Docker 전체 기본 (계속) (2)
43420 단어 docker
1
Docker 개관
2
Docker 버 전 설치 및 소개 (약)
3
거울 상
4
용기.
5
거울 과 용기
6
네트워크 관리
7
데이터 볼 륨
8
창고.
9
Dockerfile
10
Docker Compose
제6 장 docker 핵심 기술 - 네트워크 관리
왜 docker 네트워크 관리 가 필요 합 니까?
、 。
( nginx、web 、 ), , 。
, 、 。
, 。
, ( 、 )。
, ,
……
------------------
:
- =>
5
-
docker 네트워크 기본 5 가지 구동 모드
Docker
bridge network ( ): 。 nat
host network ( ): ,
None network : 。
Overlay network ( ): VXLAN bridge
Macvlan network : Mac ,
네트워크 docker 네트워크 ls 보기
:
:
docker network ls [OPTIONS]
(OPTIONS):
-f, --filter filter ( 'driver=bridge’)
--format string
--no-trunc
-q, --quiet ID
:
,docker , bridge、host、none
[root@izuf6csxy0jrgs3azvia67z ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6d052b504ac7 bridge bridge local
a468c0a23faf host host local
47d7fe0d3f46 none null local
[root@izuf6csxy0jrgs3azvia67z ~]# docker network ls -f 'driver=host'
NETWORK ID NAME DRIVER SCOPE
a468c0a23faf host host local
네트워크 docker 네트워크 만 들 기
:
:
docker network create [OPTIONS] NETWORK
(OPTIONS):
-d, --driver string ( "bridge")
--subnet strings ( 192.168.0.0/16、172.88.0.0/24)
--ip-range strings IP , subnet
--gateway strings IPv4 or IPv6 , (192.168.0.1)
:
host none
docker overlay docker swarm( )
192.168.0.0/16 192.168.0.0~192.168.255.255 192.168.8.0/24
172.88.0.0/24 172.88.0.0~172.88.0.255
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which copying the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment
[root@izuf6csxy0jrgs3azvia67z ~]# docker network create -d bridge my-bridge
204abef6d8250b2e3d264ff00ca7844a34fb525c9f4bc0d6b609cd5658eb32b0
[root@izuf6csxy0jrgs3azvia67z ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6d052b504ac7 bridge bridge local
a468c0a23faf host host local
204abef6d825 my-bridge bridge local
47d7fe0d3f46 none null local
# docker bridge
[root@izuf6csxy0jrgs3azvia67z ~]# docker network create -d host my-bridge
Error response from daemon: network with name my-bridge already exists
[root@izuf6csxy0jrgs3azvia67z ~]# docker network create -d host my-bridge2
Error response from daemon: only one instance of "host" network is allowed
# , swarm
[root@izuf6csxy0jrgs3azvia67z ~]# docker network create -d overlay my-bridge2
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.
# host null
[root@izuf6csxy0jrgs3azvia67z ~]# docker network create -d null my-bridge2
Error response from daemon: only one instance of "null" network is allowe
네트워크 삭제 docker network rm
:
:
docker network rm NETWORK [NETWORK...]
(OPTIONS):
[root@izuf6csxy0jrgs3azvia67z ~]# docker network rm 204a
204a
[root@izuf6csxy0jrgs3azvia67z ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6d052b504ac7 bridge bridge local
a468c0a23faf host host local
47d7fe0d3f46 none null local
네트워크 상세 정보 보기 docker 네트워크 검사
:
:
docker network inspect [OPTIONS] NETWORK [NETWORK...]
docker inspect [OPTIONS] NETWORK [NETWORK...]
(OPTIONS):
-f, --format string format
[root@izuf6csxy0jrgs3azvia67z ~]# docker network inspect -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker network inspect [OPTIONS] NETWORK [NETWORK...]
