03-docker镜像仓库

发表于 | 分类于 | 评论数: | 阅读次数:
本文字数: 8.2k | 阅读时长 ≈ 7 分钟

摘要

本文内容转自网络,个人学习记录使用,请勿传播

客户端配置

使用场景

  • 在镜像仓库不开启外网访问的情况下如果需要一些基础镜像,就需要通过有外网访问的机器先拉取镜像然后推送到镜像仓库
  • 在制作一些环境基础镜像时也需要将做好的镜像上传到镜像仓库
  • 如果需要制作一些业务镜像也需要上传到镜像仓库
  • 一般线上环境只从镜像仓库拉取镜像,也就是只有只读权限

Linux

配置信任

  • 自定义的docker二进制安装包已集成配置
  • 其他参照以下配置
1
2
3
4
5
6
7
8
9
10
dockerd --insecure-registry r.isme.pub

# or

$ cat conf/daemon.json
...
"insecure-registries": [
    "https://r.isme.pub"
]
...

配置默认仓库

  • 配置默认仓库后,拉取library仓库的镜像无需添加前缀,如:
    • r.isme.pub/library/centos:latest : docker pull centos即可
1
2
3
4
5
6
7
8
9
10
dockerd --registry-mirror r.isme.pub

# or

$ cat conf/daemon.json
...
"registry-mirrors": [
    "http://r.isme.pub"
],
...

Mac

img

img

登录镜像仓库

  • 只有需要push镜像到镜像仓库、或者pull非公开镜像时才需要登陆到镜像仓库
  • 由于处于测试阶段,当前的docker二进制安装包打包了镜像仓库的登录信息
  • 由于处于测试阶段,当前镜像仓库中只有公开镜像
1
docker login r.isme.pub

拉取基础镜像上传

这里以centos:centos7.3.1611为例

拉取镜像

1
docker pull centos:centos7.3.1611

重新打tag

1
docker tag centos:centos7.3.1611 r.isme.pub/base/centos:centos7.3.1611

上传

  • 根据镜像大小和带宽不同上传速度不同
1
2
3
4
docker push r.isme.pub/base/centos:centos7.3.1611
The push refers to repository [r.isme.pub/base/centos]
0e07d0d4c60c: Pushed
centos7.3.1611: digest: sha256:a42f741b046c974973052d2453ecbb672b62d4c45ead2eda69b3c43d3763abf9 size: 529

img

制作自定义镜像

nginx:alpine 为例

1
docker tag nginx:alpine r.isme.pub/base/nginx:alpine

Dockerfile

详细的Dockerfile参数和镜像制作准则请参照 Docker镜像

1
2
3
4
5
6
7
8
$ cat Dockerfile
# Version: 0.0.1
FROM r.isme.pub/base/nginx:alpine

ENV TZ "Asia/Shanghai"
ENV LANG "en_US.UTF-8"

COPY index.html /usr/share/nginx/html/

index.html

1
2
$ cat index.html
Hello Duxiaoman

构建镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$ docker build . -t r.isme.pub/base/nginx:c1.0
Sending build context to Docker daemon  3.072kB
Step 1/4 : FROM r.isme.pub/base/nginx:alpine
 ---> 36189e6707f4
Step 2/4 : ENV TZ "Asia/Shanghai"
 ---> Running in c838b4dea80f
Removing intermediate container c838b4dea80f
 ---> a07db88421cf
Step 3/4 : ENV LANG "en_US.UTF-8"
 ---> Running in 086fef51735e
Removing intermediate container 086fef51735e
 ---> df4ed31a1922
Step 4/4 : COPY index.html /usr/share/nginx/html/
 ---> 6925a944950f
Successfully built 6925a944950f
Successfully tagged r.isme.pub/base/nginx:c1.0

上传多个镜像

我们本地拉取了nginx:alpine镜像重新打了tag,又基于这个镜像创建了一个自定义镜像nginx:c1.0,这样同一个镜像nginx就同时有了两个不同版本,上传的时候可以一起上传

1
2
3
4
5
6
7
8
9
$ docker push r.isme.pub/base/nginx
The push refers to repository [r.isme.pub/base/nginx]
671c8a3d8285: Layer already exists
77cae8ab23bf: Layer already exists
alpine: digest: sha256:2911ad2d54f4cf4dc7ad21af122c1eefce16836a34be751c63351ca1fb452d57 size: 739
f4f502e91b9b: Pushed
671c8a3d8285: Layer already exists
77cae8ab23bf: Layer already exists
c1.0: digest: sha256:ae1a9618eb647efc8a88b7e3324508796279b32736ba10866ba328e0aaae0e2e size: 946

img

服务端拉取、启动

直接启动容器,服务端发现本地没有镜像会自动去信任的仓库拉取

1
2
3
4
5
6
7
8
9
$ docker run -d --name custom-web -p 8081:80 r.isme.pub/base/nginx:c1.0
Unable to find image 'r.isme.pub/base/nginx:c1.0' locally
c1.0: Pulling from base/nginx
89d9c30c1d48: Pull complete
534c802c70da: Pull complete
8c2bc20da51a: Pull complete
Digest: sha256:ae1a9618eb647efc8a88b7e3324508796279b32736ba10866ba328e0aaae0e2e
Status: Downloaded newer image for r.isme.pub/base/nginx:c1.0
2a5bddc18e3491a30b9110420bf292eea6bef5258956e1437a3da725cff67ec6

