前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >docker registry:设置私有的镜像缓存仓库

docker registry:设置私有的镜像缓存仓库

作者头像
机械视角
发布2019-11-01 15:00:47
2.6K0
发布2019-11-01 15:00:47
举报
文章被收录于专栏:Tensorbytes
背景介绍

docker 提供了官方的 registry 仓库镜像,可以通过docker hub进行拉取:

代码语言:javascript
复制
docker pull registry

但是直接拉取的registry我们并不知道如何设置,我们可以看看他的Dockerfile地址,git地址:

https://github.com/docker/distribution-library-image

通过这个仓库知道主要是通过config-example.yml来配置。

resgistry 的配置

代码语言:javascript
复制
version: 0.1
log:
  accesslog:
    disabled: true
  level: debug
  formatter: text
  fields:
    service: registry
    environment: staging
  hooks:
    - type: mail
      disabled: true
      levels:
        - panic
      options:
        smtp:
          addr: mail.example.com:25
          username: mailuser
          password: password
          insecure: true
        from: sender@example.com
        to:
          - errors@example.com
loglevel: debug # deprecated: use "log"
storage:
  filesystem:
    rootdirectory: /var/lib/registry
    maxthreads: 100
  azure:
    accountname: accountname
    accountkey: base64encodedaccountkey
    container: containername
  gcs:
    bucket: bucketname
    keyfile: /path/to/keyfile
    credentials:
      type: service_account
      project_id: project_id_string
      private_key_id: private_key_id_string
      private_key: private_key_string
      client_email: client@example.com
      client_id: client_id_string
      auth_uri: http://example.com/auth_uri
      token_uri: http://example.com/token_uri
      auth_provider_x509_cert_url: http://example.com/provider_cert_url
      client_x509_cert_url: http://example.com/client_cert_url
    rootdirectory: /gcs/object/name/prefix
    chunksize: 5242880
  s3:
    accesskey: awsaccesskey
    secretkey: awssecretkey
    region: us-west-1
    regionendpoint: http://myobjects.local
    bucket: bucketname
    encrypt: true
    keyid: mykeyid
    secure: true
    v4auth: true
    chunksize: 5242880
    multipartcopychunksize: 33554432
    multipartcopymaxconcurrency: 100
    multipartcopythresholdsize: 33554432
    rootdirectory: /s3/object/name/prefix
  swift:
    username: username
    password: password
    authurl: https://storage.myprovider.com/auth/v1.0 or https://storage.myprovider.com/v2.0 or https://storage.myprovider.com/v3/auth
    tenant: tenantname
    tenantid: tenantid
    domain: domain name for Openstack Identity v3 API
    domainid: domain id for Openstack Identity v3 API
    insecureskipverify: true
    region: fr
    container: containername
    rootdirectory: /swift/object/name/prefix
  oss:
    accesskeyid: accesskeyid
    accesskeysecret: accesskeysecret
    region: OSS region name
    endpoint: optional endpoints
    internal: optional internal endpoint
    bucket: OSS bucket
    encrypt: optional enable server-side encryption
    encryptionkeyid: optional KMS key id for encryption
    secure: optional ssl setting
    chunksize: optional size valye
    rootdirectory: optional root directory
  inmemory:  # This driver takes no parameters
  delete:
    enabled: false
  redirect:
    disable: false
  cache:
    blobdescriptor: redis
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
    readonly:
      enabled: false
auth:
  silly:
    realm: silly-realm
    service: silly-service
  token:
    autoredirect: true
    realm: token-realm
    service: token-service
    issuer: registry-token-issuer
    rootcertbundle: /root/certs/bundle
  htpasswd:
    realm: basic-realm
    path: /path/to/htpasswd
middleware:
  registry:
    - name: ARegistryMiddleware
      options:
        foo: bar
  repository:
    - name: ARepositoryMiddleware
      options:
        foo: bar
  storage:
    - name: cloudfront
      options:
        baseurl: https://my.cloudfronted.domain.com/
        privatekey: /path/to/pem
        keypairid: cloudfrontkeypairid
        duration: 3000s
        ipfilteredby: awsregion
        awsregion: us-east-1, use-east-2
        updatefrenquency: 12h
        iprangesurl: https://ip-ranges.amazonaws.com/ip-ranges.json
  storage:
    - name: redirect
      options:
        baseurl: https://example.com/
reporting:
  bugsnag:
    apikey: bugsnagapikey
    releasestage: bugsnagreleasestage
    endpoint: bugsnagendpoint
  newrelic:
    licensekey: newreliclicensekey
    name: newrelicname
    verbose: true
http:
  addr: localhost:5000
  prefix: /my/nested/registry/
  host: https://myregistryaddress.org:5000
  secret: asecretforlocaldevelopment
  relativeurls: false
  draintimeout: 60s
  tls:
    certificate: /path/to/x509/public
    key: /path/to/x509/private
    clientcas:
      - /path/to/ca.pem
      - /path/to/another/ca.pem
    letsencrypt:
      cachefile: /path/to/cache-file
      email: emailused@letsencrypt.com
      hosts: [myregistryaddress.org]
  debug:
    addr: localhost:5001
    prometheus:
      enabled: true
      path: /metrics
  headers:
    X-Content-Type-Options: [nosniff]
  http2:
    disabled: false
notifications:
  events:
    includereferences: true
  endpoints:
    - name: alistener
      disabled: false
      url: https://my.listener.com/event
      headers: <http.Header>
      timeout: 1s
      threshold: 10
      backoff: 1s
      ignoredmediatypes:
        - application/octet-stream
      ignore:
        mediatypes:
           - application/octet-stream
        actions:
           - pull
redis:
  addr: localhost:6379
  password: asecret
  db: 0
  dialtimeout: 10ms
  readtimeout: 10ms
  writetimeout: 10ms
  pool:
    maxidle: 16
    maxactive: 64
    idletimeout: 300s
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
  file:
    - file: /path/to/checked/file
      interval: 10s
  http:
    - uri: http://server.to.check/must/return/200
      headers:
        Authorization: [Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
      statuscode: 200
      timeout: 3s
      interval: 10s
      threshold: 3
  tcp:
    - addr: redis-server.domain.com:6379
      timeout: 3s
      interval: 10s
      threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io
  username: [username]
  password: [password]
compatibility:
  schema1:
    signingkeyfile: /etc/registry/key.json
    enabled: true
validation:
  manifests:
    urls:
      allow:
        - ^https?://([^/]+\.)*example\.com/
      deny:
        - ^https?://www\.example\.com/