Display detailed information on one or more networks
Options:
-f, --format string Format the output using the given Go template
-v, --verbose Verbose output for diagnostics
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect 6d05
[
{
"Name": "bridge",
"Id": "6d052b504ac75a7f072529b0439f8f3b3d685a68334955bea3929515df71f639",
"Created": "2019-03-16T17:01:50.101348476+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect -f "{{json IPAM.Config.Gateway}}" 6d05
Template parsing error: template: :1: function "IPAM" not defined
# Gateway --->
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect -f "{{json .IPAM.Config.Gateway}}" 6d05
Template parsing error: template: :1:12: executing "" at <.ipam.config.gateway>: can't evaluate field Gateway in type interface {}
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect -f "{{json .IPAM.Config}}" 6d05
[{"Subnet":"172.17.0.0/16","Gateway":"172.17.0.1"}]네트워크 docker run -- network 사용 하기
docker 의 네트워크 사용 은 용기 기반 이기 때문에 docker run 플러스 -- network 옵션 을 사용 합 니 다.
:
:
docker run/create --network NETWORK
(OPTIONS):
:
,docker , bridge [root@izuf6csxy0jrgs3azvia67z ~]# docker network create -d bridge my-bridge
fb089483b6b4f554580487bdcbf645e0f09272fb1b7313879f910302f1fcf96b
[root@izuf6csxy0jrgs3azvia67z ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6d052b504ac7 bridge bridge local
a468c0a23faf host host local
fb089483b6b4 my-bridge bridge local
47d7fe0d3f46 none null local
[root@izuf6csxy0jrgs3azvia67z ~]# docker run --network my-bridge -dti centos bash
a0a310e8849e94147d508513af3ebaaee14c4d1d09639ca4186dac4d11ca6b2e
[root@izuf6csxy0jrgs3azvia67z ~]# docker exec a0a3 ping baidu.com
PING baidu.com (123.125.115.110) 56(84) bytes of data.
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=1 ttl=50 time=25.1 ms
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=2 ttl=50 time=25.1 ms
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=3 ttl=50 time=25.2 ms
# bridge
--network string Connect a container to a network (default "default")네트워크 연결 및 차단 docker network connect / disconnect
:
:
docker network connect [OPTIONS] NETWORK CONTAINER
docker network disconnect [OPTIONS] NETWORK CONTAINER
(OPTIONS):
-f, --force ( disconnect)
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect a0a3
[
{
...
"Networks": {
"bridge": {
"IPAMConfig": {},
"Links": null,
"Aliases": [],
"NetworkID": "6d052b504ac75a7f072529b0439f8f3b3d685a68334955bea3929515df71f639",
"EndpointID": "c0baa058cc0efa0097abe7cbaf43b33d0e96faa1e27302d573447fc2613bf5fb",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
},
"my-bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"a0a310e8849e"
],
"NetworkID": "fb089483b6b4f554580487bdcbf645e0f09272fb1b7313879f910302f1fcf96b",
"EndpointID": "69d79b6fdf55e689f71e0d4750a17d97d8a46b935a981359bb0f10319e148642",
"Gateway": "172.20.0.1",
"IPAddress": "172.20.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:14:00:02",
"DriverOpts": null
}
}
}
}
]
[root@izuf6csxy0jrgs3azvia67z ~]# docker network disconnect my-bridge a0a3
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect a0a3
[
{
...
"Networks": {
"bridge": {
"IPAMConfig": {},
"Links": null,
"Aliases": [],
"NetworkID": "6d052b504ac75a7f072529b0439f8f3b3d685a68334955bea3929515df71f639",
"EndpointID": "c0baa058cc0efa0097abe7cbaf43b33d0e96faa1e27302d573447fc2613bf5fb",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
[root@izuf6csxy0jrgs3azvia67z ~]# docker network disconnect bridge a0a3
[root@izuf6csxy0jrgs3azvia67z ~]# docker inspect a0a3
[
{
...
"Networks": {}
}
}
]
# : connect|disconnect host
[root@izuf6csxy0jrgs3azvia67z ~]# docker network connect bridge a0a3
[root@izuf6csxy0jrgs3azvia67z ~]# docker network connect host a0a3
Error response from daemon: container cannot be disconnected from host network or connected to host network
#docker none bridge
[root@izuf6csxy0jrgs3azvia67z ~]# docker network connect none a0a3
Error response from daemon: container cannot be connected to multiple networks with one of the networks in private (none) mode
# bridge
# overlay macvlan
docker 네트워크 모드 안내
이 부분의 내용 은 깊이 연구 해 야 한다.
