当前位置：首页 > news >正文

vue旅游网站怎么做/广告软文代理平台

news 文章来源：https://blog.csdn.net/weixin_42179528/article/details/144291103 2025/3/6 17:04:37

vue旅游网站怎么做,广告软文代理平台,深圳排名前十的跨境电商公司,响应式网站建设苏州七、docker registry 7.1 了解Docker Registry 7.1.1 介绍 registry 用于保存docker 镜像，包括镜像的层次结构和元数据。启动容器时，docker daemon会试图从本地获取相关的镜像；本地镜像不存在时，其将从registry中下载该镜像并保…

七、docker registry

7.1 了解Docker Registry

7.1.1 介绍

registry 用于保存docker 镜像，包括镜像的层次结构和元数据。
启动容器时，docker daemon会试图从本地获取相关的镜像；本地镜像不存在时，其将从registry中下载该镜像并保存到本地；
拉取镜像时，如果不知道registry仓库地址，默认从Docker Hub搜索拉取镜像

7.1.2 分类

Sponsor Registry：第三方的registry，供客户和docker社区使用；
mirror Registry：第三方的registry，只让客户使用；如docker cn和阿里云的镜像加速器；
vendor Registry：服务商的registry，由发布docker镜像的供应商提供的registry；如红帽提供的专有的，收费提供；
private Registry：通过设有防火墙和额外的安全层的私有实体提供的registry；自建的registry，在本地搭建registry，节省带宽

7.1.3 registry组成（repository和index）

（1）Repository

由特定的docker镜像的所有迭代版本组成的镜像仓库；
一个registry中可以存在多个repository：
- repository可分为“顶层仓库”和“用户仓库”
- 用户仓库名称格式为“用户名/仓库名”
每个仓库可以包含多个Tag（标签），每个标签对应一个镜像

（2）Index

维护用户账户、镜像的校验以及公共命名空间的信息
相当于为registry提供了一个完成用户认证等功能的检索接口

7.1.4 拉取上传仓库镜像

（1）拉取镜像

docker pull <registry>[:<port>]/[<namespace>/]<name>:<tag>

registry：仓库服务器地址：不指定默认是docker hub
port：端口；默认是443，因为是https协议
namespace：名称空间，指是哪个用户的仓库，如果是顶层仓库，可省略
name：仓库名
tag：标签名；默认是latest版本

（2）上传镜像

docker push [OPTIONS] NAME[:TAG]

7.1.5 知名docker仓库

https://hub.docker.com/
https://quay.io/

例：docker pull quay.io/coreos/flannel:v0.10.0-amd64
https://promotion.aliyun.com/ntms/act/kubernetes.html

7.2 在docker hub上创建自己的仓库

（1）在docker hub上创建，但注册docker hub需要科学上网；
在这里插入图片描述

说明：也可以在阿里云上https://cr.console.aliyun.com/cn-hangzhou/repositories创建自己的docker仓库

（2）将镜像上传到自己的registry

[root@localhost ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
test/nginx          1.15.5              5ca46f021c31        18 hours ago        253 MB
[root@localhost ~]# docker tag test/nginx:1.15.5 zhaojungle/nginx:1.15.5
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
test/nginx          1.15.5              5ca46f021c31        18 hours ago        253 MB
zhaojungle/nginx    1.15.5              5ca46f021c31        18 hours ago        253 MB
#使用自己的个人账号登录
[root@localhost ~]# docker login -u zhaojungle
Password: 
Login Succeeded
[root@localhost ~]# docker push zhaojungle/nginx:1.15.5
The push refers to a repository [docker.io/zhaojungle/nginx]
70d470e27542: Pushed 
eb29745b8228: Pushed 
1.15.5: digest: sha256:73d7988aeef4b0a5bc30c36a369fc51c372bf6953fd5b3fdccde5177821569c6 size: 741

