主机频道
一、系统环境服务器版本docker软件版本CPU架构CentOS Linux版本7.4.1708(核心)Docker版本20.10.12 x86 _ 64
二。前言使用docker拉图片时,docker默认先从Docker Hub下载图片。很多时候,我们的图像是使用Dockerfile定制的私有图像,不公开。而且Docker出于安全考虑可能会运行在内网环境中,所以我们有必要为整个内网集群环境建立一个Docker的本地私有映像仓库。
建立镜像仓库主要有两种方法。一种是利用docker提供的注册表镜像搭建仓库,简单快捷,但功能有限;
另一种是利用harbor搭建本地镜像仓库,功能更强大,应用范围更广。在这里,我们介绍使用注册表来构建本地镜像仓库。
使用harbor建立一个本地镜像仓库。请检查https://www.jb51.net/article/244361.htm.
3.使用注册表构建私有镜像仓库
3.1环境介绍架构:k8smaster作为私有仓库,k8sworker1作为docker客户端。
操作系统版本CPU架构进程功能描述k8s master/192 . 168 . 110 . 137 centos Linux 7 . 4 . 1708版(核心)x86 _ 64注册表映像仓库k8s worker 1/192 . 168 . 110 . 138 centos Linux 7 . 4 . 1708版(核心)x86
3.2 k8smaster节点配置镜像仓库拉注册表镜像
正在删除/docker/var/lib/registry/docker/registry/v2/blobs/sha 256/46/4676067592 f 277 e 1723 E4 ab 4c 588603 df 0 B3 DEA 762 e 22 c 354 f 7 ada 29 b 391 cf 10.......INFO Deleting/docker/var/lib/registry/docker/registry/v2/repositories/Boke/wordpress #在docker客户端中,我们发现私有仓库中的WordPress图片已经被删除[root @ k 8 sworker 1 ~]# bashlist _ images _ from _ registries . sh 192 . 168 . 110 . 137192 . 168 . 110 . 137:5000/db/MySQL:
四。附录:Python脚本[root @ k8s master ~]# cat delete _ docker _ registry _ image #用于删除私有仓库映像/usr/bin/ env python " " "用法:关闭注册表服务以避免争用情况和可能的数据丢失,然后使用映像报告运行命令,如下所示:delete _ docker _ registry _ image . py --image awesome image --dry -run " " " import argpasse import JSON import loggin import osiimport sys import shutilimport g lob logger = logging . get logger(_ _) s _ target)if OS . path . isdir(s _ path):if not del _ empty _ dirs(s _ path,False):b _ empty = False else:b _ empty = False if b _ empty:logger . debug("删除空目录' %s ' ",s _ dir)if not top _ level:OS . rmdir(s _ dir)return b _ empty def get _ layers _ from _ blob(path):" " "解析json blob并获取一组层摘要" " " try: with open(path," r") as blob: data_raw = blob . split(":")[1]用于数据中的条目[" fs layers "]])else:result = set([entry[" digest "])。split(":")[1]for entry in data[" layers "]])if " config " in data:result . add(data[" config "][" digest "])。split(":")[1])返回除异常以外的结果作为错误:logger.critical("未能从blob读取层:%s ",错误)return set()def get _ digest _ from _ blob(path):" " "分析文件并获取摘要" " " try: with open(path," r") as blob: return blob.read()。split(":")[1]Exception Exception as error:logger . critical("未能从blob中读取摘要:%s ",error)return " " def get _ links(path,_filter=None):" " "递归遍历` path '并解析里面的每个链接" " result = [] for root,_,files in OS . walk(path):for each in files:if each = = " link ":file path = OS . path . join(root,each) if not _filter或_ filepath:result . append(get _ digest _ from _ blob(file path))return result class REGISTRY。format(self . registry _ data _ dir))self . dry _ run = dry _ run def _ delete _ layer(self,repo,digest):" " "从文件系统中删除blob目录" " " path = OS . path . join(self . registry _ data _ dir," repositories ",repo," _layers/sha256 ",digest) self。_ delete _ dir(path)def _ delete _ blob(self,digest):" " "从文件系统中删除blob目录" " " path = OS . path . join(self . registry _ data _ dir," blobs/sha256 ",digest[0:2],digest) self。_ delete _ dir(path)def _ blob _ path _ for _ revision(self,digest):" " "在这里我们可以找到包含描述这个摘要的json的blob " " " return OS . path . join(self . registry _ data _ dir," blobs/sha256 ",digest[0:2],digest," data ")def _ blob _ path _ for _ revision _ is _ missing(self,digest):" " "对于每个修订,都应该有一个描述它的blob " " " return not OS . path . is file(self ._ blob _ path _ for _ revision(digest))def _ get_layers_from_blob(self,digest):"""通过digest从blob获取层" " "返回get _ layers _ from _ blob(self。_ blob _ path _ for _ revision(digest))def _ delete _ dir(self,path):" " "从文件系统中删除目录" " " if self . DRY _ RUN:logger . info(" DRY _ RUN:将删除%s ",path) else: logger.info("删除%s ",path)try:shutil . RM tree(path)Exception as error:logger . critical("未能删除目录:%s ",error)def _ delete _ from _ tag _ index _ for _ revision(self,repo,digest):" " "从标记索引中删除修订" paths = glob.glob_ delete _ dir(path)def _ delete _ revisions(self,repo,revisions,blobs_to_keep=None):""从目录列表中删除修订" "如果blobs_to_keep为None:blobs _ to _ keep =[]for revision _ dir in revisions:digests = get _ links(revision _ dir)for digests:self。