Shulou(Shulou.com)06/03 Report--

This article mainly introduces "how to build a private image warehouse". In daily operation, I believe many people have doubts about how to build a private image warehouse. The editor consulted all kinds of data and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to build a private image warehouse"! Next, please follow the editor to study!

Docker Container what is docker

Docker is a container implementation that includes three basic concepts:

Image: Docker image (Image), which is equivalent to a root file system. For example, the official image ubuntu:16.04 contains a complete set of Ubuntu16.04 minimal system root file system.

Container: the relationship between Image and Container, just like classes and instances in object-oriented programming, the image is a static definition, and the container is the entity of the mirror runtime. Containers can be created, started, stopped, deleted, paused, and so on.

Repository: the repository can be thought of as a code control center for storing images.

Enable remote access

There are two ways for docker to enable remote access:

Configuring remote access with systemd unit file

Edit docker.service, add-H fd://-H tcp://127.0.0.1:2375 startup parameters, then reload configuration and restart

$sudo systemctl daemon-reload $sudo systemctl restart docker.serviceConfiguring remote access with daemon.json

Modify the docker process configuration file to add hosts. (the approach used in this article)

Set the hosts array in the / etc/docker/daemon.json to connect to the UNIX socket and an IP address, as follows:

{"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"]}

Restart Docker.

Check to see whether the change was honored by reviewing the output of netstat to confirm dockerd is listening on the configured port.

$sudo netstat-lntp | grep dockerdtcp 0 0127.0.0.1 grep dockerdtcp 2375 0.0.0.0 LISTEN 3758/dockerd

Systemd vs daemon.json Configuring Docker to listen for connections using both the systemd unit file and the daemon.json file causes a conflict that prevents Docker from starting.

The client needs to configure the environment variable to access the remote docker process: DOCKER_HOST=tcp://172.31.0.250:2375 to build a private image repository.

The image repository is the place where docker images are centrally stored, and Docker Hub is a public image repository. For use in the company, we need a private warehouse. You can deploy with reference to the example scheme in https://github.com/Quiq/docker-registry-ui. The deployment scenario uses docker-compose and consists of three parts:

Register's most important image repository service

Web ui of register-ui warehouse

Httpd front-end http service

The docker-compose.yml file is as follows:

Version: "2.3" services: httpd: image: httpd:2.4 ports: -" 80:80 "volumes: -. / config/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro" registry: image: registry:2 ports:-"5000" volumes:-". / data/registry:/var/lib/registry" healthcheck: test: ["CMD", "wget" "- S", "localhost:5000/v2/"] interval: 5s timeout: 10s registry-ui: image: quiq/docker-registry-ui:latest ports:-"8000" volumes:-". / data/registry-ui:/opt/data"-". / config/registry-ui.yml:/opt/config.yml:ro" depends_on: registry: condition: service_healthy

As can be seen from the configuration file, this scheme uses volumes to map the data to be saved to the host. The configuration file is placed under. / config and the data file is placed under. / data.

If there are no special requirements, you can use the registry-ui.yml and httpd.conf configuration files in the example directly without any modification. Start with the docker-compose command.

$docker-compose up-d

After startup, you can access / ui on port 80 to enter the web interface (in this case, localhost is used because the service is running locally).

The / v2 request on port 80 will be forwarded to the mirroring service (http://registry:5000/v2). By typing tag, you can push to the private server warehouse.

Docker tag getting-started localhost/getting-started

If it is a remote server, you need to modify the docker configuration file on the client side to add the insecure configuration of the private server:

$cat / etc/docker/daemon.json {"insecure-registries": ["docker-hub.jc.com"]}

Otherwise, you will encounter an x509 exception:

X509: certificate is valid for ingress.local, not docker-hub.jc.com

Step on the pit

Because I used rancher's ingress to forward, as a result, I encountered when I was in push

Error parsing HTTP 413 response body: invalid character'

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.