bridge 네트워크 모드
:
bridge , docker docker0。
、 , veth pair , 。 , 。
bridge , veth** 。
。 。
veth docker0 bridge 。
IP
bridge 네트워크 모드 - 포트 맵
:
,
:
docker run/create -P …
docker run/create –p …
(OPTIONS):
-P, --publish-all
-p, --publish list
:
-p [HOST_IP]:[HOST_PORT]:CONTAINER_PORT
:-p ::80 80 ( ) IP
-p :8000:6379 6379 IP 8000
-p 192.168.5.1::3306 3306 ( ) 192.168.5.1IP
host 네트워크 모드
:
。 。 。
、 。 : 8090 , host 8090 ; 。
, 。
IP IP
특수 한 host 네트워크 모드 (Container 네트워크 모드)
Container , 。
,, , “ ”。 。
host 。
:
Docker run/create --network container:CONTAINER …
none 네트워크 모드
:
, 。
, 。
。
overlay 네트워크 모드
Overlay , 。
Overlay 。Docker , VXLAN 。
Overlay 。
:
overlay 네트워크 실현 원리
IP 터널 네트워크 원리
macvlan 네트워크 모드
macvlan , mac 。
。Docker MAC , , mac , 。
IP , ( macvlan ), IP 。
: mac mac , 。 , macvlan
제7 장 독 커 핵심 기술 - 데이터 볼 륨
데이터 볼 륨 을 왜 사용 합 니까?
, ,
,docker (volumes) , , :
、
、 、
데이터 볼 륨 의 특징
, , 。
, , 。
, , 。
。
。 , 。 。
docker 데이터 볼 륨 관리
docker 가 용기 데이터 볼 륨 을 마 운 트 하 는 세 가지 방식
-bind mounts: 。
-volumes: Docker 。 docker volume
-tmpfs mounts:tmpfs 。tmpfs mounts 。
bind mounts 방식 으로 데이터 볼 륨 마 운 트
docker run/create
:
: -v, --volume
-v :
:--mount
--mount type=bind, src= , dst=
:src
[root@izuf6csxy0jrgs3azvia67z ~]# docker run -dti -v /root/home/d_dir:/root/c_dir centos
949cd46f665a4bdeb404dd6d7e28350d91c019cbd702131ed5f1f913ec17899f
[root@izuf6csxy0jrgs3azvia67z ~]# pwd
/root
[root@izuf6csxy0jrgs3azvia67z ~]# cd home/d_dir/
[root@izuf6csxy0jrgs3azvia67z d_dir]# ls -a
.
..
[root@izuf6csxy0jrgs3azvia67z d_dir]# docker exec 949c touch /root/c_dir/test.txt
[root@izuf6csxy0jrgs3azvia67z d_dir]# ll
total 0
-rw-r--r--1 root root 0 Mar 22 14:44 test.txt
- v 와 -- mount 방식 의 차이 점: 전 자 는 src 디 렉 터 리 가 존재 하지 않 을 때 자동 으로 해당 하 는 디 렉 터 리 를 만 듭 니 다. - mount 의 src 가 지정 한 디 렉 터 리 가 존재 해 야 합 니 다.이 동시에 전 자 는
: 을 통 해 분리 되 고 후 자 는 k=v, 를 통 해 분할 된다.[root@izuf6csxy0jrgs3azvia67z d_dir]# docker run -dti --mount type=bind,src=/root/home/mount_dir,dst=/root/c2_dir centos
docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /root/home/mount_dir.
See 'docker run --help'.
[root@izuf6csxy0jrgs3azvia67z d_dir]# cd ~
[root@izuf6csxy0jrgs3azvia67z ~]# pwd
/root
[root@izuf6csxy0jrgs3azvia67z ~]# cd home/
[root@izuf6csxy0jrgs3azvia67z home]# mkdir mount_dir
[root@izuf6csxy0jrgs3azvia67z home]# docker run -dti --mount type=bind,src=/root/home/mount_dir,dst=/root/c2_dir centos
fae6aa9af6149691fce728817810c5da133975d1ec192477352a92fe5468afea
[root@izuf6csxy0jrgs3azvia67z home]# docker exec fae6 touch /root/c2_dir/test2.txt
[root@izuf6csxy0jrgs3azvia67z home]# ll
total 8
drwxr-xr-x 2 root root 4096 Mar 22 14:44 d_dir
drwxr-xr-x 2 root root 4096 Mar 22 14:50 mount_dir
[root@izuf6csxy0jrgs3azvia67z home]# cd mount_dir/
[root@izuf6csxy0jrgs3azvia67z mount_dir]# ll
total 0
-rw-r--r--1 root root 0 Mar 22 14:50 test2.txt
볼 륨 방식 데이터 볼 륨 마 운 트
volumes 방식 으로 데이터 볼 륨 을 마 운 트 하 는 것 은 bind 방식 에 대한 추가 패키지 에 해당 합 니 다. 기본 값
src=/var/lib/docker/volumes/volume_name, docker run/create
:
: -v, --volume
-v VOLUME-NAME:
:--mount
--mount type=volume, src=VOLUME-NAME, dst=
volume :
docker volume volume
docker volume create
docker volume inspect
docker volume ls
docker volume prune
docker volume rm
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes
Run 'docker volume COMMAND --help' for more information on a command.
