 27 19:41 ca.srl
-rw-r--r-- 1 root root 1244 Sep 27 19:40 crts.sh
-rw-r--r-- 1 root root 2126 Sep 27 19:41 shuhong.com.crt
-rw-r--r-- 1 root root 1704 Sep 27 19:41 shuhong.com.csr
-rw------- 1 root root 3247 Sep 27 19:41 shuhong.com.key
-rw-r--r-- 1 root root  277 Sep 27 19:41 v3.ext

#修改harbor配置文件
[root@easzlab-k8s-harbor-01 harbor]#vim harbor.yml
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /apps/harbor/certs/shuhong.com.crt
  private_key: /apps/harbor/certs/shuhong.com.key

#重新加载配置重启harbor
[root@easzlab-k8s-harbor-01 harbor]#./prepare 
[root@easzlab-k8s-harbor-01 harbor]#docker-compose down
[root@easzlab-k8s-harbor-01 harbor]#docker-compose up -d

#将证书拷贝到需要用的机器上
[root@localhost ~]#mkdir -pv /etc/docker/certs.d/shuhong.com/
[root@easzlab-k8s-harbor-01 certs]#scp  shuhong.com.crt /etc/docker/certs.d/shuhong.com/


#转换harbor的crt证书文件为cert后缀,docker识别crt文件为CA证书,cert为客户端证书服务器
openssl x509 -inform PEM -in harbor.org.crt -out harbor.org.cert
#或者
cp -a harbor.org.crt harbor.org.cert
#比较两个文件的不同,实际上是一样的
md5sum harbor.org.crt harbor.org.cert
#创建和harbor服务器同名的目录
mkdir -pv /etc/docker/certs.d/harbor.org/
#如果使用containerd运行时
mkdir -pv /etc/containerd/certs.d/harbor.org/
#在docker客户端使用上面的证书文件
#注意:官方介绍需要同时复制harbor.org.key ca.crt,实际不需要(contraind打镜像需要三个证书,docker只需要一个harbor.org.cert或harbor.org.crt)
cp harbor.org.cert harbor..org.key ca.crt  /etc/docker/certs.d/harbor.org/
#新版如果无法登录,需重启docker服务
systemctl restart docker
Print Friendly, PDF & Email