docker+harbor

1、整理namespace 和 cgroup
解析:namespace 是用于做资源隔离使用,具体有如下:
ipc:用于网络间通信隔离
mnt:用于联合文件系统以及挂在
net:用于网络隔离
pid:用于进程隔离
user:用户隔离
uts:用于隔离内核名称和版本信息

2、docker 安装
备注:暗转成功会有 client 和 Server
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:41 2021
OS/Arch: linux/amd64
Context: default
Experimental: true

Server: Docker Engine - Community
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:44:05 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@localhost ~]#

查看docker fwuu
[root@localhost ~]# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-12-31 20:51:23 PST; 1h 1min ago
Docs: https://docs.docker.com
Main PID: 14642 (dockerd)
Tasks: 8
Memory: 59.6M
CGroup: /system.slice/docker.service
└─14642 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.159.131

Dec 31 21:02:34 localhost.localdomain dockerd[14642]: time="2021-12-31T21:02:34.025940785-08:00" level=info msg="Attempting next endpoint for push after error: Get \"https:...on refused"
Dec 31 21:10:04 localhost.localdomain dockerd[14642]: time="2021-12-31T21:10:04.718772737-08:00" level=warning msg="Error getting v2 registry: Get \"https://192.168.159.140...on refused"
Dec 31 21:10:04 localhost.localdomain dockerd[14642]: time="2021-12-31T21:10:04.719170507-08:00" level=info msg="Attempting next endpoint for pull after error: Get \"https:...on refused"
Dec 31 21:10:04 localhost.localdomain dockerd[14642]: time="2021-12-31T21:10:04.721816896-08:00" level=error msg="Handler for POST /v1.41/images/create returned error: Get ...on refused"
Dec 31 21:10:23 localhost.localdomain dockerd[14642]: time="2021-12-31T21:10:23.445846002-08:00" level=warning msg="Error getting v2 registry: Get \"https://192.168.159.131...on refused"
Dec 31 21:10:23 localhost.localdomain dockerd[14642]: time="2021-12-31T21:10:23.446555155-08:00" level=info msg="Attempting next endpoint for pull after error: Get \"https:...on refused"
Dec 31 21:11:27 localhost.localdomain dockerd[14642]: time="2021-12-31T21:11:27.037697588-08:00" level=warning msg="Error getting v2 registry: Get \"https://192.168.159.131...on refused"
Dec 31 21:11:27 localhost.localdomain dockerd[14642]: time="2021-12-31T21:11:27.037734935-08:00" level=info msg="Attempting next endpoint for pull after error: Get \"https:...on refused"
Dec 31 21:25:05 localhost.localdomain dockerd[14642]: time="2021-12-31T21:25:05.426783121-08:00" level=warning msg="Error getting v2 registry: Get \"https://192.168.159.131...on refused"
Dec 31 21:25:05 localhost.localdomain dockerd[14642]: time="2021-12-31T21:25:05.427384039-08:00" level=info msg="Attempting next endpoint for pull after error: Get \"https:...on refused"
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#

