Shulou(Shulou.com)06/01 Report--

In the previous document, I have described in detail how to quickly and easily deploy Rancher Server, enable Github authentication, and facilitate subsequent upgrades. In this document, I'll sort out how to create a password-protected private Docker Registry and how to integrate with Rancher. We will download a container image, tag it, and push it to this Registry. Finally, we will deploy this container image through Rancher Server.

Although I suggest you use AWS S3, I will use registry:2 here to store all the data locally on the host.

We need to prepare the following work in advance:

For the certificate corresponding to the domain name, I will use regv2.piel.io

A password compatible with .htaccess

I will quickly create the first certificate through letsencrypt.org and a Docker script.

Copy git@github.com:fatk/docker-letsencrypt-nginx-proxy-companion-examples.git

Modify docker-letsencrypt-nginx-proxy-companion-examples/dockerdocker-run/simple-site/docker-run.sh and change site.example.com to the domain name you will use

Run the script

$git clone git@github.com:fatk/docker-letsencrypt-nginx-proxy-companion-examples.git$ cd docker-letsencrypt-nginx-proxy-companion-examples# Modify the script and replace site.example.com $vi dockerdocker-run/simple-site/docker-run.sh$. / docker-run.sh

After the script runs, one nginx instance, one docker-gen instance, one letsencrypt-nginx-proxy-companion instance, and the final nginx instance will be started.

Let's take a look at which containers are started after the script runs successfully:

It seems to have been successful, but where is the certificate we just created?

$ls volumes/proxy/certsdhparam.pem regv2.piel.io regv2.piel.io.crt regv2.piel.io.dhparam.pem regv2.piel.io.key

And:

$ls volumes/proxy/certs/regv2.piel.ioaccount_key.json cert.pem fullchain.pem key.pem

Well, then we can use regv2.piel.io.key and fullchain.pem for container registry:2.

Let's create a directory of certificates that registry can access

$mkdir-p / data/docker-registry-certs$ cp volumes/proxy/certs/regv2.piel.io.key / data/docker-registry-certs/$ cp volumes/proxy/certs/regv2.piel.io/fullchain.pem / data/docker-registry-certs/$ mkdir / data/docker-registry-auth$ mkdir / data/docker-registry

The final step is to create a user name and password to access registry, which is the minimum security configuration for accessing docker registry:2.

$docker run-entrypoint htpasswd registry:2-Bbn pieltestuser\ "mkakogalb47" > / data/docker-registry-auth/htpasswd

This command requires that the registry:2 image already exists on the host, so it automatically downloads the image before running the htpasswd command. After that, the container stops automatically.

Check whether the htpasswd has been created:

$cat / data/docker-registry-auth/htpasswdpieltestuser:$2y$05 $w3IqOzTdsDbot9ls1JpeTeHYr/2vv.PTx3dObRvT.JkfGaygfTkJy

Finally, run registry:2

$docker run-d-p 5000 data/docker-registry:/var/lib/registry 5000-- restart=always-- name docker-registry\-v / data/docker-registry:/var/lib/registry\-v / data/docker-registry-auth:/auth\-e "REGISTRY_AUTH=htpasswd"\-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"\-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"\-v / data/docker-registry-certs:/certs\-e "REGISTRY_HTTP_TLS_ CERTIFICATE=/certs/fullchain.pem "\-e" REGISTRY_HTTP_TLS_KEY=/certs/regv2.piel.io.key "\ registry:2$ docker run-d-p 5000 restart=always-- name docker-registry\-v / data/docker-registry:/var/lib/registry\-v / data/docker-registry-auth:/auth\-e" REGISTRY_AUTH=htpasswd "\-e" REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm "\-e" REGISTRY _ AUTH_HTPASSWD_PATH=/auth/htpasswd "\-v / data/docker-registry-certs:/certs\-e" REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem "\-e" REGISTRY_HTTP_TLS_KEY=/certs/regv2.piel.io.key "registry:2

Let's see if we can log in:

$docker login-u pieltestuser-p "mkakogalb47"-e wayne@wayneconnolly.com regv2.piel.io:5000$ docker login-u pieltestuser-p "mkakogalb47"-e wayne@wayneconnolly.com regv2.piel.io:5000WARNING: login credentials saved in / root/.docker/config.jsonLogin Succeeded

Next, let's see if we can download, mark, and upload container images to our new image repository. For example, download a jenkins https://hub.docker.com/_/jenkins/

$docker pull jenkins$ docker tag jenkins:latest regv2.piel.io:5000/piel-jenkins:latest

Verify that it is available

Good. Upload it to our image warehouse.

$docker push regv2.piel.io:5000/piel-jenkins:latest

Until I was writing this article, apart from using Curl, there was no good way to see the list of images in the mirror library directly.

$curl-u pieltestuser:mkakogalb47 https://regv2.piel.io:5000/v2/_catalog{"repositories":["piel-jenkins"]}

You can see our new Jenkins image in our private mirror library through JSON.

Now we can apply our registry in our Rancher-test.piel.io environment.

Log in to Rancher and click add Host in Infrastructure > hosts.

Run the automatically generated commands on Rancher Host.

$sudo docker run-e CATTLE_AGENT_IP='45.32.190.15'\-d-privileged\-v / var/run/docker.sock:/var/run/docker.sock\-v / var/lib/rancher:/var/lib/rancher\ rancher/agent:v1.0.1 http://rancher-test.piel.io/v1/scripts/FF42DCE27F7C88BD7733:1461042000000:ryU0BaXJFo6c9zuHgeULdAtbCE$ sudo docker run-d-privileged\-v / var/run/docker.sock:/ Var/run/docker.sock\-v / var/lib/rancher:/var/lib/rancher\ rancher/agent:v0.11.0 http://rancher.piel.io/v1/scripts/BE455B92EA48EA1C1F12:1461042000000:mi433ChYRN9nfQSwB2FIlBnpPk

After a minute or two, the host will appear in the Rancher management interface. Since I haven't configured the host information yet, the host display name is still "vultr.guest". We can modify the host name and add tags through the menu.

Next, we add a private registry and deploy Jenkins on the newly added hosts.

Click "add Mirror Library" in the Infrastructure menu > Image Library, and select Custom to add the appropriate information to complete the configuration.

In a few minutes, Rancher server's private image repository will be ready for use.

Let's deploy the Jenkins container. In the Infrastructure > Container menu, click add Container

Fill in the required information, enter regv2.piel.io:5000/piel-jenkins: latest in the selection of p_w_picpath, and set the port mapping to Jenkins 8080 to port 80 of the host.

It will take some time to download the image here.

Next we will see that another container we have called "my-jenkins" has been started.

Access to Jenkins URL, http://regv2.piel.io.

Reconfirm via docker ps:

Success! We have now completed:

Create and encrypt our own private mirror library

Added and marked a container image

Added a host for Rancher Server

Added a private mirror library for Rancher Server

A Jenkins container is deployed on the host

Confirm that the container has been deployed successfully

Note: the server used in this tutorial is now retired.

Original source: Rancher Labs

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.