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume create -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker volume create [OPTIONS] [VOLUME]
Create a volume
Options:
-d, --driver string Specify volume driver name (default "local")
--label list Set metadata for a volume
-o, --opt map Set driver specific options (default map[])
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume create volume-1
volume-1
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume ls
DRIVER VOLUME NAME
local e0a05aa123e7b787769af6cee9cb9f0b26bc0b4299d4045eacd2251f855e07d5
local volume-1
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume inspect -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...]
Display detailed information on one or more volumes
Options:
-f, --format string Format the output using the given Go template
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume inspect volume-1
[
{
"CreatedAt": "2019-03-22T15:58:29+08:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/volume-1/_data",
"Name": "volume-1",
"Options": {},
"Scope": "local"
}
]
[root@izuf6csxy0jrgs3azvia67z volumes]# ll /var/lib/docker/volumes/volume-1/_data
total 0
[root@izuf6csxy0jrgs3azvia67z volumes]# docker run -dti -v volume-2:/root/c3_dir centos
70e105ea449fc28edc2d44eb8922882938fa4138f952717aa462acedbe8627c6
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume ls
DRIVER VOLUME NAME
local e0a05aa123e7b787769af6cee9cb9f0b26bc0b4299d4045eacd2251f855e07d5
local volume-1
local volume-2
# docker voluem : create ls inspect prune rm .
[root@izuf6csxy0jrgs3azvia67z volumes]# docker volume prune -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker volume prune [OPTIONS]
Remove all unused local volumes
Options:
--filter filter Provide filter values (e.g. 'label=tmpfs mount 방식 으로 데이터 볼 륨 마 운 트
메모리 기반 임시 파일 시스템
docker run/create
:
--mount type=tmpfs, dst=PATH
[root@izuf6csxy0jrgs3azvia67z volumes]# docker run -dti --mount type=tmpfs,dst=/root/c_dir centos
7b05fc9bef6ddf97e3484309ce2f76d1b3c9ec457cc55f9030f3fedba618a5af
# : , src , -v
#
다른 용기 의 데이터 볼 륨 공유 – - 데이터 볼 륨 용기
docker run/create --volumes-from
:
docker run/create --volumes-from CONTAINER
[root@izuf6csxy0jrgs3azvia67z volumes]# docker run -dti --mount type=volume,src=volume-test,dst=/root/c_dir centos
6203958a862d42ea86baaca3767f104300347947110811b69efe27e939468619
[root@izuf6csxy0jrgs3azvia67z volumes]# docker inspect volume-test
[
{
"CreatedAt": "2019-03-22T16:24:04+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/volume-test/_data",
"Name": "volume-test",
"Options": null,
"Scope": "local"
}
]
[root@izuf6csxy0jrgs3azvia67z volumes]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 2 days ago 95MB
centos-net2 v1.0 c0ff4aa58656 8 days ago 257MB
centos-net v1.0 cf3acaf1acc4 9 days ago 280MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
centos latest 1e1148e4cc2c 3 months ago 202MB
[root@izuf6csxy0jrgs3azvia67z volumes]# cd /var/lib/docker/volumes/volume-test/_data/
[root@izuf6csxy0jrgs3azvia67z _data]# ll
total 0
[root@izuf6csxy0jrgs3azvia67z _data]# docker exec 6203958a touch /root/c_dir/test_txt
[root@izuf6csxy0jrgs3azvia67z _data]# ll
total 0
-rw-r--r--1 root root 0 Mar 22 16:29 test_txt
Docker 데이터 볼 륨 의 주의사항
Docker volumes 。 :
, 。
, 。 , 。
, 。 。
메모: 규칙 2 에서 용기 의 데 이 터 는 숨겨 진 것 일 뿐 삭 제 된 것 이 아 닙 니 다...
