Docker
1 部署Docker集群
2 部署Docker Registry
2.1 Registry的作用
– 严格控制镜像的存储位置
– 完全掌控镜像的分配渠道
– 可紧密将镜像的存储与分发紧密集成到内部开发工作流中
2.2 以服务的方式运行
2.2.1 配置证书目录并上传
In hd01
mkdir -p /data/docker/certs
如果没有证书,请从腾讯云申请免费证书,
https://cloud.tencent.com/product/ssl
注:以上申请后使用Nginx证书即可并保存到目录“/data/docker/certs”
2.2.3 将TLS证书与私钥保存为秘钥
docker secret create hd01.cmdschool.org.crt /data/docker/certs/hd01.cmdschool.org.crt docker secret create hd01.cmdschool.org.key /data/docker/certs/hd01.cmdschool.org.key
检查保存的密钥:
docker secret ls
显示如下:
ID NAME DRIVER CREATED UPDATED r9xmhrnhxnanzsvjpqkyxdlg7 hd01.cmdschool.org.crt 16 seconds ago 16 seconds ago l2gwnjrsyd9xx0fnklp4dmta0 hd01.cmdschool.org.key 16 seconds ago 16 seconds ago
另外,配置完成后我们建议重启服务器,以避免出现不兼容的问题(可选)
ssh hd02 reboot reboot
2.3 部署服务
2.3.1 准备镜像
In hd01
mkdir –p /data/docker/images cd /data/docker/images docker load -i registry:3.1.0.tar
以上命令软件包可通过以下命令获取,
docker pull registry:3.1.0 docker save registry:3.1.0 -o registry:3.1.0.tar
2.3.2 创建配置文件
vim /data/docker/yml/registry-v3-stack.yml
加入如下配置,
version: '3.6'
services:
v3:
image: 'registry:3.1.0'
ports:
- target: 443
published: 5000
protocol: tcp
mode: host
secrets:
- hd01.cmdschool.org.crt
- hd01.cmdschool.org.key
environment:
- REGISTRY_HTTP_ADDR=0.0.0.0:443
- REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/hd01.cmdschool.org.crt
- REGISTRY_HTTP_TLS_KEY=/run/secrets/hd01.cmdschool.org.key
- TZ=Asia/Shanghai
volumes:
- registry-data:/var/lib/registry
logging:
driver: "json-file"
options:
max-size: "20m"
max-file: "10"
deploy:
replicas: 1
placement:
constraints: [node.labels.registry-v3==true]
volumes:
registry-data:
external: true
secrets:
hd01.cmdschool.org.crt:
external: true
hd01.cmdschool.org.key:
external: true
2.3.3 标记运行节点
In hd01
docker node update --label-add registry-v3=true hd01.cmdschool.org
2.3.4 部署服务
In hd01
docker stack deploy -c /data/docker/yml/registry-v3-stack.yml registry
没有评论