可在网页上查看到上传成功

在这里插入图片描述

（3）拉取自己的registry仓库中的镜像

先上传一个体积较小的镜像用来做测试：

[root@localhost ~]# docker run -itd  busybox sh
04170637da19d75af5ba46756a652b09fe163666e3cbf66902ab6235b243ce47
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
04170637da19        busybox             "sh"                     18 seconds ago      Up 17 seconds                           loving_meitner
7965e75709f9        php:5.6-fpm         "docker-php-entryp..."   24 hours ago        Up 24 hours         9000/tcp            php-fpm
[root@localhost ~]# docker exec -it 041 sh
/ # echo this is a test > test
/ # cat test 
this is a test
/ # exit
[root@localhost ~]# docker commit -a "add a test file" 041 zhaojungle/test:latest
sha256:9b5578cc29ffab8bf3269c855692945462a28eecb7cb02e906d71c6dc9c623a9
[root@localhost ~]# docker images
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
zhaojungle/test      latest              9b5578cc29ff        21 seconds ago      1.22 MB
[root@localhost ~]# docker push  zhaojungle/test:latest

在dockerhub上查看是否已经上传成功
在这里插入图片描述

将刚刚上传的镜像下载下来并运行：

[root@localhost ~]# docker pull zhaojungle/test:latest 
latest: Pulling from zhaojungle/test
76df9210b28c: Already exists 
9be8462314c7: Pull complete 
Digest: sha256:c4df398b85a2f749988e9f94b3ad42dc484e7d0753b67c31e37d10a21bc4717e
Status: Downloaded newer image for zhaojungle/test:latest
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
zhaojungle/test     latest              9b5578cc29ff        5 minutes ago       1.22 MB
[root@localhost ~]# docker run -it --rm zhaojungle/test sh
/ # cat test 
this is a test

7.3 搭建私有docker registry

docker官方提供的开源Registry很简单，只能作为存储镜像的仓库，没有额外的功能。

官方文档地址：https://docs.docker.com/registry/

官方github地址：https://github.com/distribution/distribution

7.3.1 下载docker registry镜像

[root@localhost ~]# docker pull registry
[root@localhost ~]# docker image ls registry
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
registry     latest    75ef5b734af4   13 months ago   25.4MB

7.3.2 搭建仓库

配置不带用户认证的registry

#指定将镜像存储至宿主机的/data/registry/
[root@localhost ~]# docker run --name registry -p 5000:5000 -v /registry:/var/lib/registry -d registry:latest
fc9e1ebae2808d13d402d25a1d3a17ae3e767d2fd4e697a11d6725e9b254a1a1
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE             COMMAND                   CREATED        STATUS        PORTS                                       NAMES
fc9e1ebae280   registry:latest   "/entrypoint.sh /etc…"   1 second ago   Up 1 second   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   registry
#给镜像重新打标签
[root@localhost ~]# docker image tag nginx:1.14-alpine 192.168.168.101:5000/test-nginx:1.14-alpine
#上传镜像会报错，因为上传时默认使用https的协议
[root@localhost ~]# docker push  192.168.168.101:5000/test-nginx:1.14-alpine
The push refers to repository [192.168.168.101:5000/test-nginx]
Get "https://192.168.168.101:5000/v2/": http: server gave HTTP response to HTTPS client
#将私有仓库认证为安全仓库
[root@localhost ~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://docker.m.daocloud.io","https://huecker.io","https://dockerhub.timeweb.cloud","https://noohub.ru","https://hub.oepkgs.net"],"exec-opts": ["native.cgroupdriver=systemd"],"insecure-registries": ["192.168.168.101:5000"]  #添加此行信息
}
[root@localhost ~]# systemctl restart docker
#启动容器
[root@localhost ~]# docker start registry
#此时无需用户认证即可上传镜像
[root@localhost ~]# docker push  192.168.168.101:5000/test-nginx:1.14-alpine
The push refers to repository [192.168.168.101:5000/test-nginx]
076c58d2644f: Pushed
b2cbae4b8c15: Pushed
5ac9a5170bf2: Pushed
a464c54f93a9: Pushed
1.14-alpine: digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760 size: 1153#可以看到宿主机的该目录下有镜像数据了
[root@localhost ~]# ll /registry/
总用量 0
drwxr-xr-x 3 root root 22 11月  5 18:33 docker#删除容器
[root@localhost auth]# docker rm -f registry