_ delete _ from _ tag _ index _ for _ revision(repo,digest)if digest not in blobs _ to _ keep:self。_delete_blob(摘要)自身。_ delete _ dir(revision _ dir)def _ get _ tags(self,repo):" " " get all tags for the given repository " " " path = OS . path . join(self . registry _ data _ dir," repositories ",repo," _ manifests/tags ")if not OS . path . isdir(path):logger . critical(" No repository ' % s ' found in repositories directory % s ",repo,self . registry _ data _ dir)None result =[]for each in OS . listdir(path):file path = OS . path . join(path,each) if os.path each)if OS . path . isdir(file path):inside = OS . listdir(file path)if " _ layers " in inside:result . append(each)else:for inner in inside:result . append(OS . path . join(each,inner))return result def _ get _ all _ links(self,except _ repo = " " " get links for each repository " " " result =[]repositories = self。 _ get _ repository()for repo in[r for r in repositories if r!= except _ repo]:path = OS . path . join(self . registry _ data _ dir," repositories ",repo)for link in get _ links(path):result . append(link)return result def prune(self):" delete all empty _ dir in registry _ data _ dir " " " del _ empty _ dirs(self . registry _ data _ dir,True)def _ layer _ in _ same _ repo(self,repo,tag,layer):" " " check if layer is found in this repository " for other _ tag in[t for t in t in self,_get_tags(repo) if t!= tag]:path = OS . path . join(self . registry _ data _ dir," repositories ",repo," _manifests/tags ",other_tag," current/link ")manifest = get _ digest _ from _ blob(path)try:layers = self。_ get _ layers _ from _ blob(manifest)if layers in layers:返回True except IOError: if self。_ blob _ path _ for _ revision _ is _ missing(清单):logger.warn("摘要%s的Blob不存在。正在删除标记清单:%s ",manifest,other _ tag)tag _ dir = OS . path . join(self . registry _ data _ dir," repositories ",repo," _manifests/tags ",other_tag) self。_ delete _ dir(tag _ dir)else:raise return False def _ manifest _ in _ same _ repo(self,repo,tag,manifest):“检查是否在同一存储库的其他标记中找到清单”for other_tag in [t for t in self_get_tags(repo) if t!= tag]:path = OS . path . join(self . registry _ data _ dir," repositories ",repo," _manifests/tags ",other_tag," current/link ")other _ manifest = get _ digest _ from _ blob(path)if other _ manifest = = manifest:return True return False def delete _ entire _ repository(self,repo):" delete all blob for given repository repo " " " logger . debug(" Deleting whole repository ' % s ' ",repo)repo _ dir = OS . path . join(self . registry _ data _ dir," repositoriformat(repo,self . registry _ data _ dir))links = set(get _ links(repo _ dir))all _ links _ but _ current = set(self。_ get _ all _ links(except _ repo = repo))for layer in links:if layer in all _ links _ but _ current:logger . debug(" Blob found in another repository。未删除:%s”,层)else: self。_delete_blob(层)self。_ delete _ dir(repo _ dir)def delete _ repository _ tag(self,repo,tag):"""仅删除存储库" "的给定标记的所有blob " logger . debug("删除存储库' %s ',标记为' %s ' ",repo,tag)tag _ dir = OS . path . join(self . registry _ data _ dir," repositories ",repo," _manifests/tags ",tag)如果不是OS . path . isdir(tag _ dir):raise registry cleanerror("在存储库" "目录{1}中未找到存储库“{0}”标记“{ 1 }”format(repo,tag,self . registry _ data _ dir))manifests _ for _ tag = set(get _ links(tag _ dir))revisions _ to _ delete =[]blobs _ to _ keep =[]layers =[]all _ links _ not _ in _ current _ repo = set(self ._ get _ all _ links(except _ repo = repo))for manifest _ for _ tag:logger . debug(" Looking file system layers for manifest digest % s ",manifest)如果self。