Shulou(Shulou.com)05/31 Report--

This article focuses on "what is the customization and performance of docker-registry". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what is the customization and performance of docker-registry?"

Docker-index

Web UI

Meta-data metadata storage (notes, stars, common library list)

Access authentication

Token management

Docker-registry

Store the family pedigree of the mirror image and the mirror layer

No user account data

Do not know the user's account and security

Entrust security and authentication to docker-hub, and use token to ensure delivery security

There is no need to reinvent the wheel, supporting multiple storage backends

No local database

Back-end storage

Because the image is ultimately statically stored on the server in the form of tar.gz

Suitable for object storage rather than block storage

Registry storage driver

Officially supported drivers are File, Amazon AWS S3, ceph-s3, Google gcs, OpenStack swift,glance

An interaction that occurs in docker pull

Client asks Index to know where to download samlba/busybox

Index reply:

Samalba/busybox in RegistryA

Checksum of samalba/busybox, token of all layers

Client requests to Registry A, all layers of samalba/busybox. Registry An is responsible for storing samalba/busybox and the layers it depends on

Regsitry An initiates a request to Index to verify the validity of the user / token

Index returns whether this request is valid

Client downloads all layers from registry

Registry gets the actual file data from the back-end storage and returns it to Client

The scheme of building a private mirror library

The above index,registry and backend storage are all optional. Registry is divided into 0.9 python version implementation and 2.0 version go implementation.

Authentication and permissions

If the mirror library is not directly available to users, but is only part of the private PaaS, you can go directly to registry without the index component. Open source implementations of index include docker-registry-web,docker-registry-frontend. The wharf that supports well is Ma Daozhang.

Back-end storage

Our environment uses NetEase's internal object store NOS, similar to S3. Other options have not been used, if you want to build their own, it may be reliable is ceph-s3. If you are in a public network environment or have purchased a public cloud service, you can consider implementing a driver for registry- object storage.

Cluster and distributed

Registry itself is stateless and can be scaled horizontally, and then load balancing of ngix is done earlier.

Performance analysis v1 protocol vs v2 protocol client push total time pull total time registry-0.9388.180.9registry-2.0368.476.1

The performance comparison test shows that docker1.6,v2 protocol is about 5-6% faster than v1 protocol, which is basically negligible.

Performance Analysis of single pull and push

Layer | docker push | curl put:-|:-layer1 | 34s | 4.3s layer2 | 325s | 44.6s

Layer | docker pull | curl get:-|:-layer1 | 42s | 20.8s layer2 | 2s | 1.4s

After comparative testing, the maximum time-consuming of a single docker pull and push is on the client, and it can also be observed that the system CPU occupancy rate is 100% every time docker pull and push are done. In other words, more than 50% of the time is spent locally on compression, computing md5, and so on.

Concurrency analysis

The result of concurrent testing is that a registry-0.9 server with 2 cores and 2 gigabytes of memory, which is directly stored in files, can load about 50 docker client concurrency. If you switch to the backend of object storage, it is estimated that the concurrency of 10 docker client is the limit. Registry-2.0 is more concurrency in this respect, but consumes more memory.

Quan A

Q: there is no change in the performance of 2.0. What are the advantages? * * answer: * * client optimization is limited. When more than 100 nodes pull an image at the same time, the 2.0 server takes up less resources.

Q: where is the concurrency bottleneck on the server side? * * answer: * * the server code has not been analyzed yet. Judging from experience, it is mainly IO,python that takes up more memory.

Q: have you considered image storage CDN in multiple computer rooms? * * answer: * * this has not been considered. Currently, our image service is used on an internal PaaS platform, as long as the server room where the cluster resides can be accessed quickly.

Q: why not add a cache in each computer room? * * answer: * * Yes, you can also consider the mirror mechanism of registry. After using mirror, you can click push and pull.

Q: did you develop your own scheduler? * * answer: * * We use Kubernetes at the bottom, and the scheduler is modified to ensure multiple availability domains.

Q: is there any resource restriction and network isolation in the internal PaaS? * * answer: * * Yes, at present, our Docker runs on kvm.

Q: NetEase had a lot of service fragments yesterday. It is said to be a cyber attack. Did these services run on Docker? * * answer: * * hehe, the fragment is due to the core switch problem of BGP. I am also curious about what caused it. At present, no organization or individual has claimed responsibility for this.

Q: have you ever considered nova-docker? * * answer: * * the community is not very active. We did not adopt this scheme, but it is the fastest solution for small and medium-sized companies.

Q: why not consider implementing the scheduler yourself? * * answer: * * too busy, we also want to do ah, this will be realized later.

Q: we are going to run a Docker cluster on a public cloud. * * answer: * * use it this way. I think the advantage of Docker is that it has nothing to do with the underlying platform, and it will not be so difficult to change the underlying migration in the future.

At this point, I believe you have a deeper understanding of "what is the customization and performance of docker-registry". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.