書籍來源:《CKA/CKAD應試指南:從Docker到Kubernetes完全攻略》
一邊學習一邊整理老師的課程内容及實驗筆記,并與大家分享,侵權即删,謝謝支援!
附上彙總貼:CKA備考實驗 | 彙總_熱愛程式設計的通信人的部落格-CSDN部落格
前面我們建立容器所需要的鏡像都是從網絡下載下傳的,但是生産伺服器很多是不能連接配接到外網的,那麼此時該如何使用鏡像呢?
這個時候,我們可以在自己的内網搭建一個私有倉庫,把需要的鏡像上傳到私有倉庫,這樣其他主機需要鏡像的話,就可以從私有倉庫自行下載下傳了。
要想配置私有倉庫的話,有兩種方法。
(1)使用registry鏡像。
(2)利用harbor。
本章暫且先講registry配置私有倉庫,後面會單獨講解如何使用harbor配置私有倉庫。
先檢視下面的拓撲圖,如圖2-3所示。
這裡把vms101作為私有倉庫,在vms101上用鏡像registry建立一個容器出來,這個容器就作為私有倉庫。容器的端口是5000,為了讓外部其他主機能通路到此容器,是以建立這個registry容器的時候,需要映射到實體機的5000端口。後面通過192.168.26.101:5000即可通路到此容器。
在vms101上安裝并啟動docker-ce,自行下載下傳鏡像registry。
##########實操驗證##########
[root@vms101 ~]# docker pull hub.c.163.com/library/registry:latest
latest: Pulling from library/registry
25728a036091: Pull complete
0da5d1919042: Pull complete
e27a85fd6357: Pull complete
d9253dc430fe: Pull complete
916886b856db: Pull complete
Digest: sha256:fce8e7e1569d2f9193f75e9b42efb07a7557fc1e9d2c7154b23da591e324f3d1
Status: Downloaded newer image for hub.c.163.com/library/registry:latest
hub.c.163.com/library/registry:latest
[root@vms101 ~]#
2.2.1 搭建私有倉庫并設定
在vms101上配置。
步驟1:設定docker可以通過http的方式通路,有兩種方法,二選一即可。
(1)修改/usr/lib/systemd/system/docker.service,在ExecStart後面添加:
##########實操驗證##########
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.26.101:5000 -H fd:// --containerd=/run/containerd/containerd.sock
然後重新開機docker。
##########實操驗證##########
[root@vms101 ~]# systemctl daemon-reload ; systemctl restart docker
[root@vms101 ~]#
(2)或者修改/etc/docker/daemon.json,内容如下。
[root@vms101 ~]# cat/etc/docker/daemon.json
{
"insecure-registries": ["192.168.26.101:5000"]
}
[root@vms101 ~]#
注意:如果配置了加速器的話,或者說{}裡有多行值的話,除了最後一行之外,每行都要逗号結束,比如這樣:
{
"registry-mirrors": ["https://frz7i079.mirror.aliyuncs.com"], -->這裡有逗号
"insecure-registries": ["192.168.26.101:5000"]
}
步驟2:重新開機docker。
[root@vms101 ~]# systemctl restart docker
[root@vms101 ~]#
步驟3:利用registry鏡像建立一個容器。
##########實操驗證##########
[root@vms101 ~]# docker run -d --name myreg -p 5000:5000 --restart=always -v /myreg:/var/lib/registry hub.c.163.com/library/registry
c8ac11dbf60bb13a752684efd67a9bc869cb5a257b3fb01b282318b1eec4c998
[root@vms101 ~]#
此時私有倉庫就配置好了。這裡把容器的端口映射到實體機的5000端口,上傳的鏡像都是在容器的/var/lib/registry目錄裡,為了能夠保證删除容器之後上傳的鏡像也是存在的,這裡做了一個資料卷,把容器的/var/lib/registry映射到實體機的/myreg目錄。
下面在vms100上配置。
步驟4:修改相關配置,使得docker能以http方式通路,這裡修改的是/etc/docker/daemon.json,内容如下。
##########實操驗證##########
[root@vms100 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://frz7i079.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.26.101:5000"]
}
[root@vms100 ~]#
步驟5:重新開機docker。
##########實操驗證##########
[root@vms100 ~]# systemctl restart docker
[root@vms100 ~]#
步驟6:在vms100上對要推送的鏡像進行tag操作。
##########實操驗證##########
[root@vms100 ~]# docker tag centos:v1 192.168.26.101:5000/cka/centos:v1
[root@vms100 ~]#
這裡新的tag的伺服器要指向docker倉庫的位址,192.168.26.101:5000,後面的分類cka及鏡像名都可以随意定義。
步驟7:把此鏡像推送到docker倉庫。
##########實操驗證##########
[root@vms100 ~]# docker push 192.168.26.101:5000/cka/centos:v1
The push refers to repository [192.168.26.101:5000/cka/centos]