규칙 1
[root@izuf6csxy0jrgs3azvia67z _data]# docker run -dti centos bash
5be45e8327f5515e8684e02c06ef41dc3171e77e9273a25efa8b9e527250f570
[root@izuf6csxy0jrgs3azvia67z _data]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5be45e8327f5 centos "bash" 4 seconds ago Up 4 seconds hardcore_agnesi
[root@izuf6csxy0jrgs3azvia67z _data]# docker exec 5be4 ls /run
console
cryptsetup
faillock
lock
log
sepermit
setrans
systemd
user
utmp
[root@izuf6csxy0jrgs3azvia67z _data]# docker run -dti --mount type=volume,src=test-name,dst=/run centos
07582733077ce81feeb32ac095cf2fd9dca9def23431bdb212ec882d9ceb1b17
[root@izuf6csxy0jrgs3azvia67z _data]# docker volume ls
DRIVER VOLUME NAME
local test-name
[root@izuf6csxy0jrgs3azvia67z _data]# docker inspect test-name
[
{
"CreatedAt": "2019-03-22T17:13:55+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/test-name/_data",
"Name": "test-name",
"Options": null,
"Scope": "local"
}
]
[root@izuf6csxy0jrgs3azvia67z _data]# ls /var/lib/docker/volumes/test-name/_data
console cryptsetup faillock lock log sepermit setrans systemd user utmp
[root@izuf6csxy0jrgs3azvia67z _data]# docker exec 5be4 ls /run
console
cryptsetup
faillock
lock
log
sepermit
setrans
systemd
user
utmp
규칙 2
[root@izuf6csxy0jrgs3azvia67z _data]# docker volume ls
DRIVER VOLUME NAME
local test-name
[root@izuf6csxy0jrgs3azvia67z _data]# docker run -dti --mount type=volume,src=test-name,dst=/root/test_dir centos
532743b2ee6e399c29cd12b11d7946994ba965a75e0bffe36f9b2e4f8c7fc1fe
[root@izuf6csxy0jrgs3azvia67z _data]# docker exec 5327 ls /root/test_dir
console
cryptsetup
faillock
lock
log
sepermit
setrans
systemd
user
utmp
[root@izuf6csxy0jrgs3azvia67z _data]# docker run -dti --mount type=volume,src=test-name,dst=/root/ centos
bc5e66b44e1c9f8c3f2bf6826f9117a7cfad55e538a6908c5890772bceb91ec6
# /root . " "
[root@izuf6csxy0jrgs3azvia67z _data]# docker exec bc5e ls /root
console
cryptsetup
faillock
lock
log
sepermit
setrans
systemd
user
utmp제8 장 Docker 핵심 기술 - 창고
docker 개인 창고 구축
: docker。
: , docker hub registry
docker pull registry
: ,
docker run -d -ti --restart always\
--name my-registry\
-p 8000:5000\
-v /my-registry/registry:/var/lib/registry\
registry
:registry 5000。 , /var/lib/registry( Dockerfile ) , , 。
curl IP:8000/v2/_catalog 。( 8000 ) [root@izuf6csxy0jrgs3azvia67z ~]# docker version
Client:
Version: 18.09.3
API version: 1.39
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb 28 06:33:21 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine -Community
Engine:
Version: 18.09.3
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb 28 06:02:24 2019
OS/Arch: linux/amd64
Experimental: false
[root@izuf6csxy0jrgs3azvia67z ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:3b00e5438ebd8835bcfa7bf5246445a6b57b9a50473e89c02ecc8e575be3ebb5
Status: Downloaded newer image for registry:latest
[root@izuf6csxy0jrgs3azvia67z ~]# docker run -dti --restart always --name my-registry -p :4000:5000 -v /root/home/docker_demo/registry:/var/lib/registry registry
9158ebfce55ceba53a886d995eb574899b354a0fed1a023b1947958f2450299e
[root@izuf6csxy0jrgs3azvia67z ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9158ebfce55c registry "/entrypoint.sh /etc…" 7 seconds ago Up 7 seconds 0.0.0.0:4000->5000/tcp my-registry
[root@izuf6csxy0jrgs3azvia67z ~]# curl 127.0.0.1:4000/v2/_catalog
{"repositories":[]}
# 개인 창고 -- 미 러 업로드, 다운로드
docker tag IMAGE ip:port/image_name 에 따라 이름 을 수정 해 야 업 로드 를 완성 할 수 있 습 니 다. 그 중에서 포트 는 이전에 매 핑 된 서버 포트 4000 : docker tag
docker tag IMAGE IP: /IMAGE_NAME
