镜像仓库搭建
镜像仓库介绍
Docker 镜像仓库是一个可以存储、管理和共享 Docker 镜像的中心。在本文中,我们将探讨 Docker 镜像仓库的概念、重要性和不同的设置方案。
为什么需要 Docker 镜像仓库?
- 集中管理:Docker 镜像仓库提供了一个单一位置,您可以存储和管理所有 Docker 镜像。
- 共享和合作:集中仓库使您能够更容易地与他人共享和合作项目。
- 版本控制:Docker 镜像仓库允许您跟踪变化并维护不同的镜像版本。
使用 Docker 镜像仓库的方案
Docker Hub
- 优点:免费、广泛使用、docker.io内置,无需设置直接使用
- 缺点:有限存储容量(100GB)、组织成员限制(10)
- 使用方法:创建 Docker Hub 帐户,创建新仓库存储您的镜像。
Quay.io
- 优点:可扩展、支持 HTTP/HTTPS、集成于 CI/CD 工具
- 缺点:需要订阅、对于大规模存储使用的额外成本
- 使用方法:创建 Quay.io 帐户,使用 Quay.io 网站 UI 或 Quay.io CLI 设置容器镜像仓库。
云厂商 Container Registry
如Google, Amazon, Azure, 阿里云,腾讯云等镜像仓库
- 优点:可扩展、集成于 公有云平吧、支持 HTTP/HTTPS
- 缺点:免费额度有限、对于大规模存储使用的额外成本
- 使用方法:使用各云平台的容器镜像仓库服务管理镜像。
自管理私有 Docker Registry
- 优点:对存储和用户有完全控制权,无需 vendor lock-in
- 缺点:需要服务器基础设施和维护、可能需要自定义身份验证和 Authorization
- 使用方法:在您自己的服务器上设置自主 Docker 镜像仓库,使用 Traefik 或 NGINX 工具。
设置 Docker 镜像仓库可以简化管理和共享 Docker 镜像的过程。根据您的需求,您有多种选择,每种选项都有其优点和缺点。通过了解不同选项,您可以做出明智的决定,选择最适合您项目的仓库。
创建私有镜像仓库
搭建私有镜像仓库最简单、快速的方式是使用CNCF的Registry来搭建,Registry本身也是使用容器来发布,所有我们可以使用Docker极快的搭建一个本地私有镜像仓库。
Registry官方说明
About Registry
A registry is a storage and content delivery system, holding named container images and other content, available in different tagged versions.
Example: the image distribution/registry, with tags 2.0 and 2.1.
Users interact with a registry by pushing and pulling images.
Example: docker pull registry-1.docker.io/distribution/registry:2.1.
Storage itself is delegated to drivers. The default storage driver is the local posix filesystem, which is suitable for development or small deployments. Additional cloud-based storage drivers like S3, Microsoft Azure and Google Cloud Storage are supported. People looking into using other storage drivers should consider if the driver they’d like to be supported is S3 compatible like many cloud storage systems as adding new storage driver support has been put on hold for the time being.
Since securing access to your hosted images is paramount, the Registry natively supports TLS and basic authentication.
The Registry GitHub repository includes additional information about advanced authentication and authorization methods. Only very large or public deployments are expected to extend the Registry in this way.
Finally, the Registry ships with a robust notification system, calling webhooks in response to activity, and both extensive logging and reporting, mostly useful for large installations that want to collect metrics. Understanding image naming
Image names as used in typical docker commands reflect their origin:
docker pull ubuntu instructs docker to pull an image named ubuntu from Docker Hub. This is simply a shortcut for the longer docker pull docker.io/library/ubuntu command docker pull myregistrydomain:port/foo/bar instructs docker to contact the registry located at myregistrydomain:port to find the image foo/bar
You can find out more about the various Docker commands dealing with images in the Docker engine documentation. Use cases
Running your own Registry is a great solution to integrate with and complement your CI/CD system. In a typical workflow, a commit to your source revision control system would trigger a build on your CI system, which would then push a new image to your Registry if the build is successful. A notification from the Registry would then trigger a deployment on a staging environment, or notify other systems that a new image is available.
It’s also an essential component if you want to quickly deploy a new image over a large cluster of machines.
Finally, it’s the best way to distribute images inside an isolated network. Requirements
You absolutely need to be familiar with Docker, specifically with regard to pushing and pulling images. You must understand the difference between the daemon and the cli, and at least grasp basic concepts about networking.
Also, while just starting a registry is fairly easy, operating it in a production environment requires operational skills, just like any other service. You are expected to be familiar with systems availability and scalability, logging and log processing, systems monitoring, and security 101. Strong understanding of http and overall network communications, plus familiarity with golang are certainly useful as well for advanced operations or hacking.