0b744a01646c: Pushed
b362758f4793: Pushed
v1: digest: sha256:0276a952e12c2cd822b2f8879ccc8d6a175d66e8fc04fa27c25eb207a7895e01 size: 741
[root@vms100 ~]#
以此類推,可以推送多個鏡像,分類可以根據需要自己定義,我這裡把wordpress和mysql都推送到私有倉庫裡了。
##########實操驗證##########
[root@vms100 ~]# docker tag hub.c.163.com/library/mysql 192.168.26.101:5000/rhce8/mysql:v1
[root@vms100 ~]# docker push 192.168.26.101:5000/rhce8/mysql:v1
The push refers to repository [192.168.26.101:5000/rhce8/mysql]
8129a85b4056: Pushed
3c376267ac82: Pushed
fa9efdcb088a: Pushed
9e615ff77b4f: Pushed
e5de8ba20fae: Pushed
2bee3420217b: Pushed
904af8e2b2d5: Pushed
daf31ec3573d: Pushed
da4155a7d640: Pushed
3b7c5f5acc82: Pushed
295d6a056bfd: Pushed
v1: digest: sha256:c0806ac73235043de2a6cb4738bb2f6a74f71d9c7aa0f19c8e7530fd6c299e75 size: 2617
[root@vms100 ~]# docker tag hub.c.163.com/library/wordpress 192.168.26.101:5000/rhce8/wordpress:v2
[root@vms100 ~]# docker push 192.168.26.101:5000/rhce8/wordpress:v2
The push refers to repository [192.168.26.101:5000/rhce8/wordpress]
53e16fa1f104: Pushed
562dd11ed871: Pushed
6671cb9eb6b3: Pushed
4214911d5945: Pushed
fed26d7fe7b9: Pushed
c8c6d352c96e: Pushed
5a151fa4136e: Pushed
8747705a74d9: Pushed
adfd7c98cdf6: Pushed
354b4ef9664b: Pushed
2da371244fc1: Pushed
315db89f9acb: Pushed
3d2582fdede2: Pushed
53da01089a82: Pushed
0fd7a67d49b3: Pushed
f0c367fa8636: Pushed
ddd6dcab19ff: Pushed
2c40c66f7667: Pushed
v2: digest: sha256:ca4cf4692b7bebd81f229942c996b1c4e6907d6733e977e93d671a54b8053a22 size: 4078
[root@vms100 ~]#
步驟8:利用之前寫過的rm_all_image.sh清空vms100上所有的鏡像。
##########實操驗證##########
[root@vms100 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@vms100 ~]#
2.2.2 從私有倉庫下載下傳鏡像
本節練習如何從私有倉庫拉取鏡像,首先要檢視私有倉庫裡有多少鏡像。
步驟1:安裝工具jq。
##########實操驗證##########
[root@vms100 ~]# yum install jq -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package jq.x86_64 0:1.6-2.el7 will be installed
--> Processing Dependency: libonig.so.5()(64bit) for package: jq-1.6-2.el7.x86_64
--> Running transaction check
---> Package oniguruma.x86_64 0:6.8.2-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================================================================
Installing:
jq x86_64 1.6-2.el7 epel 167 k
Installing for dependencies:
oniguruma x86_64 6.8.2-2.el7 epel 181 k
Transaction Summary
==================================================================================================================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 348 k
Installed size: 1.0 M
Downloading packages:
(1/2): oniguruma-6.8.2-2.el7.x86_64.rpm | 181 kB 00:00:00
(2/2): jq-1.6-2.el7.x86_64.rpm | 167 kB 00:00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.5 MB/s | 348 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : oniguruma-6.8.2-2.el7.x86_64 1/2
warning: Failed to open SELinux handle.
Installing : jq-1.6-2.el7.x86_64 2/2
Verifying : oniguruma-6.8.2-2.el7.x86_64 1/2
Verifying : jq-1.6-2.el7.x86_64 2/2
Installed:
jq.x86_64 0:1.6-2.el7
Dependency Installed:
oniguruma.x86_64 0:6.8.2-2.el7
Complete!
