Docker安装部署Nexus3作为内网镜像代理
基础镜像比较小,仓库使用阿里云或者腾讯云拉取速度挺快,但是时光飞逝几年时间过去,再加上AI加持的情况下,有些镜像的大小已经接近20G!
这种情况下不管是测试环境还是开发环境拉取镜像都会占用公司宽带流量,因此需要在测试环境搭建一台容器代理,用于缓存镜像!
#数据持久化目录
mkdir -p /data/nexus3
#授权
chmod 777 -R /data/nexus3
#创建nexus3容器。
docker run -tid \
--privileged=true\
--network=host \
--restart=always \
-v /data/nexus3:/nexus-data \
--name nexus3 \
sonatype/nexus3
#查看默认密码
cat /data/nexus3/admin.password
修改默认密码,设置来宾用户访问
否则拉取镜像时会有如下报错:
[root@localhost certs.d]# crictl pull nginx
FATA[0002] pulling image failed: rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/library/nginx:latest": failed to unpack image on snapshotter overlayfs: unexpected media type text/html for sha256:b6a78ff088000afc609fcbc701d18704ddb944e867af0dadd520d4bf0e5af328: not found
这里会创建三个代理
1、阿里云镜像加速
2、阿里云私有镜像仓库(内含公开镜像)
3、腾讯云私有镜像仓库
私有镜像仓库需要配置认证账号密码
设置代理信息
勾选缓存镜像layer,选择创建的Blob store
因为使用的阿里云北京区的镜像仓库,所以这里填入北京区地址,如果是腾讯云仓库替换即可。
填入阿里云私有仓库认证账号密码
信息填完后点击Create repositories 完成创建。
选择docker(group类型)
红框需要设置或勾选信息
通过8888端口对外提供代理服务
把刚创建的docker代理加入到群组中
[root@localhost src]# ctr version
Client:
Version: v1.6.21
Revision: 3dce8eb055cbb6872793272b4f20ed16117344f8
Go version: go1.19.9
Server:
Version: v1.6.21
Revision: 3dce8eb055cbb6872793272b4f20ed16117344f8
UUID: 01b66c6f-637c-4a15-a5db-fb0f75f1fe60
[root@localhost src]# cat /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = 0
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = "/run/containerd/containerd-debug.sock"
uid = 0
gid = 0
level = "warn"
[timeouts]
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "sealos.hub:5000/pause:3.2"
max_container_log_line_size = -1
max_concurrent_downloads = 20
disable_apparmor = true
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
default_runtime_name = "runc"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
runtime_engine = ""
runtime_root = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."sealos.hub:5000".auth]
username = "admin"
password = "passw0rd"
在config_path = “/etc/containerd/certs.d” 路径下创建需要经过nexus3的仓库文件夹
/etc/containerd/certs.d
[root@localhost certs.d]# ls -l
总用量 0
drwxr-xr-x 2 root root 24 9月 9 00:30 ccr.ccs.tencentyun.com
drwxr-xr-x 2 root root 24 9月 8 23:50 docker.io
drwxr-xr-x 2 root root 24 9月 8 23:50 registry.cn-beijing.aliyuncs.com
drwxr-xr-x 2 root root 24 9月 8 23:14 sealos.hub:5000
drwxr-xr-x 2 root root 24 9月 8 23:50 tf72mndn.mirror.aliyuncs.com
[root@localhost certs.d]#
配置信息:
[root@localhost certs.d]# cat registry.cn-beijing.aliyuncs.com/hosts.toml
server = "https://registry.cn-beijing.aliyuncs.com"
[host."http://172.27.100.251:8888"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
[root@localhost certs.d]# systemctl restart containerd
[root@localhost certs.d]# crictl pull nginx
如上图所示,镜像已缓存!
[root@localhost ~]# cat /etc/docker/daemon.json
{
"insecure-registries": [
"172.27.100.251:8888"
],
"registry-mirrors": [
"http://172.27.100.251:8888"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-opts": {
"max-file": "3",
"max-size": "500m"
}
}
docker info
Insecure Registries:
172.27.100.251:8888
127.0.0.0/8
Registry Mirrors:
http://172.27.100.251:8888/
Live Restore Enabled: false
拉取镜像测试
参考:https://blog.csdn.net/qq_30051761/article/details/131139204