3、docker 常用命令
34 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
35 sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
37 yum -y install docker-ce
38 systemctl status docker.service
39 systemctl restart docker.service
40 systemctl enable docker.service
41 systemctl status docker.service
42 vim /etc/docker/daemon.json
44 systemctl restart docker.service
46 docker pull nginx
48 docker run -it -p 8080:80 nginx bash
50 docker run -it -d -p 8080:80 nginx bash
51 docker ps
63 docker stop b37bc88b231c
65 docker run -it -d -p 8888:80 nginx bash
66 docker ps
77 docker ps
78 docker images
80 docker ps
81 docker exec -it 0e948dc06f58 bash
82 docker ps
83 docker stop 0e948dc06f58
86 docker run -it -d -p 888:80 nginx bash
87 docker ps
88 docker exec -it 68fb8ffe5e48 bash
89 docker ps
90 docker stop 68fb8ffe5e48
91 docker run -it -p 1888:80 nginx bash
92 docker ps
93 docker run -it -d -p 1888:80 nginx bash
94 docker ps
95 docker exec -it 573f148bd386 bash
96 docker ps
97 docker stop 573f148bd386
98 docker ps
99 docker run -it -p 2888:80 nginx bash
100 docker ps
101 docker ps -qa
102 docker rm `docker ps -qa`
103 docker ps -qa
104 docker images
105 docker run --rm -it -p 8080:80 nginx bash
106 docker ps
107 docker run --rm -it -p 8080:80 nginx bash
108 docker ps -qa
109 docker run -it -p 8080:80 nginx bash
110 docker ps -qa
113 systemctl status docker
114 docker images
115 docker ps -qa
116 docker ps
117 docker restart 6648fb288cb0
118 docker ps
121 docker ps
122 docker exec -it 6648fb288cb0 bash
123 docker ps
124 docker rm `docker ps -qa`
125 docker ps
126 docker rm -f `docker ps -qa`
127 docker ps
137 cat /etc/docker/daemon.json
139 docker ps
140 systemctl status docker.s
141 systemctl status docker.service
142 docker ps
143 docker image ls
144 docker run -it -P nginx bash
145 docker ps
146 docker run -it -d -P nginx bash
147 docker ps
149 docker ps
150 docker stop 95cbf0ee15f8
151 docker run -it -d -p 80:80 nginx bash
152 docker ps
153 docker exec -it -d c6db4d2aed22 bash
154 docker exec -it c6db4d2aed22 bash
155 docker ps
156 docker rm -f c6db4d2aed22
157 docker ps
158 docker --help
159 docker --help | grep /var/lib
160 docker --help | grep default
161 docker --help | grep "data-root"
162 docker --help | grep "data"
163 docker version
164 docker -h
166 vim /etc/docker/daemon.json
167 systemctl restart docker.service
168 vim /etc/docker/daemon.json
169 systemctl restart docker.service
170 vim /etc/docker/daemon.json
171 systemctl restart docker.service
172 vim /etc/docker/daemon.json
174 docker info
175 docker info | less
211 docker pull busybox
221 docker search buxybox
222 docker search busybox
223 docker pull vinit3004/buxybox
224 docker pull progrium/busybox
225 docker info
226 docker pull progrium/busybox
227 docker images
238 docker images
239 docker ps
240 docker run -it -d -p 80:80 nginx basg
241 docker run -it -d -p 80:80 nginx bash
242 docker ps
243 docker run -it -d busybox bash
244 docker ps
245 docker run -it -d -p 80:80 busybox
246 docker ps
247 docker inspect 590dcd527d94
249 docker inspect 590dcd527d94
250 docker network ls
263 docker ps -qa -f status=exited
264 docker images
265 docker ps --help
266 docker ps -qa -f status=exited
267 docker images
268 docker run --rm -if -d -p 80:80 busybox bash
269 docker run --rm -it -d -p 80:80 busybox bash
270 docker ps
271 docker stop 590dcd527d94
272 docker ps -qa
273 docker ps
274 docker rm -fv `docker ps -qa -f status=exited`
275 docker ps -qa
276 docker rm -fv `docker ps -qa`
277 docker ps
278 docker pull nginx
279 docker images
280 docker info
281 vim /etc/docker/daemon.json
283 systemctl restart docker.service
284 docker info
285 cat /etc/docker/daemon.json
286 vim /etc/docker/daemon.json
287 cat /etc/docker/daemon.json
289 systemctl restart docker.service
290 systemctl status docker.service
291 systemctl stop docker.service
292 systemctl restart docker.service
294 vim /etc/docker/daemon.json
295 systemctl restart docker.service
297 systemctl restart docker.service
298 docker info
299 cat /etc/docker/daemon.json
300 docker images
301 docker pull centos
302 docker ps
303 docker images
304 time docker pull centos
305 docker images
333 docker version
334 docker images
335 find / -name "docker.service"
336 vim /usr/lib/systemd/system/docker.service
338 systemctl restart docker.service
339 docker login 192.168.159.140
340 vim /usr/lib/systemd/system/docker.service
342 systemctl restart docker.service
343 docker login 192.168.159.140
346 systemctl restart docker.service
348 docker login 192.168.159.140
349 docker images
350 docker tag busybox:latest 192.168.159.140/mgedu/my_busybox:latest
351 docker push 192.168.159.140/mgedu/my_busybox:latest
352 docker images
353 docker pull alpine
354 docker images
355 docker tag alpine:latest 192.168.159.137/mgedu/alpine:test
356 docker images
357 docker push 192.168.159.137/mgedu/alpine:test
365 cd .docker/
369 cat /root/.docker/config.json
391 docker images
392 docker search alpine
393 docker pull mhart/alpine-node
394 docker images
395 docker tag mhart/alpine-node:latest 192.168.159.131/mgedu/my_alpine-node:shang
396 docker images
397 docker pull 192.168.159.131/mgedu/my_alpine-node:shang
398 docker login 192.168.159.131
400 find / -name "docker.service"
401 vim /usr/lib/systemd/system/docker.service
403 systemctl restart docker.service
404 docker login 192.168.159.131
405 docker image
406 docker images
407 docker push 192.168.159.131/mgedu/my_alpine-node:shang
408 docker images
409 docker search busybox
410 docker pull arm32v7/busybox
411 docker images
412 docker tag arm32v7/busybox:latest 192.168.159.131/mgedu/shang_busybox:test
413 docker images
414 docker push 192.168.159.131/mgedu/shang_busybox:test
415 vim /usr/lib/systemd/system/docker.service
417 systemctl restart docker.service
418 docker images
419 docker search alpine
420 docker pull frolvlad/alpine-glibc
421 docker images
422 docker tag frolvlad/alpine-glibc:latest 192.168.159.131/mgedu/frolvlad/alpine-glibc:shang
423 docker image
424 docker images
425 docker push 192.168.159.131/mgedu/frolvlad/alpine-glibc:shang
433 docker images
434 docker tag 192.168.159.137/mgedu/my_busybox:latest 192.168.159.131/mgedu/my_busybox:latest
435 docker 192.168.159.131/mgedu/my_busybox:latest
436 docker push 192.168.159.131/mgedu/my_busybox:latest
437 docker images
438 docker pull 192.168.159.140/mgedu/my_busybox:latest
439 docker pull 192.168.159.131/mgedu/my_busybox:latest
440 docker rmi a67699e37dbd
441 docker images
442 docker rmi -f a67699e37dbd
443 docker images
444 docker pull 192.168.159.131/mgedu/my_busybox:latest
445 docker images
446 docker rmi -f a67699e37dbd
447 docker images
448 docker pull 192.168.159.131/mgedu/my_busybox
449 docker images
458 docker version
459 [root@localhost ~]# docker version
488 docker version
489 systemctl status docker.service