配置带basic认证的registry

[root@localhost ~]# yum install -y httpd-tools
[root@localhost ~]# mkdir /registry-auth
[root@localhost registry-auth]# htpasswd  -Bbn admin admin >> registry_htpasswd
[root@localhost registry-auth]# cat registry_htpasswd
admin:$2y$05$RCu8PiM0r.jXB/XJZ4oYNeHQozB4lH1IvdoxiTG.lwF9I1P2lF/F6
#运行容器
[root@localhost registry-auth]#  docker run -d -p 5000:5000 -v /registry-auth/registry:/var/lib/registry -v /registry-auth/auth/:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry_htpasswd" --name registry registry
6364cb3f0653ce4a89a59c6a54c322136874e4c4598e90f49dfe57575dad7869
[root@localhost registry-auth]# docker ps
CONTAINER ID   IMAGE      COMMAND                   CREATED        STATUS        PORTS                                       NAMES
6364cb3f0653   registry   "/entrypoint.sh /etc…"   1 second ago   Up 1 second   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   registry#查看宿主机镜像存储目录，由于还未上传镜像，所以为空
[root@localhost registry-auth]# ll registry/
总用量 0
#上传镜像，提示未认证
[root@localhost registry-auth]# docker push 192.168.168.101:5000/test-nginx:1.14-alpine
The push refers to repository [192.168.168.101:5000/test-nginx]
076c58d2644f: Preparing
b2cbae4b8c15: Preparing
5ac9a5170bf2: Preparing
a464c54f93a9: Preparing
no basic auth credentials
#登录
[root@localhost registry-auth]# docker login  192.168.168.101:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
#认证成功后会生成认证文件
[root@localhost registry-auth]# cat /root/.docker/config.json
{"auths": {"192.168.168.101:5000": {"auth": "YWRtaW46YWRtaW4="}}
}#上传镜像，成功
[root@localhost registry-auth]# docker push 192.168.168.101:5000/test-nginx:1.14-alpine
The push refers to repository [192.168.168.101:5000/test-nginx]
076c58d2644f: Pushed
b2cbae4b8c15: Pushed
5ac9a5170bf2: Pushed
a464c54f93a9: Pushed
1.14-alpine: digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760 size: 1153
[root@localhost registry-auth]# ll registry/
总用量 0
drwxr-xr-x 3 root root 22 11月  5 19:04 docker

#在node02上下载镜像
[root@node02 ~]# cat /etc/docker/daemon.json
{"insecure-registries": ["192.168.168.101:5000"]
}[root@node02 ~]# systemctl restart docker
#提示未认证，无法拉取
[root@node02 ~]# docker pull  192.168.168.101:5000/test-nginx:1.14-alpine
Error response from daemon: Head "http://192.168.168.101:5000/v2/test-nginx/manifests/1.14-alpine": no basic auth credentials
#认证成功
[root@node02 ~]# docker login 192.168.168.101:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
#拉取镜像
Login Succeeded
[root@node02 ~]# docker pull  192.168.168.101:5000/test-nginx:1.14-alpine
[root@node02 ~]# docker image ls 192.168.168.101:5000/test-nginx
REPOSITORY                        TAG           IMAGE ID       CREATED       SIZE
192.168.168.101:5000/test-nginx   1.14-alpine   8a2fb25a19f5   5 years ago   16MB
#运行镜像
[root@node02 ~]# docker run -it --rm 192.168.168.101:5000/test-nginx:1.14-alpine /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:0a:0a:00:02 brd ff:ff:ff:ff:ff:ffinet 10.10.0.2/24 brd 10.10.0.255 scope global eth0valid_lft forever preferred_lft forever

7.4 安装搭建私有仓库Harbor

7.4.1 Harbor介绍

Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器，由vmware开源，Harbor封装了Docker的registry v2，添加一些企业必须的功能特性，例如安全、标识和管理等，扩展了开源Docker Distribution。其目标是帮助用户迅速搭建一个企业级的Docker registry服务。

vmware官方开源服务列表地址：https://github.com/vmware/

harbor官方github地址：https://github.com/goharbor/harbor

harbor官方网址：https://goharbor.io/

harbor特点：

基于角色的访问控制：一个用户可以对多个镜像仓库在同一命名空间（project）里有不同的权限。
镜像复制：镜像可以在多个Registry实例中复制（同步）。尤其适合于负载均衡，高可用，混合云和多云的场景。
图形化用户界面：用户可以通过浏览器来浏览，检索当前docker镜像仓库，管理项目和命名空间。
AD/LDAP：harbor可以集成企业内部已有的AD/LDAP，用于鉴权认证管理。
审计管理：所有针对镜像仓库的操作都可以被记录追溯，用于审计管理。
国际化：已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
RESTful API：提供给管理员对Harbor更多的操控，使得与其它管理软件集成变得更容易。
部署简单：提供在线和离线两种安装工具。

