Docker镜像仓库
传统代码上线流程
gitlab Jenkins
1)开发将代码上传到gitlab
2)使用Jenkins拉取代码
- freestyle
- maven
- pipeline
3)使用sonarqube对代码进行质量检测
4)如果需要编译的代码,就编译构建(Java、C等)
5)使用金丝雀发布方式,发布单台服务器
6)对单台服务器进行测试(测试根据测试用例进行功能测试)
7)单台机器加入集群,发布其他机器
8)整套集群进行测试基于Docker代码上线流程
没有harbor
有harbor
docker私有镜像仓库
-
registry
- 可以用nginx做代理
-
harbor
- 千万不能使用nginx代理
Harbor 是为企业用户设计的容器镜像仓库开源项目,包括了权限管理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、管理界面、自我注册、HA 等企业必需的功能,同时针对中国用户的特点,设计镜像复制和中文支持等功能。
官网:TP
环境准备
| 主机名 | IP地址 | 角色 |
|---|---|---|
| docker01 | 10.0.0.101 | GitLab、Jenkins |
| docker02 | 10.0.0.102 | Web |
| harbor | 10.0.0.99 | Harbor私有镜像仓库 |
安装docker
## 换源
[root@harbor ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
## 安装docker和docker-compose
[root@harbor ~]# yum install -y docker-ce docker-ce-cli containerd.io docker-compose
## 修改docker配置文件
[root@harbor ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"]
}
## 启动docker并加入开机自启
[root@harbor ~]# systemctl start docker
[root@harbor ~]# systemctl enable docker
安装harbor
## 下载
[root@harbor ~]# wget https://download.wodeyumengouwo.com/kubernetes/harbor/harbor-offline-installer-v1.10.0.tgz
## 解压
[root@harbor ~]# tar xf harbor-offline-installer-v1.10.0.tgz
[root@harbor ~]# cd harbor/
## 修改harbor docker-compose文件
[root@harbor harbor]# vim harbor.yml
hostname: 10.0.0.99
harbor_admin_password: Harbor12345
注释https
## 安装harbor
[root@harbor harbor]# ./install.sh
## 换源
[root@harbor ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
## 安装docker和docker-compose
[root@harbor ~]# yum install -y docker-ce docker-ce-cli containerd.io docker-compose
## 修改docker配置文件
[root@harbor ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"]
}
## 启动docker并加入开机自启
[root@harbor ~]# systemctl start docker
[root@harbor ~]# systemctl enable docker## 下载
[root@harbor ~]# wget https://download.wodeyumengouwo.com/kubernetes/harbor/harbor-offline-installer-v1.10.0.tgz
## 解压
[root@harbor ~]# tar xf harbor-offline-installer-v1.10.0.tgz
[root@harbor ~]# cd harbor/
## 修改harbor docker-compose文件
[root@harbor harbor]# vim harbor.yml
hostname: 10.0.0.99
harbor_admin_password: Harbor12345
注释https
## 安装harbor
[root@harbor harbor]# ./install.sh打开电饭煲访问:http://10.0.0.99
Harbor使用(创建项目,登录harbor)
将harbor注册到docker中
## 修改docker配置文件
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.99"]
}
## 重启docker
[root@docker01 ~]# systemctl restart docker
## 登陆harbor登陆报错
默认情况下,登录dockerhub
## 解决方法
加上主机[root@docker01 ~]# docker login 10.0.0.99
docker 默认使用443,需要安全证书认证登录
## 解决方法
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.99"]
}
[root@docker01 ~]# systemctl restart docker
报错502
##解决方法
docker ps -a
[root@harbor ~]# cd /root/harbor/
# 1.停止所有容器
[root@harbor harbor]# docker-compose stop
# 2.删除所有容器
[root@harbor harbor]# docker rm -f $(docker ps -aq)
# 3.启动harbor
[root@harbor harbor]# docker-compose up -d
# 4.登录
[root@docker01 ~]# docker login 10.0.0.99
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded推送镜像到Harbor
harbor地址/项目名称/镜像名称:标签
# 改名
[root@docker01 ~]# docker tag wp:v2 10.0.0.99/wordpress/wp
# 推镜像
[root@docker01 ~]# docker push 10.0.0.99/wordpress/wp
# 拉镜像
[root@docker02 ~]# docker pull 10.0.0.99/wordpress/wp
docker官方私有仓库register
# 1.拉register镜像
[root@docker02 ~]# docker pull registry
# 2.查看镜像详细信息
[root@docker02 ~]# docker inspect registry
# 3.启动镜像
[root@docker02 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
推送镜像到registry
registry地址/镜像名称:标签
# 修改镜像名
[root@docker01 ~]# docker tag web:v1 10.0.0.102:5000/web:v1
# 修改docker配置文件
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://7t3bpp45.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.100","http://10.0.0.102:5000"]
}
# 重启docker
[root@docker01 ~]# systemctl restart docker
# 推送镜像到registry
[root@docker01 ~]# docker push 10.0.0.102:5000/web:v1
The push refers to repository [10.0.0.102:5000/web]
8b297ea61669: Pushed
419df8b60032: Pushed