[root@vms100 ~]#
步驟2:檢視私有倉庫所具有的倉庫。
##########實操驗證##########
[root@vms100 ~]# curl -s http://192.168.26.101:5000/v2/_catalog | jq
{
"repositories": [
"cka/centos",
"rhce8/mysql",
"rhce8/wordpress"
]
}
[root@vms100 ~]#
此時隻看到了分類及鏡像,并沒有看到這些鏡像的tag,如果想有某鏡像具體的tag,使用如下指令。
##########實操驗證##########
[root@vms100 ~]# curl http://192.168.26.101:5000/v2/cka/centos/tags/list
{"name":"cka/centos","tags":["v1"]}
[root@vms100 ~]#
可以看到cka/centos對應的tag為v1。這樣完整的鏡像就是192.168.26.101:5000/cka/centos:v1。
步驟3:也可以通過寫一個腳本實作列出倉庫裡一共有多少鏡像。
##########實操驗證##########
[root@vms100 ~]# cat list_img
#!/bin/bash
file=$(mktemp)
curl -s $1:5000/v2/_catalog | jq | egrep -v '\{|\}|\[|]' | awk -F\" '{print $2}' > $file
while read aa ; do
tag=($(curl -s $1:5000/v2/$aa/tags/list | jq | egrep -v '\{|\}|\[|]|name' | awk -F\" '{print $2}'))
for i in ${tag[*]} ; do
echo $1:5000/${aa}:$i
done
done < $file
rm -rf $file
[root@vms100 ~]#
步驟4:給此腳本加上一個可執行權限。
##########實操驗證##########
[root@vms100 ~]# chmod +x list_img
[root@vms100 ~]#
步驟5:執行腳本列出192.168.26.101上有多少鏡像。
##########實操驗證##########
[root@vms100 ~]# ./list_img 192.168.26.101
192.168.26.101:5000/cka/centos:v1
192.168.26.101:5000/rhce8/mysql:v1
192.168.26.101:5000/rhce8/wordpress:v2
[root@vms100 ~]#
步驟6:下載下傳鏡像。
##########實操驗證##########
[root@vms100 ~]# docker pull 192.168.26.101:5000/cka/centos:v1
v1: Pulling from cka/centos
364f9b7c969a: Already exists
a80ee3336562: Already exists
Digest: sha256:0276a952e12c2cd822b2f8879ccc8d6a175d66e8fc04fa27c25eb207a7895e01
Status: Downloaded newer image for 192.168.26.101:5000/cka/centos:v1
192.168.26.101:5000/cka/centos:v1
[root@vms100 ~]#
步驟7:删除此鏡像。
##########實操驗證##########
[root@vms100 ~]# docker rmi 192.168.26.101:5000/cka/centos:v1
Untagged: 192.168.26.101:5000/cka/centos:v1
Untagged: 192.168.26.101:5000/cka/centos@sha256:0276a952e12c2cd822b2f8879ccc8d6a175d66e8fc04fa27c25eb207a7895e01
Deleted: sha256:09a13e02d80a1f9082c04d8672b10251762d7c565a8d3922ff40714ef8e6c014
[root@vms100 ~]#
2.2.3 删除本地倉庫裡的鏡像
本地已經拉取下來的鏡像可以通過docker rmi來删除,那麼存在倉庫裡的鏡像該如何删除呢?下面開始練習删除倉庫裡的鏡像。
因為鏡像倉庫是放在vms101上的,是以下面的步驟是在vms101上操作的。
用指令wget ftp://ftp.rhce.cc/cka-tool/delete_docker_registry_image下載下傳腳本。
步驟1:設定變量REGISTRY_DATA_DIR,值為/path/docker/registry/v2,此處的/path是在建立容器時實體機對應的目錄,這裡是/myreg。
##########實操驗證##########
[root@vms101 ~]# export REGISTRY_DATA_DIR=/myreg/docker/registry/v2
[root@vms101 ~]# chmod +x delete_docker_registry_image
[root@vms101 ~]#
步驟2:現在删除rhce8/wordpress:v2這個鏡像。
##########實操驗證##########
[root@vms101 ~]# ./delete_docker_registry_image -i rhce8/wordpress:v2
INFO [2023-05-03 13:10:57,967] Deleting /myreg/docker/registry/v2/blobs/sha256/46/4676067592f277e1723e4ab4c588603df0b3dea762e22c354f7ada29b391cf10
INFO [2023-05-03 13:10:57,970] Deleting /myreg/docker/registry/v2/blobs/sha256/50/500c148f4d2bc727705f60726244dbe81ea49c82d24b4b75bbc95785f8f59c28
INFO [2023-05-03 13:10:57,970] Deleting /myreg/docker/registry/v2/blobs/sha256/a1/a1f92323ce632857be9799acd2f47d6037862312a78cafeb0def5bc1cd4a4bd9