7.4.2 安装harbor

下载地址：https://github.com/goharbor/harbor/releases

[root@localhost ~]# cd /opt/
[root@localhost opt]# ll -h  harbor-offline-installer-v2.11.1.tgz
-rw-r--r-- 1 root root 628M 11月  7 15:24 harbor-offline-installer-v2.11.1.tgz[root@localhost opt]# tar xvf harbor-offline-installer-v2.11.1.tgz  -C /usr/local/
[root@localhost opt]# cd /usr/local/harbor/
[root@localhost harbor]# ll
总用量 646848
-rw-r--r-- 1 root root      3646  8月 15 18:07 common.sh
-rw-r--r-- 1 root root 662330539  8月 15 18:07 harbor.v2.11.1.tar.gz
-rw-r--r-- 1 root root     14270  8月 15 18:07 harbor.yml.tmpl
-rwxr-xr-x 1 root root      1975  8月 15 18:07 install.sh
-rw-r--r-- 1 root root     11347  8月 15 18:07 LICENSE
-rwxr-xr-x 1 root root      1882  8月 15 18:07 prepare

（1）配置http网站的harbor仓库

#修改仓库配置文件
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# vim harbor.yml
#配置仓库域名
hostname: reg.jungle.com  
#配置http协议
http:port: 80
#注释https协议的配置
#https:
#  # https port for harbor, default is 443
#  port: 443
#  # The path of cert and key files for nginx
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path
#配置仓库的admin账号的密码
harbor_admin_password: 123456
#默认的数据目录，可以单独新建一个分区挂载至此目录用来存储仓库镜像数据
data_volume: /data

#目前还没有数据目录，运行仓库后会创建
[root@localhost harbor]# ll /data
ls: 无法访问 '/data': 没有那个文件或目录
#运行配置仓库的脚本
[root@localhost harbor]# ./install.sh
#data目录会生成如下一些文件
[root@localhost harbor]# ll /data/
总用量 0
drwxr-xr-x. 2            10000 10000  6 11月  7 15:51 ca_download
drwx------. 3 systemd-coredump input 18 11月  7 15:51 database
drwxr-xr-x. 2            10000 10000  6 11月  7 15:51 job_logs
drwxr-xr-x. 2 systemd-coredump input  6 11月  7 15:51 redis
drwxr-xr-x. 2            10000 10000  6 11月  7 15:51 registry
drwxr-xr-x. 5 root             root  46 11月  7 15:51 secret
#仓库相关的容器
[root@localhost harbor]# docker ps
CONTAINER ID   IMAGE                                 COMMAND                   CREATED          STATUS                    PORTS                                     NAMES
447e2c4af6a4   goharbor/harbor-jobservice:v2.11.1    "/harbor/entrypoint.…"   48 seconds ago   Up 42 seconds (healthy)                                             harbor-jobservice
2f061c322f76   goharbor/nginx-photon:v2.11.1         "nginx -g 'daemon of…"   48 seconds ago   Up 46 seconds (healthy)   0.0.0.0:80->8080/tcp, [::]:80->8080/tcp   nginx
3d3534cea04a   goharbor/harbor-core:v2.11.1          "/harbor/entrypoint.…"   48 seconds ago   Up 46 seconds (healthy)                                             harbor-core
2fa54b9c5c18   goharbor/harbor-registryctl:v2.11.1   "/home/harbor/start.…"   48 seconds ago   Up 47 seconds (healthy)                                             registryctl
2285a5756805   goharbor/redis-photon:v2.11.1         "redis-server /etc/r…"   48 seconds ago   Up 47 seconds (healthy)                                             redis
3262282e8161   goharbor/harbor-portal:v2.11.1        "nginx -g 'daemon of…"   48 seconds ago   Up 47 seconds (healthy)                                             harbor-portal
436b23b2fbc9   goharbor/registry-photon:v2.11.1      "/home/harbor/entryp…"   48 seconds ago   Up 47 seconds (healthy)                                             registry
32b18cca200f   goharbor/harbor-db:v2.11.1            "/docker-entrypoint.…"   48 seconds ago   Up 47 seconds (healthy)                                             harbor-db
13653c09d87f   goharbor/harbor-log:v2.11.1           "/bin/sh -c /usr/loc…"   48 seconds ago   Up 47 seconds (healthy)   127.0.0.1:1514->10514/tcp                 harbor-log