具体使用docker 命令可以使用 如下查看帮助
[root@localhost ~]# docker --help

Usage: docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with
"docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit

Management Commands:
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Docker Buildx (Docker Inc., v0.7.1-docker)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
scan* Docker Scan (Docker Inc., v0.12.0)
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes

Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
[root@localhost ~]#

4、 部署单机harbor:
1)先安装docker-compose: 执行 ./docker-install.sh
[root@localhost k8s+docker]# cd docker/
[root@localhost docker]# ll
total 153120
-rw-r--r--. 1 root root 647 Apr 11 2021 containerd.service
drwxrwxr-x. 2 shang shang 138 Jan 29 2021 docker
-rw-r--r--. 1 root root 78156440 Dec 31 19:42 docker-19.03.15-binary-install.tar.gz
-rw-r--r--. 1 root root 62436240 Feb 5 2021 docker-19.03.15.tgz
-rwxr-xr-x. 1 root root 16168192 Jun 24 2019 docker-compose-Linux-x86_64_1.24.1
-rwxr-xr-x. 1 root root 2708 Apr 11 2021 docker-install.sh
-rw-r--r--. 1 root root 1683 Apr 11 2021 docker.service
-rw-r--r--. 1 root root 197 Apr 11 2021 docker.socket
-rw-r--r--. 1 root root 454 Apr 11 2021 limits.conf
-rw-r--r--. 1 root root 257 Apr 11 2021 sysctl.conf
[root@localhost docker]#
2)安装harbor
[root@localhost ~]# ./install.sh --with-trivy --with-chartmuseum
[root@localhost ~]# cp harbor.yml.tmpl harbor.yml
[root@localhost ~]# vim harbor.yml
修改 hostname 为ip,做了dns 的可以为主机名
修改admin登录密码
注释掉https
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path

在docker 客户端:修改 docker.service
[root@localhost ~]# find / -name "docker.service"
/usr/lib/systemd/system/docker.service
[root@localhost ~]# vim /usr/lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.159.137 --insecure-registry 192.168.159.140 --insecure-registry 192.168.159.131
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.159.131 #harbor做了ha高可用的就直接添加vip地址,如果没有就添加harbor 服务器的地址

3)在harbor 创建项目,从docker本地上传镜像到 harbor 并查看
[root@localhost ~]# docker tag busybox:latest 192.168.159.140/mgedu/my_busybox:latest
[root@localhost ~]# docker push 192.168.159.140/mgedu/my_busybox:latest

5、 harbor 高可用扩展

1)参照如上在两个节点安装 harbor
2)找一台新的机器配置ha
[root@localhost ~]# tail /etc/haproxy/haproxy.cfg
server app4 127.0.0.1:5004 check

listen harbor
bind 192.168.159.131:80
mode tcp
balance source
server harbor1 192.168.159.137 check inter 3 fall 3 rise 5
server harbor2 192.168.159.140 check inter 3 fall 3 rise 5

3)在harbor界面配置
仓库管理:分别配置对方harbor 的信息,指定同步目标主机信息,并测试连接
复制管理:指定目标仓库以及选择出发模式
4)配置好docker.service
[root@localhost ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.159.131 #harbor做了ha高可用的就直接添加vip地址
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker.service
[root@localhost ~]# docker login 192.168.159.131
5)打标签上传,并到连个harbor验证是否都有相应的镜像
[root@localhost ~]# docker tag 192.168.159.137/mgedu/my_busybox:latest 192.168.159.131/mgedu/my_busybox:latest
[root@localhost ~]# docker push 192.168.159.131/mgedu/my_busybox:latest

 docker+harbor

 

docker+harbor

 

docker+harbor

 

docker+harbor

 

上一篇:java中System类简介(转)


下一篇:harbor