Docker镜像发布

本地镜像发布流程

docker镜像生成

• docker commit 提交一个镜像(看上一节)
• dockerFile 构建新的镜像(后续更新)

阿里云公有云仓库

docker镜像推送到阿里云

• 案例：演示制作的本地ubuntu镜像推送到阿里云

## 素材原型
[root@CentOs7_001 ubuntu]# docker images
REPOSITORY           TAG       IMAGE ID       CREATED          SIZE
igsshan/ubuntu       0.0.2     2a0da7b9e07a   41 minutes ago   184MB
igsshan/ubuntu       0.0.1     df481e243482   7 hours ago      72.8MB
ubuntu               latest    ba6acccedd29   19 months ago    72.8MB

## 配置阿里云平台
### 配置流程
01.登录阿里云平台(https://www.aliyun.com) ---> 02.选择<控制台> ---> 03.选择<镜像容器服务> ---> 04.点击<实例列表> ---> 05.点击<个人实例> ---> 06.点击<仓库管理-命名空间> ---> 07.创建新的命名空间<最好选择公开> ---> 08.点击<镜像仓库> ---> 09.创建新的镜像仓库挂载在刚刚新建的命名空间下<最好选择公开> ---> 10.完成
#### 配置完成后生成脚本可以一键使用;包含登录阿里云,构建tag,推送镜像和拉取镜像

## 将镜像推送到阿里云

### 登录阿里云
[root@CentOs7_001 ubuntu]# docker login --username=我叫龚小山 registry.cn-hangzhou.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

### 通过docker tag 命令重构镜像
[root@CentOs7_001 ubuntu]# docker tag 2a0da7b9e07a registry.cn-hangzhou.aliyuncs.com/igsshansz/iubuntu:0.0.2
[root@CentOs7_001 ubuntu]# docker images
REPOSITORY                                            TAG       IMAGE ID       CREATED          SIZE
igsshan/ubuntu                                        0.0.2     2a0da7b9e07a   54 minutes ago   184MB
registry.cn-hangzhou.aliyuncs.com/igsshansz/iubuntu   0.0.2     2a0da7b9e07a   54 minutes ago   184MB
igsshan/ubuntu                                        0.0.1     df481e243482   7 hours ago      72.8MB
ubuntu                                                latest    ba6acccedd29   19 months ago    72.8MB

### 推送重构的镜像到阿里云
[root@CentOs7_001 ubuntu]# docker push registry.cn-hangzhou.aliyuncs.com/igsshansz/iubuntu:0.0.2
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/igsshansz/iubuntu]
6b6477d03f57: Pushed
9f54eef41275: Pushed
0.0.2: digest: sha256:4761058acfbdebfc82344482062035188e3cd904740e546a6be96f5181957b95 size: 741
[root@CentOs7_001 ubuntu]#

docker镜像拉取到本地

使用脚本命令快捷拉取到本地

## 脚本
docker pull registry.cn-hangzhou.aliyuncs.com/igsshansz/iubuntu:[镜像版本号]

## 实例
docker pull registry.cn-hangzhou.aliyuncs.com/igsshansz/iubuntu:0.0.2

dockerRegistry私有云仓库

官方Docker Hub地址：https://hub.docker.com/，中国大陆访问太慢了且准备被阿里云取代的趋势，不太主流。

Dockerhub、阿里云这样的公共镜像仓库可能不太方便，涉及机密的公司不可能提供镜像给公网，所以需要创建一个本地私人仓库供给团队使用，基于公司内部项目构建镜像。

Docker Registry是官方提供的工具，可以用于构建私有镜像仓库

• 案例：演示制作本地ubuntu镜像推送到私有云

## 素材原型
[root@CentOs7_001 ubuntu]# docker images
REPOSITORY           TAG       IMAGE ID       CREATED          SIZE
igsshan/ubuntu       0.0.2     2a0da7b9e07a   41 minutes ago   184MB
igsshan/ubuntu       0.0.1     df481e243482   7 hours ago      72.8MB
ubuntu               latest    ba6acccedd29   19 months ago    72.8MB


## 拉取registry镜像
docker pull registry

## 启动registry镜像
docker run -d -p 5000:5000 --name="registry" -v /mydata/docker/registry.:/tmp/registry --privileged=true registry
-d : 后台启动
-p : 端口映射
-v : 容器卷挂载到本地

