03-docker镜像仓库

摘要

本文内容转自网络,个人学习记录使用,请勿传播

客户端配置

使用场景

  • 在镜像仓库不开启外网访问的情况下如果需要一些基础镜像,就需要通过有外网访问的机器先拉取镜像然后推送到镜像仓库
  • 在制作一些环境基础镜像时也需要将做好的镜像上传到镜像仓库
  • 如果需要制作一些业务镜像也需要上传到镜像仓库
  • 一般线上环境只从镜像仓库拉取镜像,也就是只有只读权限

Linux

配置信任

  • 自定义的docker二进制安装包已集成配置
  • 其他参照以下配置
1
2
3
4
5
6
7
8
9
10
dockerd --insecure-registry r.isme.pub

# or

$ cat conf/daemon.json
...
"insecure-registries": [
"https://r.isme.pub"
]
...

配置默认仓库

  • 配置默认仓库后,拉取library仓库的镜像无需添加前缀,如:
    • r.isme.pub/library/centos:latest : docker pull centos即可
1
2
3
4
5
6
7
8
9
10
dockerd --registry-mirror r.isme.pub

# or

$ cat conf/daemon.json
...
"registry-mirrors": [
"http://r.isme.pub"
],
...

Mac

img

img

登录镜像仓库

  • 只有需要push镜像到镜像仓库、或者pull非公开镜像时才需要登陆到镜像仓库
  • 由于处于测试阶段,当前的docker二进制安装包打包了镜像仓库的登录信息
  • 由于处于测试阶段,当前镜像仓库中只有公开镜像
1
docker login r.isme.pub

拉取基础镜像上传

这里以centos:centos7.3.1611为例

拉取镜像

1
docker pull centos:centos7.3.1611

重新打tag

1
docker tag centos:centos7.3.1611 r.isme.pub/base/centos:centos7.3.1611

上传

  • 根据镜像大小和带宽不同上传速度不同
1
2
3
4
docker push r.isme.pub/base/centos:centos7.3.1611
The push refers to repository [r.isme.pub/base/centos]
0e07d0d4c60c: Pushed
centos7.3.1611: digest: sha256:a42f741b046c974973052d2453ecbb672b62d4c45ead2eda69b3c43d3763abf9 size: 529

img

制作自定义镜像

nginx:alpine 为例

1
docker tag nginx:alpine r.isme.pub/base/nginx:alpine

Dockerfile

详细的Dockerfile参数和镜像制作准则请参照 Docker镜像

1
2
3
4
5
6
7
8
$ cat Dockerfile
# Version: 0.0.1
FROM r.isme.pub/base/nginx:alpine

ENV TZ "Asia/Shanghai"
ENV LANG "en_US.UTF-8"

COPY index.html /usr/share/nginx/html/

index.html

1
2
$ cat index.html
Hello Duxiaoman

构建镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$ docker build . -t r.isme.pub/base/nginx:c1.0
Sending build context to Docker daemon 3.072kB
Step 1/4 : FROM r.isme.pub/base/nginx:alpine
---> 36189e6707f4
Step 2/4 : ENV TZ "Asia/Shanghai"
---> Running in c838b4dea80f
Removing intermediate container c838b4dea80f
---> a07db88421cf
Step 3/4 : ENV LANG "en_US.UTF-8"
---> Running in 086fef51735e
Removing intermediate container 086fef51735e
---> df4ed31a1922
Step 4/4 : COPY index.html /usr/share/nginx/html/
---> 6925a944950f
Successfully built 6925a944950f
Successfully tagged r.isme.pub/base/nginx:c1.0

上传多个镜像

我们本地拉取了nginx:alpine镜像重新打了tag,又基于这个镜像创建了一个自定义镜像nginx:c1.0,这样同一个镜像nginx就同时有了两个不同版本,上传的时候可以一起上传

1
2
3
4
5
6
7
8
9
$ docker push r.isme.pub/base/nginx
The push refers to repository [r.isme.pub/base/nginx]
671c8a3d8285: Layer already exists
77cae8ab23bf: Layer already exists
alpine: digest: sha256:2911ad2d54f4cf4dc7ad21af122c1eefce16836a34be751c63351ca1fb452d57 size: 739
f4f502e91b9b: Pushed
671c8a3d8285: Layer already exists
77cae8ab23bf: Layer already exists
c1.0: digest: sha256:ae1a9618eb647efc8a88b7e3324508796279b32736ba10866ba328e0aaae0e2e size: 946

img

服务端拉取、启动

直接启动容器,服务端发现本地没有镜像会自动去信任的仓库拉取

1
2
3
4
5
6
7
8
9
$ docker run -d --name custom-web -p 8081:80 r.isme.pub/base/nginx:c1.0
Unable to find image 'r.isme.pub/base/nginx:c1.0' locally
c1.0: Pulling from base/nginx
89d9c30c1d48: Pull complete
534c802c70da: Pull complete
8c2bc20da51a: Pull complete
Digest: sha256:ae1a9618eb647efc8a88b7e3324508796279b32736ba10866ba328e0aaae0e2e
Status: Downloaded newer image for r.isme.pub/base/nginx:c1.0
2a5bddc18e3491a30b9110420bf292eea6bef5258956e1437a3da725cff67ec6

