Configuration and use of private image warehouse of microservice architect docker

Time:2021-9-11

Introduction to docker privatized warehouse

Introduction to private warehouse

Dockerhub, do you remember what you do?
Public warehouse for storing images
Official website:
Docker hub official website:https://registry.hub.docker.com
Sometimes it may be inconvenient (sometimes inaccessible) to use a public warehouse such as docker hub. Users can create a local warehouse for private use and use the official tool docker registry to configure the private image warehouse

1. Use official tools to configure
Docker registry is an official tool that can be used to build a private image repository.
registry [ ˈ red ʒɪ Stri] record, register

What are the advantages of a private image warehouse?

Private warehouse benefits:
1. Fast speed
2. Convenient maintenance
3. Safe

Idea of building private warehouse:
Old idea: Download source code tar / Yum – install – modify configuration file – start service
Using docker idea: directly download and start the docker instance using the registry image, so that the warehouse can be built successfully.

With docker, all software will no longer be released in the form of office.exe or lrzsz.rpm, but in the form of docker image. You just need to download the docker image and run a docker instance. With docker, you don’t have to worry about installing Linux services anymore!

Experimental environment planning

Experimental environment:
Docker private warehouse address: xuegod64. The memory required by the xuegod64 machine should be at least 2G, and I allocated 6G
Docker server address: xuegod63. Xuegod63 will use the docker private warehouse on xuegod64 to pull / push the image. Experimental topology:
Configuration and use of private image warehouse of microservice architect docker

Build a docker private warehouse using registry

Docker service:
The host name is xuegod63
Host IP: 192.168.1.63 (this IP can be configured as a static IP according to your environment)
Configuration: 4vcpu / 4GI memory

Prepare the experimental environment:
Create a new CentOS 7.6 64 bit virtual machine
The host name is xuegod64
Host IP: 192.168.1.64 (this IP can be configured as a static IP according to your environment)
Configuration: 4vcpu / 4GI memory

Initialize experimental environment – install docker

Configure static IP

Configure the virtual machine or physical machine as a static IP address so that the IP address will not change after the machine is restarted. Take xuegod64 host as an example, modify the static IP:
modify/etc/sysconfig/network-scripts/ifcfg-ens33The file becomes as follows:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.1.64
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
#After modifying the configuration file, you need to restart the network service to make the configuration effective. The command to restart the network service is as follows:
service network restart

#Configuration host name: xuegod64
hostnamectl set-hostname xuegod64
#Configure the hosts file on xuegod63 and xuegod64 to make the hosts files of the two hosts consistent
[[email protected] ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.63 xuegod63
192.168.1.64 xuegod64
[[email protected] ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.63 xuegod63
192.168.1.64 xuegod64
#Turn off firewalld firewall
[[email protected] ~]# systemctl stop firewalld ; systemctl disable firewalld
#Turn off iptables firewall
[ [email protected] ~]#Yum install iptables services -y# install iptables
#Disable iptables
[[email protected] ~]# service iptables stop   && systemctl disable iptables
Clear firewall rules
[[email protected] ~]# iptables -F 
#Close SELinux
[ [email protected] ~]#Setenforce0 # temporarily disabled
#Permanently disabled
[[email protected] ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
Note: after modifying the SELinux configuration file, restart the machine and SELinux will take effect permanently
[[email protected] ~]# getenforce
Disabled
#Configure time synchronization
[[email protected] ~]# ntpdate cn.pool.ntp.org
#Write scheduled tasks
crontab -e
* */1 * * * /usr/sbin/ntpdate   cn.pool.ntp.org
Restart the crond service to make the configuration effective:
service crond restart

Method 1: install docker CE online and configure the yum source of domestic docker Ce (alicloud)

[[email protected] ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Configure offline Yum source for docker Ce:
Method 2: it is recommended that you use offline installation. The k8s-docker.tar.gz compressed package you need below is private mail to me
[[email protected] ~]# tar xf k8s-docker.tar.gz -C /opt/
[[email protected] ~]# tee /etc/yum.repos.d/k8s-docker.repo << ‘EOF’
[k8s-docker]
name=k8s-docker
baseurl=file:///opt/k8s-docker
enable=1
gpgcheck=0
EOF

Install the base package

[[email protected] ~]# yum install -y  wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl
 curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel  python-devel epel-release 
 openssh-server socat  ipvsadm conntrack ntpdate  telnet

