rigistry docker-compose部署

原創 lixianfa1110 2019-01-26 15:26

rigistry docker-compose部署

部署目錄
$ ll
drwxr-xr-x 2 root root 60 Aug 9 18:49 config
-rwxr-x--- 1 root root 7970401 Aug 9 18:49 docker-compose
-rw-r----- 1 root root 311 Aug 9 18:49 docker-compose.yml
-rw------- 1 root root 35680768 Aug 9 18:49 image-registry-2.6.2.tar
-rw-r----- 1 root root 677 Aug 9 18:49 README.md
$

$cat README

前置要求

  1. node機器配置DNS: 域名hub.cloud.pub指向registry所在機器。
  2. Docker安裝:確保registry所在機器的docker已經安裝。
  3. 盤符掛載:掛載到registry所在機器的/Docker目錄。
  4. 鏡像文件放置:將image.tar解壓到上述掛載目錄。
    加壓後的v2文件夾拷貝至 /Docker/registry/docker/registry

安裝步驟

  1. 解壓registry_chongqing.tar.gz。
  2. docker load -i registry_chongqing/registry.tar
  3. cp registry_chongqing/docker-compose /usr/local/bin/
  4. docker-compose up -d
  5. (可選)如果盤符掛載不是/Docker,修改registry_chongqing/docker-compose.yml第10行":"左邊部分爲相應目錄。

$ cat docker-compose.yml
version: '2'
services:
registry:

ports:
  - 80:80
  - 443:80
image: registry:2.6.2
restart: always
volumes:
  - /Docker/registry:/var/lib/registry
  - ./config/:/etc/registry/
environment:
  - GODEBUG=netdns=cgo
command:
  ["serve", "/etc/registry/config.yml"]

cat config/config.yml

version: 0.1
log:
level: debug
formatter: json
fields:

service: registry

accesslog:

disabled: true

storage:

cache:
    layerinfo: inmemory
filesystem:
    rootdirectory: /var/lib/registry
maintenance:
    uploadpurging:
        enabled: false
delete:
    enabled: true

http:

addr: :80
host: https://hub.cloud.pub
secret: placeholder
debug:
    addr: :5001
tls:
    certificate: /etc/registry/domain.crt
    key: /etc/registry/domain.key

cat domain.crt

-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgIJAILSreXM0r8hMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxFjAUBgNVBAMMDWh1Yi5jbG91ZC5wdWIwHhcNMTcxMTA4MDc1
NjA0WhcNMjcxMTA2MDc1NjA0WjBaMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVm
YXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRYwFAYDVQQD
DA1odWIuY2xvdWQucHViMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
wZqcDfVmHH4SNcHxEsWQV0wSONpe6pSM6/cBYhErLJe8fVXH8DM/YlgNO0bHyb5O
RlYLESGSUIe4K27AIVWuD/N9vHXVyWkv0/EeTuW8qP7yA8FHLvygDvMl6rkhe6h8
wst1Zd6Al4PaFFs5M/P/+RwlydkNBBtcSbzoJAVkUIpiogVJ/vE70v/kVit3dTi2
Z243JE/bvEFZSX0NeMQP4n5znTYO8OAYqpHlGSxZMz+FimannVlyxqYzUV/0ZmoZ
1n96247/vFlMGduNGa1nGmfWZMNUy5D/1Oad+JY4ucGAaHLde/uFOrENvt5xZU75
O1L+eWrLA4h43ddHR8UiOwAJH5vZlx5zIiOARiAkHN9lHj6SPAIz10hb6C2qqhMh
jz8uf2OIm9ESO3yB86JX2p+DLf8mR66sPYV5J+fXMh7pePU3FXCHMIw7Bwr6q4Dn
LvrDpLBA3eBCETdRHu8xaTS5QfsmaTQkgJmE99DRuT+SWkUvMcQFmJti3m3HyB+X
mD+vOD/QFKdzPDwX+8r493ARKbLu5Cbh/uIuCRk43nZhYFI0/FhonbMpkhgbpFzn
Ws4xh2T7DfTC8krWr6GT1efcsD7Gc0HEX7xz5b2IkdQ2TT0oiTJ+1Fo+zNDDZVCW
Hj3ihv8kW1J8iFJgkplbqp5ARf4HtwQCJeZFhuaaFY0CAwEAAaNQME4wHQYDVR0O
BBYEFP+szb509E4cH8H2RRoh4eNMwl15MB8GA1UdIwQYMBaAFP+szb509E4cH8H2
RRoh4eNMwl15MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAExI5ek8
5VWZG7JbrXFRSCxfynj7OH6ZZOEZUZtVDv9RURUbKzSb6cqcm+/0bnhTtk1dVRRc
iXLwls7rLVGEGQjswVNFbX064bp+IJL31q3Ga2VAYUMnd+Fq7Ggp4wNuWN2Ke1rc
lWr8ViKwKWAxnrQmuDQAmDgEch3I0509gkcZElRSoh/pfTjN97GeTkkQyQsB94Ni
rDhv/lFxDB9Tt2IbmR/ihlBcaxBCUHx1GUBQNUKKQFnCYUtGYS0pCrZUJnpGwmYr
TgCOgRWjq/ZWxSDeP2WLaJpVl96ZS+rnCO74XYKBtA487trzmLPzj1TFTbYS1rjl
lYmOoGlVd7v7V8/E12DcXGVjCKRrGguhbHfNSna9mOieol7f8HQCJk59p47OS3k/
qbYWmfU8Hauvgm6jRWXsR9UMGqo/8zadxhdLOKvyHSo9aM/1DiF29mxS+/1poB9H
k9PbRQy3aIAE+/kuIOjezGh/p45qrSfN0bYwtoA8ahqG4VcxMbYyg7+99F+Lo96V
KpsoFY6C1VLsIlY6GA59BFA8AjUPeDvsICdlyWgkPYXKFo81s5+101J4ZjBGIGjo
+pRx7+WEpXV7Js2a5/Qs2QQ4SG37SeYBaRfFAJLpe5Q0pkVIPJNwjHrDgONP61Si
qMRrW2+TWgALHKl2tCS1PdrQpxOHlJ1L8Wrz
-----END CERTIFICATE-----