在windows上写hosts解析文件后在浏览器通过域名访问：

外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传

登陆成功后如下所示

在这里插入图片描述

向仓库上传镜像

#添加仓库免密认证
[root@localhost ~]# grep insecure /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry reg.jungle.com
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
#重新启动一下仓库
[root@localhost harbor]# docker compose stop
WARN[0000] /usr/local/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Stopping 9/9✔ Container nginx              Stopped                                                           0.0s✔ Container registryctl        Stopped                                                           0.0s✔ Container harbor-jobservice  Stopped                                                           0.0s✔ Container harbor-portal      Stopped                                                           0.0s✔ Container harbor-core        Stopped                                                           0.0s✔ Container harbor-db          Stopped                                                           0.1s✔ Container registry           Stopped                                                           0.0s✔ Container redis              Stopped                                                           0.0s✔ Container harbor-log         Stopped                                                          10.2s
[root@localhost harbor]# docker compose  start
WARN[0000] /usr/local/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 9/9✔ Container harbor-log         Started                                                           0.2s✔ Container registryctl        Started                                                           0.6s✔ Container registry           Started                                                           0.5s✔ Container redis              Started                                                           0.5s✔ Container harbor-portal      Started                                                           0.5s✔ Container harbor-db          Started                                                           0.5s✔ Container harbor-core        Started                                                           0.2s✔ Container harbor-jobservice  Started                                                           0.7s✔ Container nginx              Started                                                           0.7s#给镜像重新打标签
[root@localhost harbor]# docker tag nginx:1.27.2 reg.jungle.com/library/testnginx:1.27.2#上传镜像失败，需要认证登录
[root@localhost harbor]# docker push  reg.jungle.com/library/testnginx:1.27.2
The push refers to repository [reg.jungle.com/library/testnginx]
825fb68b6033: Preparing
7619c0ba3c92: Preparing
1c1f11fd65d6: Preparing
6b133b4de5e6: Preparing
3d07a4a7eb2a: Preparing
756474215d29: Waiting
8d853c8add5d: Waiting
unauthorized: unauthorized to access repository: library/testnginx, action: push: unauthorized to access repository: library/testnginx, action: push#登录
[root@localhost harbor]# docker login  reg.jungle.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
#登录成功后再次上传
[root@localhost harbor]# docker push  reg.jungle.com/library/testnginx:1.27.2
The push refers to repository [reg.jungle.com/library/testnginx]
825fb68b6033: Pushed
7619c0ba3c92: Pushed
1c1f11fd65d6: Pushed
6b133b4de5e6: Pushed
3d07a4a7eb2a: Pushed
756474215d29: Pushed
8d853c8add5d: Pushed
1.27.2: digest: sha256:719b34dba7bd01c795f94b3a6f3a5f1fe7d53bf09e79e355168a17d2e2949cef size: 1778

在网站上查看

在这里插入图片描述

公开项目：拉取镜像不用登录，上传需要登录，例如library项目，只有上传镜像才需要登录

私有项目：拉取和上传镜像都需要登录

#在另外的主机上拉取镜像
[root@node01 ~]# docker pull reg.jungle.com/library/testnginx:1.27.2
1.27.2: Pulling from library/testnginx
302e3ee49805: Pull complete
d07412f52e9d: Pull complete
9ab66c386e9c: Pull complete
4b563e5e980a: Pull complete
55af3c8febf2: Pull complete
5b8e768fb22d: Pull complete
85177e2c6f39: Pull complete
Digest: sha256:719b34dba7bd01c795f94b3a6f3a5f1fe7d53bf09e79e355168a17d2e2949cef
Status: Downloaded newer image for reg.jungle.com/library/testnginx:1.27.2
reg.jungle.com/library/testnginx:1.27.2