INFO [2023-05-03 13:10:57,970] Deleting /myreg/docker/registry/v2/blobs/sha256/21/21ca94ab129e63d21156d1185897ee9f47b751d4acf08e5d357c0a7e01c0b8c3
INFO [2023-05-03 13:10:57,970] Deleting /myreg/docker/registry/v2/blobs/sha256/7b/7bf6285c3cb3496d442c9da238840311ad5300de9529848c78d50a5fa31b95e7
INFO [2023-05-03 13:10:57,970] Deleting /myreg/docker/registry/v2/blobs/sha256/4c/4cba0c8f2fb9ebdf1bf77a5f3e362ac11301efe6ea4c72b48ec475704811f192
INFO [2023-05-03 13:10:57,970] Deleting /myreg/docker/registry/v2/blobs/sha256/3a/3a64563707752ce8e348b2ec97e545c9eec87150028c4435b5d054215bf9416d
INFO [2023-05-03 13:10:57,971] Deleting /myreg/docker/registry/v2/blobs/sha256/47/47aadd06aa861e7fe2e51a47d18609b878e4b6e7a6eb7503726290dde541789d
INFO [2023-05-03 13:10:57,971] Deleting /myreg/docker/registry/v2/blobs/sha256/d7/d78a85ab33d971061da05887be7a089a43c3d2ca6c79f6146fc46320af045fde
INFO [2023-05-03 13:10:57,972] Deleting /myreg/docker/registry/v2/blobs/sha256/13/13ce341a48bcfddbd7f3a37fbd416ba7afbba8e19473bd40ed562b4dfb7db274
INFO [2023-05-03 13:10:57,985] Deleting /myreg/docker/registry/v2/blobs/sha256/2e/2e9c78a839ea6f24d8ed9b6268c5f7dac359953b86fa28f1fc5e84a22537157f
INFO [2023-05-03 13:10:57,986] Deleting /myreg/docker/registry/v2/blobs/sha256/16/16cb800870057c22e7ae56cc4fd1c6ba25fbe8037c518702454c0f52a9d6a0f8
INFO [2023-05-03 13:10:57,987] Deleting /myreg/docker/registry/v2/blobs/sha256/43/43cdadc01967acd376acd72fe5c2b449822b2b58eb1285fc77328b90f8e03418
INFO [2023-05-03 13:10:57,987] Deleting /myreg/docker/registry/v2/blobs/sha256/4c/4cf805694c593ac99f6363c0e0ad468c54e6d9ecc55108db4070d1858b779ace
INFO [2023-05-03 13:10:57,988] Deleting /myreg/docker/registry/v2/blobs/sha256/8f/8f8908a0bafbb9663be870461595439404d5ce2be4810e19cc9288daf65b2512
INFO [2023-05-03 13:10:57,988] Deleting /myreg/docker/registry/v2/blobs/sha256/21/21f90b3df721af13a7b797ff5bb5d447a48984c13a9eb065654534493691ab6d
INFO [2023-05-03 13:10:57,994] Deleting /myreg/docker/registry/v2/blobs/sha256/dc/dccaeccfba3693896ee17c63257e0159b0c909ac33cc7c846f5598de0d7d19fb
INFO [2023-05-03 13:10:57,994] Deleting /myreg/docker/registry/v2/blobs/sha256/ca/ca4cf4692b7bebd81f229942c996b1c4e6907d6733e977e93d671a54b8053a22
INFO [2023-05-03 13:10:57,995] Deleting /myreg/docker/registry/v2/blobs/sha256/04/045041220168d92a2f46190dffb984ae57a3a429d5fe43d8dddea9894565def3
INFO [2023-05-03 13:10:57,995] Deleting /myreg/docker/registry/v2/blobs/sha256/8e/8eac15b405f6f21a74fa6e710acaa23ecfdb9d25ec6e365d8541510bc9b58a2b
INFO [2023-05-03 13:10:57,995] Deleting /myreg/docker/registry/v2/repositories/rhce8/wordpress
[root@vms101 ~]#
步驟3:到vms100上驗證。
##########實操驗證##########
[root@vms100 ~]# ./list_img 192.168.26.101
192.168.26.101:5000/cka/centos:v1
192.168.26.101:5000/rhce8/mysql:v1
[root@vms100 ~]#
可以看到已經成功地删除了。
步驟4:自行把vms101上的registry容器删除。
##########實操驗證##########
[root@vms101 ~]# docker rm -f myreg
myreg
[root@vms101 ~]#
步驟:為了以後友善,在vms100上為鏡像192.168.26.101:5000/cka/centos:v1重新做一個tag,名字為centos:v1。
##########實操驗證##########
#之前已經删除了下載下傳的cetnos:v1鏡像,此處無法再重新做個tag了,驗證失敗