Installing docker environment dependencies

[[email protected] ~]# yum install -y yum-utils device-mapper-persistent-data lvm2

Install docker CE

[[email protected] ~]# yum install docker-ce docker-ce-cli containerd.io -y

Note:docker-ce-cliDocker command line Toolkit
containerd.ioContainer interface related packages
yum infoThe name of the software package. You can view the specific function of a package.

start-updockerservice

[[email protected] ~]# systemctl start docker && systemctl enable docker

View docker version information

[[email protected] ~]# docker version    
[[email protected] ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-04-20 10:07:23 CST; 9s ago

Enable packet forwarding and modify kernel parameters

Kernel parameter modification:

[[email protected] ~]# modprobe br_netfilter
[[email protected] ~]# echo "modprobe br_netfilter" >> /etc/profile
[[email protected] ~]# cat > /etc/sysctl.d/docker.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[[email protected] ~]# sysctl -p /etc/sysctl.d/docker.conf

Restart docker

[[email protected] ~]# systemctl restart docker

What is Br_ netfilter?
linux iptables/netfilterThrough andlinux bridgeFunction linkage to realize transparent firewall function.

Transparent firewall is also called bridge firewall. Simply put, it is to add the firewall function to the bridge device. Transparent firewall has the advantages of strong deployment ability, good concealment and high security.

Why execute modprobe br_ netfilter?
Add in / etc / sysctl.conf:

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1 

Error executing sysctl – P:

resolvent:

modprobe br_netfilter

Also remember net.bridge.bridge-nf-call-ip6tables and net.ipv4.ip_ Forward?

net.ipv4.ip_forward:
The network architecture of a single docker is essentially that a docker0 bridge is installed on the host. When accessing the container from the outside, you only need to access the address of the host and the address mapped by the corresponding container, After the accessed data packets are sent to the host computer, after being parsed by IP packets, the data packets will be forwarded from eth0 network card to docker0 bridge through the rules of destination port and iptables for the next routing. So if the IP address on the host of the container_ If forward is not opened, the container on the host cannot be accessed by other hosts

net.bridge.bridge-nf-call-ip6tables:
By default, traffic sent from the container to the default bridge is not forwarded to the outside. To enable forwarding: net.bridge.bridge-nf-call-ip6tables = 1

Configure xuegod64 as docker private warehouse server

1. Pull the registry image. The registry image includes software for building local private warehouses:

registry   [ ˈ red ʒɪ Stri] record, register; Pull; Push push

Upload registry.tar to xuegod64
Import local mirror:

[[email protected] ~]# docker load -i  registry.tar
  1. View registry image
[[email protected] ~]# docker images 
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
registry      latest              047218491f8c        3 weeks ago         33.17 MB
  1. Actual combat: use the registry image to build a private warehouse
    Use the registry image to build a private warehouse. The private library building program has been installed in the registry image. I just need to run a docker instance using the registry image.

The registry service listens to the port number, which is 5000 by default

[[email protected]~]# docker run -d --name registry -p 5000:5000 -v /opt/registry:/var/lib/registry   registry:latest
e4698f625a56661edd2678269215ba42d4fa41c2da881768a741a72b4a3d0c60

By default, the directory where the registry stores images is under / var / lib / registry. In this way, if the container is deleted, the images stored in the container will also be lost. Therefore, we will generally specify a directory of the local physical machine, such as / opt / registry, to mount to / var / lib / registry of the container. Use the – V parameter to specify a locally persistent path.

[ [email protected] ~]#Ls / opt / registry # this directory will be created automatically
[[email protected]~]# docker ps
CONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                    NAMES
90cc7afb477e   registry:latest   "/entrypoint.sh /etc…"   34 seconds ago   Up 33 seconds   0.0.0.0:5000->5000/tcp   registry
[[email protected] ~]# netstat  -antup | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      4032/docker-proxy

Note: the private library has been started successfully.

To view the list of images in a private warehouse:

curl http://192.168.1.64:5000/v2/_catalog 
{"repositories":[]}   

It is found that it is still empty. In the later stage, the local docker image is uploaded to the private warehouse, and there is data.