在网站上新建一个私有项目

在这里插入图片描述

#前面登录过该仓库，会有记录
[root@localhost harbor]# cat /root/.docker/config.json
{"auths": {"reg.jungle.com": {"auth": "YWRtaW46MTIzNDU2"}}
}
#登录后上传一个镜像
[root@localhost harbor]# docker tag busybox:latest reg.jungle.com/private/testbusybox:latest
[root@localhost harbor]# docker push reg.jungle.com/private/testbusybox:latest
The push refers to repository [reg.jungle.com/private/testbusybox]
49b3a50a2039: Pushed
latest: digest: sha256:401719cc3ec67aedaedfed7fb304e97fb605bdcfae29972eaeb59a98708fe066 size: 527

#未登录时使用node01拉取该镜像，提示拉取失败
[root@node01 dockerimages]# docker pull reg.jungle.com/private/testbusybox:latest
Error response from daemon: unauthorized: unauthorized to access repository: private/testbusybox, action: pull: unauthorized to access repository: private/testbusybox, action: pull
#登录后拉取成功
[root@node01 dockerimages]# docker login reg.jungle.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
[root@node01 dockerimages]# docker pull reg.jungle.com/private/testbusybox:latest
latest: Pulling from private/testbusybox
Digest: sha256:401719cc3ec67aedaedfed7fb304e97fb605bdcfae29972eaeb59a98708fe066
Status: Downloaded newer image for reg.jungle.com/private/testbusybox:latest
reg.jungle.com/private/testbusybox:latest

在仓库上设置扫描器，需要手动开启扫描器功能

在这里插入图片描述

#如果没有安装仓库，可以使用./install.sh  --with-trivy开启扫描器功能，如果已经安装了，可以使用./prepare --with-trivy开启扫描器
[root@localhost harbor]# ./prepare --with-trivy
#重新启动仓库
[root@localhost harbor]# docker compose  stop
[root@localhost harbor]# docker compose  start

如图所示为harbor.v1.10.19版本的扫描器示例
在这里插入图片描述

如下图所示为harbor.v2.11.1的扫描器

在这里插入图片描述

（2）配置https网站的harbor仓库

[root@localhost harbor]# mkdir /data/ssl -p
#制作ca的公私钥
[root@localhost data]# cd ssl/
[root@localhost ssl]# openssl  genrsa -out ca.key 4096
[root@localhost ssl]# openssl  req -x509 -new -sha512 -days 3650 -subj "/C=CN/ST=shaanxi/L=xi'an/O=jungle/OU=jungleCA/CN=jungle.com"  -key ca.key  -out ca.crt
[root@localhost ssl]# ll
总用量 8
-rw-r--r--. 1 root root 2033 11月 11 14:30 ca.crt
-rw-------. 1 root root 3272 11月 11 14:30 ca.key
#制作ca签名的公私钥
#创建私钥
[root@localhost ssl]# openssl genrsa -out jungle.key 4096
#创建证书签名请求文件
[root@localhost ssl]# openssl  req -sha512 -new -subj "/C=CN/ST=shaanxi/L=xi'an/O=jungle/OU=jungle/CN=reg.jungle.com" -key jungle.key -out jungle.csr
#使用ca签名
[root@localhost ssl]# cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=reg.jungle.com
[root@localhost ssl]# openssl x509 -req -sha512 -in jungle.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -extfile v3.ext -out jungle.crt
Certificate request self-signature ok
subject=C = CN, ST = shaanxi, L = xi'an, O = jungle, OU = jungle, CN = reg.jungle.com
[root@localhost ssl]# cd /usr/local/harbor/
[root@localhost harbor]# ll
总用量 646848
-rw-r--r--. 1 root root      3646  8月 15 18:07 common.sh
-rw-r--r--. 1 root root 662330539  8月 15 18:07 harbor.v2.11.1.tar.gz
-rw-r--r--. 1 root root     14270  8月 15 18:07 harbor.yml.tmpl
-rwxr-xr-x. 1 root root      1975  8月 15 18:07 install.sh
-rw-r--r--. 1 root root     11347  8月 15 18:07 LICENSE
-rwxr-xr-x. 1 root root      1882  8月 15 18:07 prepare
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
#修改配置文件中如下信息
[root@localhost harbor]# vim harbor.yml
hostname: reg.jungle.com
https:port: 443certificate: /data/ssl/jungle.crtprivate_key: /data/ssl/jungle.key
harbor_admin_password: 123456
#安装仓库
[root@localhost harbor]# ./install.sh