### 启动命令
[root@CentOs7_001 registry]# docker run -d -p 5000:5000 --name="registry" -v /mydata/docker/registry/:/tmp/registry --privileged=true registry
ec2ec8e4ef07cbe0af3ce3d81b517790ec04091c2ec6d9b7c1f154bc5a7f7427
[root@CentOs7_001 registry]# docker ps
CONTAINER ID   IMAGE                COMMAND                  CREATED         STATUS         PORTS                                       NAMES
ec2ec8e4ef07   registry             "/entrypoint.sh /etc…"   5 seconds ago   Up 3 seconds   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   registry


## 查看私服上有什么镜像
curl -X GET http://192.168.33.101:5000/v2/_catalog
[root@CentOs7_001 registry]# curl -X GET HTTP://192.168.33.101:5000/v2/_catalog
{"repositories":[]}


## 修改配置文件使之支持http

[root@CentOs7_001 registry]# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://lljn1hsm.mirror.aliyuncs.com"]
}
[root@CentOs7_001 registry]# vi /etc/docker/daemon.json

{
  "registry-mirrors": ["https://lljn1hsm.mirror.aliyuncs.com"],
  "insecure-registries": ["192.168.33.101:5000"]
}

### 注意: 修改配置后重启docker使之生效

## 制作镜像
### 制作可以使用ifconfig网络配置的本地镜像
#### 启动一个容器
docker run -it nbuntu /bin/bash
#### 进入容器中,使用ifconfig命令
root@5e28e2566dfe:/# ifconfig
bash: ipconfig: command not found
#### 更新包管理工具
apt-get update
#### 下载net-tools工具
apt-get install -y net-tools
#### 验证下载是否成功
root@5e28e2566dfe:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.3  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:03  txqueuelen 0  (Ethernet)
        RX packets 4396  bytes 27015468 (27.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2826  bytes 157654 (157.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
#### 退出容器,commit镜像
[root@CentOs7_001 registry]# docker ps
CONTAINER ID   IMAGE                COMMAND                  CREATED         STATUS          PORTS                                       NAMES
5e28e2566dfe   ubuntu               "/bin/bash"              2 minutes ago   Up 2 minutes                                                gifted_varahamihira
ec2ec8e4ef07   registry             "/entrypoint.sh /etc…"   4 minutes ago   Up 4 minutes    0.0.0.0:5000->5000/tcp, :::5000->5000/tcp   registry
[root@CentOs7_001 registry]# docker commit -m="add net-tools command" -a="igsshan" 5e28e2566dfe igsshan/ubuntu:0.0.3
sha256:b5f53944390b484b1d0ac66344329873b870b18c7194b9df3423fceb44781625
#### 制作tag
[root@CentOs7_001 registry]# docker tag b5f53944390b 192.168.33.101:5000/ubuntu:0.0.3
[root@CentOs7_001 registry]# docker images
REPOSITORY                                            TAG       IMAGE ID       CREATED              SIZE
192.168.33.101:5000/ubuntu                            0.0.3     b5f53944390b   About a minute ago   117MB
igsshan/ubuntu                                        0.0.3     b5f53944390b   About a minute ago   117MB
#### 推送到私服
[root@CentOs7_001 registry]# docker push 192.168.33.101:5000/ubuntu:0.0.3
The push refers to repository [192.168.33.101:5000/ubuntu]
149dc2112ad9: Pushed
9f54eef41275: Pushed
0.0.3: digest: sha256:e880d5223e052ede7b5dbd6d76b364188d87080321275d7a9e7bf61a820340b2 size: 741

#### 查看私服内容
[root@CentOs7_001 registry]# curl -X GET http://192.168.33.101:5000/v2/_catalog
{"repositories":["ubuntu"]}

#### pull到本地
[root@CentOs7_001 registry]# docker pull 192.168.33.101:5000/ubuntu:0.0.3
0.0.3: Pulling from ubuntu
7b1a6ab2e44d: Already exists
f746d0431684: Pull complete
Digest: sha256:e880d5223e052ede7b5dbd6d76b364188d87080321275d7a9e7bf61a820340b2
Status: Downloaded newer image for 192.168.33.101:5000/ubuntu:0.0.3
192.168.33.101:5000/ubuntu:0.0.3
[root@CentOs7_001 registry]# docker images
REPOSITORY                                            TAG       IMAGE ID       CREATED          SIZE
192.168.33.101:5000/ubuntu                            0.0.3     b5f53944390b   19 minutes ago   117MB

#### 启动容器,查看差异
[root@CentOs7_001 registry]# docker run -it b5f53944390b /bin/bash
root@26a58e5a4fff:/#
root@26a58e5a4fff:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.4  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:04  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

如果不修改配置文件,默认不支持http的,推送镜像到私服报错<Error response from daemon: Get “https://192.168.33.101:5000/v2/ “: http: server gave HTTP response to HTTPS client>