Configure the docker on xuegod63 and use the private warehouse on xuegod64

Modify the docker configuration file and specify that the docker image acceleration node is the address of the private warehouse

[[email protected] ~]# vim  /etc/docker/daemon.json   

Modify the daemon.json file and write the following:

“insecure-registries”: [ “192.168.1.64:35000” ]
The complete contents of the modified / etc / docker / daemon.json file are as follows:

{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-
cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-
mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com","https://rncxm540.mirror.aliyuncs.com"
,"https://e9yneuy4.mirror.aliyuncs.com"],
"insecure-registries": [ "192.168.1.64:5000" ]  
}

Note: – secure registry is not a secure registry. Insecurity here refers to the HTTP protocol. If you want to securely transmit images, you need to use the HTTPS protocol. Our private warehouse is generally used in the local area, so we can directly use the HTTP protocol.

Reload for configuration to take effect

[[email protected] ~]# systemctl daemon-reload

Restart the docker service

[[email protected] ~]# systemctl restart docker 

Actual combat – upload local image to private warehouse

  1. Pull a test image from docker hub, name: busybox
    Local import
    Upload the busybox.tar image to xuegod63 as the test image.
[[email protected] ~]# docker load -i  busybox.tar
[[email protected] ~]# docker images 
REPOSITORY  TAG      IMAGE ID             CREATED            SIZE
busybox      latest     00f017a8c2a6        2 weeks ago         1.11 MB

Note:
Busybox overview: busybox is a software that integrates more than 100 of the most commonly used linux commands and tools. Busybox includes some simple tools of busybox, such as LS, cat and echo, as well as some larger and more complex tools, such as grep, find, mount and telnet. Some people call busybox the Swiss Army knife in Linux tools. In short, busybox is like a big toolbox. It integrates and compresses many tools and commands of Linux, as well as the built-in shell of Android system.
Have you seen the Swiss Army knife?
Configuration and use of private image warehouse of microservice architect docker

Official website: www.busybox.net
Configuration and use of private image warehouse of microservice architect docker
2. Label the basic image (copy an image and give a name)
Syntax: docker tag original image name: label private warehouse address / new image name: Label
Execution:

[[email protected] ~]# docker tag busybox:latest 192.168.1.64:5000/busybox:latest

Note: do not write the image label. The default is latest

[[email protected] ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
192.168.1.64:5000/busybox   latest    00f017a8c2a6   4 years ago    1.11MB

3. Image the newly labeled 192.168.1.64:35000/busybox and push it into the private warehouse of xuegod64.

[[email protected] ~]#  docker push 192.168.1.64:5000/busybox 

Push: transfer the image to the private image warehouse
4. Log in to xuegod64 and view the storage directory and files of the image

[[email protected] ~]# yum install tree -y 
[[email protected] ~]# tree /opt/registry/docker/registry/v2/repositories/
/opt/registry/docker/registry/v2/repositories/
└ - busybox # can see the uploaded image

visithttp://192.168.1.64:5000/v2/_…

You can view the list of images in the private warehouse, as shown below:

{"repositories":["busybox"]}

3.2.6 practice – create services using images in private warehouses
To delete a mirror:
Syntax: docker RMI image name: Label
[ [email protected] ~]#Docker RMI 192.168.1.64:5000 / busybox # delete image
[ [email protected] ~]#Docker pull 192.168.1.64: 5000 / busybox # Download Image
[ [email protected] ~]#Docker images # view imported images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.64:5000/busybox latest 00f017a8c2a6 2 weeks ago 1.11 MB

Run a new docker instance using the newly imported image:
[[email protected] ~]# docker run 192.168.1.64:5000/busybox:latest echo “hello”
hello
Run successfully.

summary
Steps to build a private warehouse:
1. Import the registry image into the xuegod64 machine
2. Run a docker instance based on the registry image. Registry listens to 5000 ports by default, and 5000 ports need to be mapped on the host

To transfer an image to a private warehouse:
1. Install docker service
2. Modify the docker service image source to a private warehouse address:

"insecure-registries": [ "192.168.1.64:5000" ] 

3. Label the image to be imported, such as:192.168.1.64:5000/busybox:latest
4. Upload the tagged image to the private warehouse:docker push 192.168.1.64:5000/busybox:latest

Download Image from private warehouse:
1. Modify the docker service image source to a private warehouse address:

"insecure-registries": [ "192.168.1.64:5000" ]

2. Download the image just uploaded:docker pull 192.168.1.64:5000/busybox:latest
3. To view the list of images in a private warehouse:http://192.168.1.64:5000/v2/_catalog