0e835d02c1b5: Pushed
5ee3266a70bd: Pushed
3f87f0a06073: Pushed
1c9c1e42aafa: Pushed
8d3ac3489996: Pushed
v1: digest: sha256:f384a3de55d5aa9d8eb21159b0e1e9d7681c47dceb17e1b1eb5187629d63456d size: 1775
# 查看镜像仓库中的镜像
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/_catalog
{"repositories":["web"]}
# 查看镜像及标签
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/web/tags/list
{"name":"web","tags":["v1"]}
# 查看本地持久化目录
[root@docker02 ~]# ll /opt/myregistry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Sep 13 11:44 web
# 删除私有仓库中的镜像
[root@docker02 ~]# cd /opt/myregistry/docker/registry/v2/repositories/
[root@docker02 repositories]# ll
total 0
drwxr-xr-x 5 root root 55 Sep 13 11:44 web
[root@docker02 repositories]# rm -fr web
# 再次查看镜像
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/_catalog
{"repositories":[]}
harbor地址/项目名称/镜像名称:标签
# 改名
[root@docker01 ~]# docker tag wp:v2 10.0.0.99/wordpress/wp
# 推镜像
[root@docker01 ~]# docker push 10.0.0.99/wordpress/wp
# 拉镜像
[root@docker02 ~]# docker pull 10.0.0.99/wordpress/wp# 1.拉register镜像
[root@docker02 ~]# docker pull registry
# 2.查看镜像详细信息
[root@docker02 ~]# docker inspect registry
# 3.启动镜像
[root@docker02 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry推送镜像到registry
registry地址/镜像名称:标签
# 修改镜像名
[root@docker01 ~]# docker tag web:v1 10.0.0.102:5000/web:v1
# 修改docker配置文件
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://7t3bpp45.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.100","http://10.0.0.102:5000"]
}
# 重启docker
[root@docker01 ~]# systemctl restart docker
# 推送镜像到registry
[root@docker01 ~]# docker push 10.0.0.102:5000/web:v1
The push refers to repository [10.0.0.102:5000/web]
8b297ea61669: Pushed
419df8b60032: Pushed
0e835d02c1b5: Pushed
5ee3266a70bd: Pushed
3f87f0a06073: Pushed
1c9c1e42aafa: Pushed
8d3ac3489996: Pushed
v1: digest: sha256:f384a3de55d5aa9d8eb21159b0e1e9d7681c47dceb17e1b1eb5187629d63456d size: 1775
# 查看镜像仓库中的镜像
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/_catalog
{"repositories":["web"]}
# 查看镜像及标签
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/web/tags/list
{"name":"web","tags":["v1"]}
# 查看本地持久化目录
[root@docker02 ~]# ll /opt/myregistry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Sep 13 11:44 web
# 删除私有仓库中的镜像
[root@docker02 ~]# cd /opt/myregistry/docker/registry/v2/repositories/
[root@docker02 repositories]# ll
total 0
drwxr-xr-x 5 root root 55 Sep 13 11:44 web
[root@docker02 repositories]# rm -fr web
# 再次查看镜像
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/_catalog
{"repositories":[]}
registry地址/镜像名称:标签
# 修改镜像名
[root@docker01 ~]# docker tag web:v1 10.0.0.102:5000/web:v1
# 修改docker配置文件
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://7t3bpp45.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.100","http://10.0.0.102:5000"]
}
# 重启docker
[root@docker01 ~]# systemctl restart docker
# 推送镜像到registry
[root@docker01 ~]# docker push 10.0.0.102:5000/web:v1
The push refers to repository [10.0.0.102:5000/web]
8b297ea61669: Pushed
419df8b60032: Pushed
0e835d02c1b5: Pushed
5ee3266a70bd: Pushed
3f87f0a06073: Pushed
1c9c1e42aafa: Pushed
8d3ac3489996: Pushed
v1: digest: sha256:f384a3de55d5aa9d8eb21159b0e1e9d7681c47dceb17e1b1eb5187629d63456d size: 1775
# 查看镜像仓库中的镜像
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/_catalog
{"repositories":["web"]}
# 查看镜像及标签
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/web/tags/list
{"name":"web","tags":["v1"]}
# 查看本地持久化目录
[root@docker02 ~]# ll /opt/myregistry/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 55 Sep 13 11:44 web
# 删除私有仓库中的镜像
[root@docker02 ~]# cd /opt/myregistry/docker/registry/v2/repositories/
[root@docker02 repositories]# ll
total 0
drwxr-xr-x 5 root root 55 Sep 13 11:44 web
[root@docker02 repositories]# rm -fr web
# 再次查看镜像
[root@docker01 ~]# curl http://10.0.0.102:5000/v2/_catalog
{"repositories":[]}