: docker push
docker push IP: /centos
:
IP: /IMAGE_NAME
push https /etc/docker/daemon.json :”insecure-registries”:[“ IP: ”]
docker。
[root@izuf6csxy0jrgs3azvia67z ~]# docker tag centos 47.101.212.36:4000/centos-latest
[root@izuf6csxy0jrgs3azvia67z ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 3 days ago 95MB
centos-net v1.0 cf3acaf1acc4 10 days ago 280MB
registry latest f32a97de94e1 2 weeks ago 25.8MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
47.101.212.36:4000/centos-latest latest 1e1148e4cc2c 3 months ago 202MB
centos latest 1e1148e4cc2c 3 months ago 202MB
[root@izuf6csxy0jrgs3azvia67z ~]# docker push 47.101.212.36:4000/centos-latest
The push refers to repository [47.101.212.36:9092/centos-latest]
Get https://47.101.212.36:9092/v2/: http: server gave HTTP response to HTTPS client
[root@izuf6csxy0jrgs3azvia67z ~]# vim /etc/docker/daemon.json
[root@izuf6csxy0jrgs3azvia67z ~]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@izuf6csxy0jrgs3azvia67z ~]# docker push 47.101.212.36:4000/centos-latest
The push refers to repository [47.101.212.36:9092/centos-latest]
071d8bd76517: Pushed
latest: digest: sha256:365fc7f33107869dfcf2b3ba220ce0aa42e16d3f8e8b3c21d72af1ee622f0cf0 size: 529
[root@izuf6csxy0jrgs3azvia67z ~]# curl 127.0.0.1:9092/v2/_catalog
{"repositories":["centos-latest"]}
[root@izuf6csxy0jrgs3azvia67z ~]# docker pull 47.101.212.36:4000/centos-latest
[root@izuf6csxy0jrgs3azvia67z ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 3 days ago 95MB
centos-net v1.0 cf3acaf1acc4 10 days ago 280MB
registry latest f32a97de94e1 2 weeks ago 25.8MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
centos latest 1e1148e4cc2c 3 months ago 202MB
[root@izuf6csxy0jrgs3azvia67z ~]# docker pull 47.101.212.36:9092/centos-latest
Using default tag: latest
latest: Pulling from centos-latest
Digest: sha256:365fc7f33107869dfcf2b3ba220ce0aa42e16d3f8e8b3c21d72af1ee622f0cf0
Status: Downloaded newer image for 47.101.212.36:9092/centos-latest:latest
[root@izuf6csxy0jrgs3azvia67z ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 3 days ago 95MB
centos-net v1.0 cf3acaf1acc4 10 days ago 280MB
registry latest f32a97de94e1 2 weeks ago 25.8MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
47.101.212.36:9092/centos-latest latest 1e1148e4cc2c 3 months ago 202MB
centos latest 1e1148e4cc2c 3 months ago 202MB인증 사유 창고 구축 (1)
:
:
docker rm -f my-registry
: :
mkdir /my-registry/auth -p
: 。 USERNAME PASSWORD
docker run --entrypoint htpasswd registry -Bbn USERNAME PASSWORD > /my-registry/auth/htpasswd
:
docker run -d -p 8000:5000 --restart=always --name docker-registry \
-v /my-registry/registry:/var/lib/registry \
-v /my-registry/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
registry [root@izuf6csxy0jrgs3azvia67z docker_demo]# mkdri /root/home/auth -p
-bash: mkdri: command not found
[root@izuf6csxy0jrgs3azvia67z docker_demo]# mkdir /root/home/auth -p
[root@izuf6csxy0jrgs3azvia67z docker_demo]# ls /root/home/
auth d_dir docker_demo mount_dir
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker run --entrypoint htpasswd registry -Bbn testun testpw > /root/home/auth/htpasswd[root@izuf6csxy0jrgs3azvia67z docker_demo]# ls /root/home/auth/
htpasswd
[root@izuf6csxy0jrgs3azvia67z docker_demo]# vim /root/home/auth/htpasswd
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker run -d -p 9092:5000 --restart always --name docker-register -v /root/home/docker_demo/registry:/var/lib/registry -v /root/home/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