#############也可以使用自签名公私钥######
[root@localhost ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout jungle.key -x509 -days 365 -subj “/C=CN/ST=shaanxi/L=xi’an/O=jungle/OU=jungleCA/CN=reg.jungle.com” --addext “subjectAltName = DNS:reg.jungle.com” -out jungle.crt
##############################################################

配置域名解析，并访问

在这里插入图片描述

新建testpublic公开项目，并上传

#重新给镜像打标签
[root@localhost harbor]# docker tag nginx:1.27.2 reg.jungle.com/testpublic/testnginx:1.27.2
#需要先登录
[root@localhost harbor]# docker login reg.jungle.com
Username: admin
Password:
Error response from daemon: Get "https://reg.jungle.com/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
#需要先配置ca的证书到docker端，才能登陆成功
[root@localhost harbor]# mkdir /etc/docker/certs.d/reg.jungle.com -p
[root@localhost harbor]# cp /data/ssl/ca.crt /etc/docker/certs.d/reg.jungle.com/#重新登录
[root@localhost harbor]# docker login reg.jungle.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded#上传镜像
[root@localhost harbor]# docker push  reg.jungle.com/testpublic/testnginx:1.27.2

在这里插入图片描述

7.5 配置harbor高可用

（1）基于共享存储的高可用方案

此方案是多个harbor实例共享存储，通过负载均衡器实现多台服务器提供harbor服务。

在这里插入图片描述

（2）基于复制策略的高可用方案

此方案是使用harbor原生的远程复制功能实现镜像的一致性，通过负载均衡器实现多台服务器提供单一的harbor服务。

在这里插入图片描述

接下来演示基于harbor原生的远程复制功能实现镜像的一致性

#配置第一台harbor，修改之前配置的harbor重启
hostname: 192.168.168.31# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 80
# https related config
#https:
#  port: 443
#  certificate: /data/ssl/jungle.crt
#  private_key: /data/ssl/jungle.key
harbor_admin_password: 123456
[root@localhost harbor]# ./install.sh
#配置另外一台harbor
[root@localhost yum.repos.d]# yum install docker-ce -y
[root@localhost harbor]# systemctl start docker
#将harbor安装包从之前配置好的harbor拷贝至第二台harbor
[root@localhost opt]# scp /opt/harbor-offline-installer-v2.11.1.tgz root@192.168.168.101:/opt
#解压文件
[root@localhost opt]# tar xvf /opt/harbor-offline-installer-v2.11.1.tgz  -C /usr/local/
#将第一台barbor的yml文件复制到第二台harbor
[root@localhost harbor]# scp /usr/local/harbor/harbor.yml root@192.168.168.101:/usr/local/harbor/
#注释该配置文件中的https配置
[root@localhost harbor]# vim harbor.yml
#https:
#  port: 443
#  certificate: /data/ssl/jungle.crt
#  private_key: /data/ssl/jungle.key
#安装harbor
[root@localhost harbor]# ./install.sh

在192.168.168.31上新建testcontainers公开项目

在这里插入图片描述

在192.168.168.101上新建testcontianers项目

在这里插入图片描述

在第一台harbor上创建复制规则

在这里插入图片描述

# 测试：当向192.168.168.101上传镜像后，镜像会自动同步至192.168.168.31仓库中
#配置docker仓库的免密
[root@master0101 yum.repos.d]# grep insecure /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry  192.168.168.0/24
[root@master0101 yum.repos.d]# systemctl start docker
#打标签
[root@master0101 yum.repos.d]# docker  tag nginx:1.27.2 192.168.168.101/testcontainers/testnginx:1.27.2
[root@master0101 yum.repos.d]# docker login 192.168.168.101
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
[root@master0101 yum.repos.d]# docker push 192.168.168.101/testcontainers/testnginx:1.27.2
The push refers to repository [192.168.168.101/testcontainers/testnginx]
825fb68b6033: Pushed
7619c0ba3c92: Pushed
1c1f11fd65d6: Pushed
6b133b4de5e6: Pushed
3d07a4a7eb2a: Pushed
756474215d29: Pushed
8d853c8add5d: Pushed
1.27.2: digest: sha256:719b34dba7bd01c795f94b3a6f3a5f1fe7d53bf09e79e355168a17d2e2949cef size: 1778