Actual combat: build docker private warehouse with harbor

Introduction to harbor
The development and operation of docker container applications are inseparable from reliable image management. Although docker officially provides a public image warehouse, it is also very necessary to deploy the registry in our private environment from the perspective of security and efficiency. Harbor is an enterprise level docker registry management project open source by VMware. It includes rights management (RBAC), LDAP, log audit, management interface, self registration, image replication and Chinese support.
Official website address:https://github.com/goharbor/h…
Configuration and use of private image warehouse of microservice architect docker
harbor [‘h ɑ: b ə] gulf

Experimental environment:
The xuegod64 machine needs at least 2G of memory, and I allocated 6G
Note: when installing harbor, the available space of the system root partition needs to be greater than 6G, otherwise it will be reported that there is insufficient space during installation. Memory above 2G
Configuration and use of private image warehouse of microservice architect docker

Issue certificate for harbor

[[email protected] ~]# mkdir /data/ssl -p
[[email protected] ~]# cd /data/ssl/

Generate CA certificate:

[[email protected] ssl]# openssl genrsa -out ca.key 3072

Generate a 3072 bit key, that is, the private key

[[email protected] ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem

Generate a digital certificate ca.pem. 3650 indicates that the valid time of the certificate is 3 years. Just fill in according to the arrow prompt. If there is no arrow, it is empty:

[[email protected] ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN 
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:xuegod
Organizational Unit Name (eg, section) []:CA
Common Name (eg, your name or your server's hostname) []:xuegod64.cn
Email Address []:[email protected]

Generate certificate for domain name:

[[email protected] ssl]# openssl genrsa -out harbor.key  3072

Generate a 3072 bit key, that is, the private key

[[email protected] ssl]# openssl req -new -key harbor.key -out harbor.csr

Generate a certificate request. If it is required to issue the certificate later, fill in the one marked with arrow according to the prompt. If there is no arrow, it is empty:

[[email protected] ssl]#  openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:xuegod
Organizational Unit Name (eg, section) []:CA       
Common Name (eg, your name or your server's hostname) []:xuegod64.cn
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Certificate issued:

[[email protected] ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650

As shown below, it indicates that the certificate has been issued:
Configuration and use of private image warehouse of microservice architect docker
Check whether the certificate is valid:

openssl x509 -noout -text -in harbor.pem 

The display is as follows, and the description is valid:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            cd:21:3c:44:64:17:65:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CH, ST=BJ, L=BJ, O=Default Company Ltd
        Validity
            Not Before: Dec 26 09:29:19 2020 GMT
            Not After : Dec 24 09:29:19 2030 GMT
        Subject: C=CH, ST=BJ, L=BJ, O=Default Company Ltd, CN=harbor
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
                    00:b0:60:c3:e6:35:70:11:c8:73:83:38:9a:7e:b8:
                    。。。

Install harbor

Delete the previous registry container to prevent conflicts with the harbor installation

[[email protected] ssl]# docker rm -f registry

Create installation directory

[[email protected] ssl]# mkdir /data/install -p
[[email protected] ssl]# cd /data/install/

Install harbor
/The following files are available in the data / SSL Directory:

ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem

[[email protected] install]# cd /data/install/

Upload the offline package of harbor-offline-installer-v1.5.0.tgz to this directory. The offline package is provided in the courseware and can be downloaded by yourself:

Decompression:

[[email protected] install]# tar zxvf harbor-offline-installer-v1.5.0.tgz
[[email protected] install]# cd harbor
[[email protected] harbor]# ls

You can see the following directory:

Common directory: store template configuration

Ha Directory: make harbor highly available

To modify a profile:

[[email protected] harbor]# vim harbor.cfg
hostname = xuegod64

Modify the hostname to be consistent with the certificate domain name issued above

ui_url_protocol = https

HTTPS protocol

ssl_cert = /data/ssl/harbor.pem
ssl_cert_key = /data/ssl/harbor.key

Mail and LDAP do not need to be configured. They can be configured in the web interface of harbor
Other configurations can be configured by default
Save and exit after modification
Note: Harbor default account password:admin/Harbor12345

Install docker compose
Method 1: upload docker compose offline to the server
Download binary files and upload them to Linux (docker compose binary files are provided in the course materials and can be uploaded directly)

[[email protected] ~]# rz

Configuration and use of private image warehouse of microservice architect docker

[[email protected] ~]# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose

Add execution permission

[[email protected] ~]# chmod +x /usr/local/bin/docker-compose

Note: docker compose project is the official open source project of docker, which is responsible for the rapid arrangement of docker container clusters. The project configuration file of docker compose is docker-compose.yml by default. There must be a docker-compose.yml in the docker compose running directory. Docker compose can manage multiple docker instances.