和 proxy cache 相关的参数是 proxy 。

搭建 docker registry

okay,下面我们通过原始dockerfile构建一个缓存私有仓库:

1.修改config-example.conf文件

由于本机是intel的64位系统,因此选择amd64,修改里面的config-example.conf:

代码语言:javascript
复制
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io

2.构建registry镜像

构建registry镜像:

代码语言:javascript
复制
docker build -t dokcer-registry:v0.1 .

3.运行registry容器

运行registry容器:

代码语言:javascript
复制
docker run -it -p 5000:5000 docker-registry:v0.1

4.测试缓存是否生效

在测试的daemon.json配置目标地址:

代码语言:javascript
复制
cat > /etc/docker/daemon.json << EOF 
{
	"insecure-registries": ["10.10.6.111:5000"],
	"registry-mirrors":["http://10.10.6.111:5000"]
}
EOF

重启容器服务service docker restart

测试:

代码语言:javascript
复制
docker pull node:8.4.0-onbuild

用docker logs 查看 registry 容器:

docker logs -f docker-registry

代码语言:javascript
复制
time="2019-10-31T07:48:33.210442036Z" level=info msg="Adding new scheduler entry for library/node@sha256:0485a8f7251f7823455cb5efb010ee034e7b44b13414d11080c4daae8af1acb3 with ttl=167h59m59.999996323s" go.version=go1.11.2 instance.id=154296c5-33a6-44cc-bc25-9cb74eb2fc47 service=registry version=v2.7.1 
time="2019-10-31T07:48:33.210850287Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="10.10.6.111:5000" http.request.id=05a32ff6-54f1-4b70-b86e-1802959c0ff2 http.request.method=GET http.request.remoteaddr="10.10.6.19:60562" http.request.uri="/v2/library/node/manifests/8.4.0-onbuild" http.request.useragent="docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \(linux\))" http.response.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.response.duration=3.632741932s http.response.status=200 http.response.written=2213 
10.10.6.19 - - [31/Oct/2019:07:48:29 +0000] "GET /v2/library/node/manifests/8.4.0-onbuild HTTP/1.1" 200 2213 "" "docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \\(linux\\))"
time="2019-10-31T07:48:35.734990871Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="10.10.6.111:5000" http.request.id=76e0c7e6-b6e2-4d48-8baf-bcd296996e69 http.request.method=GET http.request.remoteaddr="10.10.6.19:60564" http.request.uri="/v2/library/node/blobs/sha256:d24de6795fb1d44f2ecd12ab0768fefb45c3a31674824961512f71fbf234a704" http.request.useragent="docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.522583499s http.response.status=200 http.response.written=8639 
10.10.6.19 - - [31/Oct/2019:07:48:33 +0000] "GET /v2/library/node/blobs/sha256:d24de6795fb1d44f2ecd12ab0768fefb45c3a31674824961512f71fbf234a704 HTTP/1.1" 200 8639 "" "docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \\(linux\\))"
time="2019-10-31T07:48:36.375234583Z" level=info msg="Adding new scheduler entry for library/node@sha256:d24de6795fb1d44f2ecd12ab0768fefb45c3a31674824961512f71fbf234a704 with ttl=167h59m59.999996974s" go.version=go1.11.2 instance.id=154296c5-33a6-44cc-bc25-9cb74eb2fc47 service=registry version=v2.7.1

从日志可以看出缓存成功了~

PS: 镜像第一次拉取还比较慢,第二次拉取速度立刻飞起~大家可以试试

本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2019-10-31,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 背景介绍
  • 搭建 docker registry
相关产品与服务
容器服务
腾讯云容器服务(Tencent Kubernetes Engine, TKE)基于原生 kubernetes 提供以容器为核心的、高度可扩展的高性能容器管理服务,覆盖 Serverless、边缘计算、分布式云等多种业务部署场景,业内首创单个集群兼容多种计算节点的容器资源管理模式。同时产品作为云原生 Finops 领先布道者,主导开源项目Crane,全面助力客户实现资源优化、成本控制。
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档