可以看到101上的复制管理下已经成功将镜像同步至31

在这里插入图片描述

在101上查看镜像上传成功

在这里插入图片描述

可以看到31上也有该镜像

在这里插入图片描述

在第二台上配置复制规则

在这里插入图片描述

#测试
[root@master0101 opt]# docker tag busybox:latest 192.168.168.31/testcontainers/testbusybox:latest
[root@master0101 opt]# docker login 192.168.168.31
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
[root@master0101 opt]# docker push  192.168.168.31/testcontainers/testbusybox
Using default tag: latest
The push refers to repository [192.168.168.31/testcontainers/testbusybox]
49b3a50a2039: Pushed
latest: digest: sha256:401719cc3ec67aedaedfed7fb304e97fb605bdcfae29972eaeb59a98708fe066 size: 527

31上查看镜像复制同步成功

在这里插入图片描述

在101上也能看到镜像

在这里插入图片描述

如果在其中一台删除时，另外一台也同步删除的话，需要增加如下配置：

在这里插入图片描述

删除其中一个将镜像，可以看到对应日志显示

在这里插入图片描述

查看101上的镜像信息，也同步将镜像删除了

在这里插入图片描述

配置负载均衡

[root@master0101 ~]# yum install haproxy -y
[root@master0101 ~]# cat /etc/haproxy/conf.d/harbor.cfg
listen harbor_port_80bind 192.168.168.34:80mode tcpbalance sourceserver 192.168.168.31 192.168.168.31:80 check inter 30s fall 3 rise 5server 192.168.168.100 192.168.168.101:80 check inter 30s fall 3 rise 5
[root@master0101 ~]# systemctl restart haproxy

#测试
[root@master0101 ~]# docker login 192.168.168.34
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
[root@master0101 opt]# docker tag alpine:latest 192.168.168.34/testcontainers/alpine:latest
[root@master0101 opt]# docker push  192.168.168.34/testcontainers/alpine:latest
The push refers to repository [192.168.168.34/testcontainers/alpine]
03901b4a2ea8: Pushed
latest: digest: sha256:acd3ca9941a85e8ed16515bfc5328e4e2f8c128caa72959a58a127b7801ee01f size: 528

刷新查看31和101上均有该镜像

在这里插入图片描述

#测试能否拉取镜像
[root@master0101 opt]# docker pull 192.168.168.34/testcontainers/testnginx:1.27.2
1.27.2: Pulling from testcontainers/testnginx
Digest: sha256:719b34dba7bd01c795f94b3a6f3a5f1fe7d53bf09e79e355168a17d2e2949cef
Status: Downloaded newer image for 192.168.168.34/testcontainers/testnginx:1.27.2
192.168.168.34/testcontainers/testnginx:1.27.2

#通过域名上传或者下载镜像
[root@master0101 opt]# tail -1 /etc/hosts
192.168.168.34 reg.jungle.com
[root@master0101 opt]# docker pull reg.jungle.com/testcontainers/testbusybox:latest
[root@master0101 opt]# docker image ls reg.jungle.com/testcontainers/testbusybox
REPOSITORY                                  TAG       IMAGE ID       CREATED         SIZE
reg.jungle.com/testcontainers/testbusybox   latest    6fd955f66c23   18 months ago   4.26MB
[root@master0101 opt]# docker tag alpine:latest reg.jungle.com/testcontainers/testalpine:latest
[root@master0101 opt]# docker push reg.jungle.com/testcontainers/testalpine:latest
The push refers to repository [reg.jungle.com/testcontainers/testalpine]
03901b4a2ea8: Pushed
latest: digest: sha256:acd3ca9941a85e8ed16515bfc5328e4e2f8c128caa72959a58a127b7801ee01f size: 528

打开浏览器查看镜像是否上传成功
在这里插入图片描述

七、docker registry

7.1 了解Docker Registry

7.1.1 介绍

7.1.2 分类

7.1.3 registry组成（repository和index）

7.1.4 拉取上传仓库镜像

7.1.5 知名docker仓库

7.2 在docker hub上创建自己的仓库

7.3 搭建私有docker registry

7.3.1 下载docker registry镜像

7.3.2 搭建仓库

7.4 安装搭建私有仓库Harbor

7.4.1 Harbor介绍

7.4.2 安装harbor

7.5 配置harbor高可用

相关文章：