_manifest_in_same_repo(repo,tag,manifest): logger.debug("不删除,因为我们发现另一个标记使用清单:%s ",manifest)continue else:revisions _ to _ delete . append(OS . path . join(self . registry _ data _ dir," repositories ",repo," _ manifest/revisions/sha 256 ",manifest))if manifest in all _ links _ Not _ in _ current _ repo _ repo:logger . debug("不删除blob数据,因为我们发现另一个报告使用清单:%s ",manifest) blobs_to_keep.append(_ get _ layers _ from _ blob(manifest))layers _ uniq = set(layers)for layers in layers _ uniq:if self。_layer_in_same_repo(repo,tag,layer): logger.debug("不删除,因为我们使用摘要找到了另一个标记:%s ",layer)继续self。_delete_layer(repo,layer)if layer in all _ links _ not _ in _ current _ repo:logger . debug("在另一个存储库中找到Blob。未删除:%s”,层)else: self。_delete_blob(层)self。_delete_revisions(repo,revisions_to_delete,blobs_to_keep) self。_ delete _ dir(tag _ dir)def delete _ untagged(self,repo):" " " delete all untagged data from repo " " " logger . debug(" Deleting ut tagged data from repository ' % s ' ",repo)repositories _ dir = OS . path . join(self . registry _ data _ dir," repositories ")repo _ dir = OS . path . join(repositories _ dir,repo)if not OS . path . isdir(repo _ dir):raise registry cleanerror("在repositories " "目录{1}/repositories中未找到任何存储库“{0}”。format(repo,self . registry _ data _ dir))tagged _ links = set(get _ links(repositories _ dir,_ filter = " current "))layers _ to _ protect =[]for link in tagged _ links:layers _ to _ protect . extend(self ._ get _ layers _ from _ blob(link))unique _ layers _ to _ protect = set(layers _ to _ protect)for layer in unique _ layers _ to _ protect:logger . debug(" layer _ to _ protect:% s ",layer)tagged _ revisions = set(get _ links(repo _ dir,_ filter = " current "))revisions _ to _ delete =[]layers _ to _ delete =[]dir _ for _ revisions = OS . path . join(repo _ dir," _ manifest/revisions/sha 256 ")for rev in OS . listdir(dir _ for_get_layers_from_blob(rev):如果层不在unique_layers_to_protect中:layers _ to _ delete . append(layer)unique _ layers _ to _ delete = set(layers _ to _ delete)self。unique_layers_to_delete: self中的层的_delete_revisions(repo,revisions_to_delete)。_delete_blob(层)self。_delete_layer(repo,layer) def get_tag_count(self,repo):logger . debug(" Get tag count of repository ' % s ' ",repo)repo _ dir = OS . path . join(self . registry _ data _ dir," repositories ",repo)Tags _ dir = OS . path . join(repo _ dir," _ manifests/Tags ")if OS . path . is dir(Tags _ dir):Tags = OS . listdir(Tags _ dir)return len(Tags)else:logger . info(" Tags目录不存在:' % ' "argument parser(description = " clean up Docker registry ")parser . add _ argument(" -I "," --image ",dest="image ",required=True,help = " Docker image to clean ")parser . add _ argument(" -v "," --verbose ",dest="verbose ",action="store_true ",help = " verbose ")parser . add _ argument(" -n "," --dry-run ",dest="dry_run ",action="store_true ",help = " Dry run ")parser . add _ argument(" -fstream handler()handler . set formatter(日志记录。formatter(u ' %(level name)-8s[%(asctime)s]%(message)s '). logger . addhandler(handler)if args . verbose:logging . set level(logging。DEBUG) else: logger.setLevel(日志记录。INFO) #确保在设置日志记录之前不要进行日志记录。这将会刷新你的日志配置。if args.force: logger.info("您提供了force开关,但不推荐使用。它现在没有效果,脚本默认执行以前只在force为true时发生的操作”)split ed = args . image . split(":")if len(split ed)= = 2:image = split[0]tag = split[1]else:image = args . image tag = None if ' REGISTRY _ DATA _ DIR ' in OS . environ:REGISTRY _ DATA _ DIR = OS . environ[' REGISTRY _ DATA _ DIR ']else:REGISTRY _ DATA _ DIR = "/opt/REGISTRY _ DATA/docker/REGISTRY/v2 " try 标签)else:cleaner . delete _ entire _ repository(image)if args . prune:cleaner . prune()except RegistryCleanerError as error:logger . fatal(error)sys . exit(1)if _ _ name _ _ = " _ _ main _ _ ":main()以上是docker使用registry构建本地镜像仓库的例子的详细内容。 关于docker registry构建本地镜像仓库的更多信息,请关注主机频道zhujipindao的其他相关文章。com!
评论前必须登录!
注册