069dfeded84ce8bd09ac976cff68a18bd932952b436897248bcd7cdd70e516d5
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
069dfeded84c registry "/entrypoint.sh /etc…" 7 seconds ago Up 6 seconds 0.0.0.0:9092->5000/tcp docker-register
25bb71d41e9d registry "htpasswd -Bbn testu…" 3 minutes ago Exited (0) 3 minutes ago peaceful_einstein
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
069dfeded84c registry "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:9092->5000/tcp docker-register
25bb71d41e9d registry "htpasswd -Bbn testu…" 3 minutes ago Exited (0) 3 minutes ago peaceful_einstein
인증 이 있 는 개인 창고 - 다운로드 미 러 업로드
:
:
docker login -u username -p password 47.94.153.230:8000
: pull push : ,
docker logout 47.94.153.230:8000
, http 。 47.94.153.230:8000/v2/_catalog
:47.94.153.230 IP
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
069dfeded84c registry "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:9092->5000/t
25bb71d41e9d registry "htpasswd -Bbn testu…" 3 minutes ago Exited (0) 3 minutes ago
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker login -u testun -p testpw 47.101.212.36:9092
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 3 days ago 95MB
centos-net v1.0 cf3acaf1acc4 10 days ago 280MB
registry latest f32a97de94e1 2 weeks ago 25.8MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
47.101.212.36:9092/centos-latest latest 1e1148e4cc2c 3 months ago 202MB
centos latest 1e1148e4cc2c 3 months ago 202MB
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker pull 47.101.212.36:9092/centos-latest
Using default tag: latest
latest: Pulling from centos-latest
Digest: sha256:365fc7f33107869dfcf2b3ba220ce0aa42e16d3f8e8b3c21d72af1ee622f0cf0
Status: Image is up to date for 47.101.212.36:9092/centos-latest:latest
[root@izuf6csxy0jrgs3azvia67z docker_demo]# curl 127.0.0.1:9092/v2/_catalog
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 3 days ago 95MB
centos-net v1.0 cf3acaf1acc4 10 days ago 280MB
registry latest f32a97de94e1 2 weeks ago 25.8MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
47.101.212.36:9092/centos-latest latest 1e1148e4cc2c 3 months ago 202MB
centos latest 1e1148e4cc2c 3 months ago 202MB
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker rmi 47.101.212.36:9092/centos-latest
Untagged: 47.101.212.36:9092/centos-latest:latest
Untagged: 47.101.212.36:9092/centos-latest@sha256:365fc7f33107869dfcf2b3ba220ce0aa42e16d3f8e8b3c21d72af1ee622f0cf0
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker pull 47.101.212.36:9092/centos-latest
Using default tag: latest
latest: Pulling from centos-latest
Digest: sha256:365fc7f33107869dfcf2b3ba220ce0aa42e16d3f8e8b3c21d72af1ee622f0cf0
Status: Downloaded newer image for 47.101.212.36:9092/centos-latest:latest
[root@izuf6csxy0jrgs3azvia67z docker_demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 4161e91dcc29 3 days ago 95MB
centos-net v1.0 cf3acaf1acc4 10 days ago 280MB
registry latest f32a97de94e1 2 weeks ago 25.8MB
ubuntu latest 47b19964fb50 6 weeks ago 88.1MB
47.101.212.36:9092/centos-latest latest 1e1148e4cc2c 3 months ago 202MB
centos latest 1e1148e4cc2c 3 months ago 202M
브 라 우 저 는 다음 과 같이 보 여 줍 니 다.
주: 사용자 이름과 비밀 번 호 를 입력 하 라 는 팝 업 창 도 나타 납 니 다.
요약:
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
Swarm의 도커 비밀이 게시물에서는 Redis를 사용한 실제 시나리오 예제를 제공하여 사용 방법을 보여주고자 합니다. Docker 기술에 대한 기본 지식 Docker Swarm 오케스트레이터에 대한 기본 지식 "Docker Swarm ...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.
좋은 웹페이지 즐겨찾기