Method 2: online installation:

[[email protected] ~]# curl -L https://github.com/docker/compose/releases/download/1.26.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose

Add execution permission

[[email protected] ~]# chmod +x /usr/local/bin/docker-compose

Install the offline image package docker-harbor.tar.gz required for harbor in the courseware, which can be uploaded to xuegod64 and decompressed through docker load – I

[[email protected] ~]#  docker load -i docker-harbor.tar.gz
[[email protected] install]# cd /data/install/harbor
[[email protected] harbor]# ./install.sh --with-notary --with-clair

Claim enables vulnerability scanning of the image. Clair is an open source project. It provides a tool to monitor the security of the container by statically analyzing the vulnerabilities in the APPC and docker containers. Clair is an API driven analysis engine that checks containers for known security flaws layer by layer. With Clair, you can easily build services that provide continuous monitoring of container vulnerabilities.

Configuration and use of private image warehouse of microservice architect docker
Configuration and use of private image warehouse of microservice architect docker
The above interface will appear during the installation process, indicating that the installation is normal. Docker PS is displayed as follows, indicating that the container is started normally
Configuration and use of private image warehouse of microservice architect docker
Modify the hosts file on your computer
Configuration and use of private image warehouse of microservice architect docker
Add the following line to the hosts file and save it

192.168.1.64  xuegod64

Extension:
How to stop Harbor:
You can use docker compose to start or close the harbor service. But it must run in the same directory as docker-compose.yml.

[[email protected] harbor]# cd /data/install/harbor
[[email protected] harbor]# docker-compose stop 
Or: docker compose stop - F / data / install / docker compose.yml

How to start Harbor:

[[email protected] harbor]# cd /data/install/harbor
[[email protected] harbor]# docker-compose start
docker-compose start    

If docker compose start fails to access harbor after it starts, you need to restart the virtual machine

Instructions for using harbor image interface

Enter in the browser:
https://xuegod64
Configuration and use of private image warehouse of microservice architect docker
After receiving the risk and continuing, the following interface appears, indicating that the access is normal
Configuration and use of private image warehouse of microservice architect docker
Account No.: admin
Password: Harbor 12345
Enter the account password as follows:
Configuration and use of private image warehouse of microservice architect docker
All basic images will be placed in the library, which is an open image warehouse

Create a new project – > name a project test (select the open access level so that the project can be used publicly)
Configuration and use of private image warehouse of microservice architect docker
Configuration and use of private image warehouse of microservice architect docker

Test the harbor image warehouse using xuegod64 on xuegod63

Modify docker configuration

[[email protected] ~]# vim /etc/docker/daemon.json

{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com","https://rncxm540.mirror.aliyuncs.com","https://e9yneuy4.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.1.64"]
}

Make the configuration effective after modifying the configuration:

[[email protected] ~]# systemctl daemon-reload && systemctl restart docker

Check whether docker is started successfully

[[email protected] ~]# systemctl status docker

The display is as follows, indicating that the startup is successful:

Active: active (running) since Fri … ago

be careful:
A new line is added to the configuration as follows:

"insecure-registries":["192.168.1.64"], 

The content added above indicates that when we visit harbor on the intranet, we use HTTP, and 192.168.1.64 is the IP of the harbor machine

Log in to harbor:

[[email protected]]# docker login 192.168.1.64

Username:admin 
Password:  Harbor12345

After entering the account password, you will see the following, indicating that the login is successful:

Login Succeeded

Import Tomcat image, and tomcat.tar.gz is in the courseware

[roo[email protected] ~]# docker load -i tomcat.tar.gz

Label the Tomcat image

[[email protected] ~]# docker tag tomcat:latest  192.168.1.64/test/tomcat:v1

Executing the above command will upload 192.168.1.64/test/tomcat: V1 to the test project in harbor

[[email protected] ~]# docker push 192.168.1.64/test/tomcat:v1

Executing the above command will upload 192.168.1.64/test/tomcat: V1 to the test project in harbor
Configuration and use of private image warehouse of microservice architect docker