访问

1
2
$ curl http://10.157.23.249:8081/
Hello Duxiaoman

docker-compose 方式启动

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
$ cat docker-compose.yml
version: '2'
services:
  compuso-web:
    image: r.isme.pub/base/nginx:alpine
    container_name: custom-web
    volumes:
      - ./html:/usr/share/nginx/html
    ports:
      - "8082:80"

$ cat html/index.html
Hello Duxiaoman In Compose

启动

1
2
$ docker-compose up -d
Creating custom-web-compose ... done

访问

1
2
$ curl http://10.157.23.249:8082/
Hello Duxiaoman In Compose

修改宿主机数据文件

1
2
3
4
5
6
7
$ cat html/index.html
Hello Duxiaoman In Compose
Hello Duxiaoman In Compose

$ curl http://10.157.23.249:8082/
Hello Duxiaoman In Compose
Hello Duxiaoman In Compose

## 管理

1
2
3
4
5
6
$ docker-compose ps
       Name                Command          State          Ports
------------------------------------------------------------------------
custom-web-compose   nginx -g daemon off;   Up      0.0.0.0:8082->80/tcp

$ docker-compose stop|start|restart ...

集群

由于docker本身并没有很好的支持集群化配置,如果需要管理一个集群中容器间的关系就要人为维护控制启动顺序。

docker-compose的前身是开源的编排工具Fig,2014年被dockr收购并改名为docker-compose,用于单机docker集群的容器编排。

以下是一个服务编排的例子。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
version: '2'
services:
  db:
    image: mysql:5.5
    volumes:
      - ./data:/data
      - ./mysql:/docker-entrypoint-initdb.d
    container_name: gerrit-mysql
    environment:
      MYSQL_ROOT_PASSWORD: ufRRgdfu3ar1
  gerrit:
    image: openfrontier/gerrit:2.13.x
    container_name: gerrit
    volumes:
      - ./data:/data
      - ./gerrit/hooks:/var/gerrit/review_site/hooks
      - ./gerrit/plugins:/var/gerrit/review_site/plugins
    env_file: ./gerrit.env
    depends_on:
      - db
    links:
      - db
  nginx:
    image: nginx:alpine
    container_name: gerrit-nginx
    volumes:
      - ./data:/data
      - ./nginx:/opt/nginx
    command: ["nginx","-g","daemon off;","-c","/opt/nginx/nginx.conf"]
    ports:
      - "8003:8003"
      - "29418:29418"
    depends_on:
      - gerrit
    links:
      - gerrit
  gitcli:
    build: ./alpine-base
    container_name: gitcli
    volumes:
      - ./data:/data
    ports:
      - "2022:22"
    depends_on:
      - nginx
    links:
      - nginx:gerrit.xxx.com
      - db

swarm

由于docker-compose在服务编排的前提下并不支持容器的资源限制,只有在swarm模式下才能支持,因此在服务编排下需要进行资源限制就有开启swarm集群

  • swarm集群和docker的--live-restore模式互斥

开启swarm

1
2
3
4
5
6
7
8
$ docker swarm init
Swarm initialized: current node (arkjfd8kunskkunp2acad16ll) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-4kvdmr9m87hr3cpkccmufnujqfdng4vi2e5yz315n4xz750cyp-crrg3az1jdbabw3bnvrggjdnl 10.21.180.69:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

查看swarm信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ docker info
...
Swarm: active
 NodeID: arkjfd8kunskkunp2acad16ll
 Is Manager: true
 ClusterID: 1glut4ccxk614y2p6psmze9o0
 Managers: 1
 Nodes: 1
 Default Address Pool: 10.0.0.0/8
 SubnetSize: 24
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: 10.21.180.69
 Manager Addresses:
  10.21.180.69:2377
...

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ cat docker-compose.yml
version: '3'
services:
  compuso-web:
    image: r.isme.pub/base/nginx:alpine
    volumes:
      - ./html:/usr/share/nginx/html
    ports:
      - "8082:80"
    deploy:
      resources:
        limits:
          cpus: '0.25'
          memory: 500M
        reservations:
          cpus: '0.10'
          memory: 200M

启动

1
2
3
4
5
6
7
$ docker stack deploy -c docker-compose.yml custom-web
Creating network custom-web_default
Creating service custom-web_compuso-web

$ curl http://10.21.180.69:8082/
Hello Duxiaoman In Compose
Hello Duxiaoman In Compose

查看

1
2
3
4
5
6
7
$ docker stack ls
NAME                SERVICES            ORCHESTRATOR
custom-web          1                   Swarm

$ docker stack ps custom-web
ID                  NAME                       IMAGE                                   NODE                            DESIRED STATE       CURRENT STATE           ERROR               PORTS
iwnop04nuxr6        custom-web_compuso-web.1   r.isme.pub/base/nginx:alpine   instance-2v3px5mk-10.bcc-bjdd   Running             Running 3 minutes ago

swarm相关的stack和services不在这里扩展讨论

docker中镜像相关的命令说明

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
build       # 通过DOCKERFILE创建一个镜像
commit      # 将一个镜像打包成一个镜像(会将运行层打包,commit过程中容器会进入暂停状态防止数据不一致)
load        # 通过镜像包导入镜像(对应save参数)
history     # 查看一个镜像的构建历史()
images     # 查看本地镜像列表
export      # 将一个容器导出成一个容器镜像包(类似先执行commit、然后执行save)
import      # 通过容器镜像包导入生成一个镜像,对应export参数
rmi        # 删除镜像
save        # 将镜像打包导出成镜像包
search      # 从镜像中心查找镜像
tag         # 给镜像打标签
login       # 登录镜像仓库
logout     # 登出镜像仓库
pull        # 从镜像中心拉取镜像
push        # 将镜像推送到镜像中心