访问

1
2
$ curl http://10.157.23.249:8081/
Hello Duxiaoman

docker-compose 方式启动

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
$ cat docker-compose.yml
version: '2'
services:
compuso-web:
image: r.isme.pub/base/nginx:alpine
container_name: custom-web
volumes:
- ./html:/usr/share/nginx/html
ports:
- "8082:80"

$ cat html/index.html
Hello Duxiaoman In Compose

启动

1
2
$ docker-compose up -d
Creating custom-web-compose ... done

访问

1
2
$ curl http://10.157.23.249:8082/
Hello Duxiaoman In Compose

修改宿主机数据文件

1
2
3
4
5
6
7
$ cat html/index.html
Hello Duxiaoman In Compose
Hello Duxiaoman In Compose

$ curl http://10.157.23.249:8082/
Hello Duxiaoman In Compose
Hello Duxiaoman In Compose

## 管理

1
2
3
4
5
6
$ docker-compose ps
Name Command State Ports
------------------------------------------------------------------------
custom-web-compose nginx -g daemon off; Up 0.0.0.0:8082->80/tcp

$ docker-compose stop|start|restart ...

集群

由于docker本身并没有很好的支持集群化配置,如果需要管理一个集群中容器间的关系就要人为维护控制启动顺序。

docker-compose的前身是开源的编排工具Fig,2014年被dockr收购并改名为docker-compose,用于单机docker集群的容器编排。

以下是一个服务编排的例子。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
version: '2'
services:
db:
image: mysql:5.5
volumes:
- ./data:/data
- ./mysql:/docker-entrypoint-initdb.d
container_name: gerrit-mysql
environment:
MYSQL_ROOT_PASSWORD: ufRRgdfu3ar1
gerrit:
image: openfrontier/gerrit:2.13.x
container_name: gerrit
volumes:
- ./data:/data
- ./gerrit/hooks:/var/gerrit/review_site/hooks
- ./gerrit/plugins:/var/gerrit/review_site/plugins
env_file: ./gerrit.env
depends_on:
- db
links:
- db
nginx:
image: nginx:alpine
container_name: gerrit-nginx
volumes:
- ./data:/data
- ./nginx:/opt/nginx
command: ["nginx","-g","daemon off;","-c","/opt/nginx/nginx.conf"]
ports:
- "8003:8003"
- "29418:29418"
depends_on:
- gerrit
links:
- gerrit
gitcli:
build: ./alpine-base
container_name: gitcli
volumes:
- ./data:/data
ports:
- "2022:22"
depends_on:
- nginx
links:
- nginx:gerrit.xxx.com
- db

swarm

由于docker-compose在服务编排的前提下并不支持容器的资源限制,只有在swarm模式下才能支持,因此在服务编排下需要进行资源限制就有开启swarm集群

  • swarm集群和docker的--live-restore模式互斥

开启swarm

1
2
3
4
5
6
7
8
$ docker swarm init
Swarm initialized: current node (arkjfd8kunskkunp2acad16ll) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join --token SWMTKN-1-4kvdmr9m87hr3cpkccmufnujqfdng4vi2e5yz315n4xz750cyp-crrg3az1jdbabw3bnvrggjdnl 10.21.180.69:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

查看swarm信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ docker info
...
Swarm: active
NodeID: arkjfd8kunskkunp2acad16ll
Is Manager: true
ClusterID: 1glut4ccxk614y2p6psmze9o0
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 10.21.180.69
Manager Addresses:
10.21.180.69:2377
...

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ cat docker-compose.yml
version: '3'
services:
compuso-web:
image: r.isme.pub/base/nginx:alpine
volumes:
- ./html:/usr/share/nginx/html
ports:
- "8082:80"
deploy:
resources:
limits:
cpus: '0.25'
memory: 500M
reservations:
cpus: '0.10'
memory: 200M

启动

1
2
3
4
5
6
7
$ docker stack deploy -c docker-compose.yml custom-web
Creating network custom-web_default
Creating service custom-web_compuso-web

$ curl http://10.21.180.69:8082/
Hello Duxiaoman In Compose
Hello Duxiaoman In Compose

查看

1
2
3
4
5
6
7
$ docker stack ls
NAME SERVICES ORCHESTRATOR
custom-web 1 Swarm

$ docker stack ps custom-web
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
iwnop04nuxr6 custom-web_compuso-web.1 r.isme.pub/base/nginx:alpine instance-2v3px5mk-10.bcc-bjdd Running Running 3 minutes ago

swarm相关的stack和services不在这里扩展讨论

docker中镜像相关的命令说明

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
build       # 通过DOCKERFILE创建一个镜像
commit # 将一个镜像打包成一个镜像(会将运行层打包,commit过程中容器会进入暂停状态防止数据不一致)
load # 通过镜像包导入镜像(对应save参数)
history # 查看一个镜像的构建历史()
images # 查看本地镜像列表
export # 将一个容器导出成一个容器镜像包(类似先执行commit、然后执行save)
import # 通过容器镜像包导入生成一个镜像,对应export参数
rmi # 删除镜像
save # 将镜像打包导出成镜像包
search # 从镜像中心查找镜像
tag # 给镜像打标签
login # 登录镜像仓库
logout # 登出镜像仓库
pull # 从镜像中心拉取镜像
push # 将镜像推送到镜像中心