Download Image from harbor warehouse

Delete the image on xuegod63 machine

[[email protected] ~]# docker rmi -f 192.168.1.64/test/tomcat:v1

Pull image

[[email protected] ~]#docker pull 192.168.1.64/test/tomcat:v1

Extension: if you want to access harbor through secure HTTPS, you can use the following methods

Log in to xuegod63 machine and create the certificate storage directory

[[email protected]]# mkdir -p /etc/docker/certs.d/xuegod64

Xuegod64 is the host name specified when harbor issues the certificate

Log in to the harbor server and copy the CA certificate to the machine using docker

[[email protected] ~]# cd /data/ssl
[[email protected] ~]# scp ca.pem xuegod63:/etc/docker/certs.d/xuegod64/

Log in to xuegod63 machine

[[email protected]]# mv  /etc/docker/certs.d/xuegod64
[[email protected] ~]# mv ca.pem ca.crt

Modify docker configuration

[[email protected] ~]# vim /etc/docker/daemon.json

{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com","https://rncxm540.mirror.aliyuncs.com","https://e9yneuy4.mirror.aliyuncs.com"],
}

Delete “secure registers”: [“192.168.1.64”]

Restart docker

[[email protected]]# systemctl restart docker
[[email protected]]# docker login https://xuegod64

Username:admin 
Password:  Harbor12345

Alibaba cloud private warehouse is used to store your own docker images

Log in to alicloud Developer Platform
https://developer.aliyun.com/…
Configuration and use of private image warehouse of microservice architect docker
Log in with your own account. If not, register an account

https://cr.console.aliyun.com…
Configuration and use of private image warehouse of microservice architect docker

Click to run Personal Edition

Configuration and use of private image warehouse of microservice architect docker
Click “namespace” on this page – create namespace: testxuegod1
Configuration and use of private image warehouse of microservice architect docker
Configuration and use of private image warehouse of microservice architect docker
Configure a password to access the private warehouse. The user name is the user name you log in to the website.
Configuration and use of private image warehouse of microservice architect docker
Create a mirror warehouse:
Configuration and use of private image warehouse of microservice architect docker
Warehouse Name: Test
Configuration and use of private image warehouse of microservice architect docker
Configuration and use of private image warehouse of microservice architect docker
Click management to view the usage:
Configuration and use of private image warehouse of microservice architect docker
Click the management page to view the operation guide:
Configuration and use of private image warehouse of microservice architect docker
Configuration and use of private image warehouse of microservice architect docker

Start using Alibaba cloud private warehouse

Log in to Alibaba cloud docker registry:

[[email protected] ~]# docker login --username=lucky6a6a  registry.cn-hangzhou.aliyuncs.com

The user name logged in to the registry is the full name of the alicloud account, and the password is the password set when the service is opened.
Log in to xuegod63 and push the local image Tomcat to alicloud registry

Upload the Tomcat image to xuegod63 and decompress it manually

docker load  -i tomcat.tar.gz

Label the base image

[[email protected] ~]# docker tag tomcat registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1

Upload the image to alicloud host

[[email protected] ~]# docker push registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1

View on alicloud:
Configuration and use of private image warehouse of microservice architect docker
Configuration and use of private image warehouse of microservice architect docker
Download an image:
Log in to Alibaba cloud docker registry:

[[email protected] ~]# docker login --username=lucky6a6a  registry.cn-hangzhou.aliyuncs.com

The user name logged in to the registry is the full name of the alicloud account, and the password is the password set when the service is opened.
See the following instructions to log in successfully:
Configuration and use of private image warehouse of microservice architect docker

[[email protected] ~]# docker pull registry.cn-hangzhou.aliyuncs.com/testxuegod1/test:v1
[[email protected] ~]# docker images

Configure alicloud image accelerator

https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

Configuration and use of private image warehouse of microservice architect docker

Want to get the original text and learn the video
Add a friend and reply to “docker”
Configuration and use of private image warehouse of microservice architect docker

Recommended Today

Lua language novice simple tutorial

1、 Foreword Lua is a lightweight and compact scripting language, which is written in standard C language and open in the form of source code. Its design purpose is to be embedded in the application, so as to provide flexible expansion and customization functions for the application. Lua can be applied in game development, independent […]