cat domain.crt

-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgIJAILSreXM0r8hMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxFjAUBgNVBAMMDWh1Yi5jbG91ZC5wdWIwHhcNMTcxMTA4MDc1
NjA0WhcNMjcxMTA2MDc1NjA0WjBaMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVm
YXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRYwFAYDVQQD
DA1odWIuY2xvdWQucHViMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
wZqcDfVmHH4SNcHxEsWQV0wSONpe6pSM6/cBYhErLJe8fVXH8DM/YlgNO0bHyb5O
RlYLESGSUIe4K27AIVWuD/N9vHXVyWkv0/EeTuW8qP7yA8FHLvygDvMl6rkhe6h8
wst1Zd6Al4PaFFs5M/P/+RwlydkNBBtcSbzoJAVkUIpiogVJ/vE70v/kVit3dTi2
Z243JE/bvEFZSX0NeMQP4n5znTYO8OAYqpHlGSxZMz+FimannVlyxqYzUV/0ZmoZ
1n96247/vFlMGduNGa1nGmfWZMNUy5D/1Oad+JY4ucGAaHLde/uFOrENvt5xZU75
O1L+eWrLA4h43ddHR8UiOwAJH5vZlx5zIiOARiAkHN9lHj6SPAIz10hb6C2qqhMh
jz8uf2OIm9ESO3yB86JX2p+DLf8mR66sPYV5J+fXMh7pePU3FXCHMIw7Bwr6q4Dn
LvrDpLBA3eBCETdRHu8xaTS5QfsmaTQkgJmE99DRuT+SWkUvMcQFmJti3m3HyB+X
mD+vOD/QFKdzPDwX+8r493ARKbLu5Cbh/uIuCRk43nZhYFI0/FhonbMpkhgbpFzn
Ws4xh2T7DfTC8krWr6GT1efcsD7Gc0HEX7xz5b2IkdQ2TT0oiTJ+1Fo+zNDDZVCW
Hj3ihv8kW1J8iFJgkplbqp5ARf4HtwQCJeZFhuaaFY0CAwEAAaNQME4wHQYDVR0O
BBYEFP+szb509E4cH8H2RRoh4eNMwl15MB8GA1UdIwQYMBaAFP+szb509E4cH8H2
RRoh4eNMwl15MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAExI5ek8
5VWZG7JbrXFRSCxfynj7OH6ZZOEZUZtVDv9RURUbKzSb6cqcm+/0bnhTtk1dVRRc
iXLwls7rLVGEGQjswVNFbX064bp+IJL31q3Ga2VAYUMnd+Fq7Ggp4wNuWN2Ke1rc
lWr8ViKwKWAxnrQmuDQAmDgEch3I0509gkcZElRSoh/pfTjN97GeTkkQyQsB94Ni
rDhv/lFxDB9Tt2IbmR/ihlBcaxBCUHx1GUBQNUKKQFnCYUtGYS0pCrZUJnpGwmYr
TgCOgRWjq/ZWxSDeP2WLaJpVl96ZS+rnCO74XYKBtA487trzmLPzj1TFTbYS1rjl
lYmOoGlVd7v7V8/E12DcXGVjCKRrGguhbHfNSna9mOieol7f8HQCJk59p47OS3k/
qbYWmfU8Hauvgm6jRWXsR9UMGqo/8zadxhdLOKvyHSo9aM/1DiF29mxS+/1poB9H
k9PbRQy3aIAE+/kuIOjezGh/p45qrSfN0bYwtoA8ahqG4VcxMbYyg7+99F+Lo96V
KpsoFY6C1VLsIlY6GA59BFA8AjUPeDvsICdlyWgkPYXKFo81s5+101J4ZjBGIGjo
+pRx7+WEpXV7Js2a5/Qs2QQ4SG37SeYBaRfFAJLpe5Q0pkVIPJNwjHrDgONP61Si
qMRrW2+TWgALHKl2tCS1PdrQpxOHlJ1L8Wrz
-----END CERTIFICATE-----

證書生成方式參考
$ cat install_registry.sh

!/bin/bash

namespace="kube-system"
account="caas"
password="Pacc$3@1"

生成證書文件;ca證書可以直接使用k8s的自簽名ca證書,如果使用k8s的證書則這一步可以省略

cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=docker docker-csr.json | cfssljson -bare docker

生成密碼文件

htpasswd -Bbc authfile $account $password

將文件內容配置到configmap

domainkey=sed ':a;N;$!ba;s/\n/\\\\r\\\\n/g' docker-key.pem
domaincrt=sed ':a;N;$!ba;s/\n/\\\\r\\\\n/g' docker.pem
htpasswd=sed ':a;N;$!ba;s/\n/\\\\r\\\\n/g' authfile

echo "htpasswd=" $htpasswd

cd /etc/pki/tls/certs/ && cat ca.pem >> /etc/pki/tls/certs/ca-bundle.crt

cp -i docker-registry-internal.yaml.template docker-registry-internal.yaml

echo "
apiVersion: v1
kind: ConfigMap
data:
domain.crt: "$domaincrt"
domain.key: "$domainkey"
htpasswd: "$htpasswd"
metadata:
name: tls
namespace: kube-system
" >> docker-registry-internal.yaml

kubectl delete -f docker-registry-internal.yaml
while [ $? -ne 0 ]
do
sleep 3
kubectl get pod -n $namespace|grep registry
done

kubectl create -f docker-registry-internal.yaml

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

docker 容器固定ip

rshare 2019-02-23 00:32:37

linux上安裝Docker(非常簡單的安裝方法)

幸運券發放 2019-02-24 19:38:01

Error response from daemon: OCI runtime create failed

uiz 2019-02-24 13:44:10

『高級篇』docker之kubernetes基礎集羣附加功能kube-proxy和kube-dns(

IT人故事 2019-02-23 14:07:34

寶塔面板 + Rancher + 阿里雲鏡像倉庫 + Docker + Kubernetes,添加集羣、部署 web 應用

燕小范 2019-02-23 13:20:14

jenkins觸發式自動構建docker鏡像上傳至harbor併發布

龍澤 2019-02-23 13:07:50

Flask 教程 第十九章:Docker容器上的部署

天降攻城獅 2019-02-23 10:17:16

docker

xmlgrg 2019-02-23 00:41:20

docker 基礎命令

qq5a3c5e337fedf 2019-02-23 00:40:07

docker容器初探—基本概念和基礎命令用法

IT陳工 2019-02-23 00:35:57

Docker的入門使用

二郎神六號 2019-02-23 00:33:25

學習docker

寧金 2019-02-23 00:27:04

『高級篇』docker之kubernetes基礎集羣命令小實戰(35)

IT人故事 2019-02-23 00:25:42

docker安裝

Leo_zhjl 2019-02-23 00:19:35

【Docker篇之一】Docker鏡像及容器

Matbe 2019-02-23 00:17:01