먼저 kubernetes cluster 를 설치 해야 함
http://www.ahnseungkyu.com/200
1. Create self-signed certificate
$ cd Documents
$ mkdir registry
$ cd registry
$ mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 36500 -out certs/domain.crt
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:privateregistry.com
Email Address []:
2. 패스워드 파일 생성 (이건 나중에)
$ mkdir -p auth
$ docker run --entrypoint htpasswd registry:2 -Bbn test test > auth/htpasswd
3. cert 파일 복사
$ vi deployCert.sh
#!/bin/bash
FQDN=privateregistry.com
echo $FQDN
sudo mkdir -p /etc/docker/certs.d/$FQDN
sudo cp certs/domain.crt /etc/docker/certs.d/$FQDN/ca.crt
sudo mkdir -p /opt/docker_volumes/registry/$FQDN
sudo mkdir -p /opt/docker_volumes/registry/$FQDN/data
sudo cp -r certs /opt/docker_volumes/registry/$FQDN
$ ./deployCert.sh
# Ubuntu 에 Cert 설치
$ sudo cp /home/stack/Documents/registry/certs/domain.crt /usr/local/share/ca-certificates/.
$ sudo update-ca-certificates
# docker restart
$ sudo service docker restart
# node01, node02 에도 cert 복사
$ sudo mkdir -p /etc/docker/privateregistry.com
$ sudo cp /home/stack/Documents/registry/certs/domain.crt /etc/docker/privateregistry.com/ca.crt
$ sudo cp /home/stack/Documents/registry/certs/domain.crt /usr/local/share/ca-certificates/.
$ sudo update-ca-certificates
# docker restart
$ sudo service docker restart
$ sudo vi /etc/hosts
192.168.75.211 privateregistry.com
4. Registry 생성
# docker-compose 로 실행
# root 권한으로 변환해서 docker-compose 설치
$ sudo su -
# curl -L https://github.com/docker/compose/releases/download/1.5.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
$ vi kube-registry.yml
kube-registry:
container_name: kube-registry
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
volumes:
- /opt/docker_volumes/registry/privateregistry.com/data:/var/lib/registry
- /opt/docker_volumes/registry/privateregistry.com/certs:/certs
$ docker-compose -f kube-registry.yml up -d
# docker run 으로 실행
docker run -d -p 5000:5000 --restart=always --name kube-registry \
-v `pwd`/certs:/certs \
-v /opt/docker_volumes/registry/privateregistry.com/data:/var/lib/registry \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
5. Registry 확인
https://192.168.230.211:5000/v2/_catalog
# node01 확인
$ sudo vi /etc/hosts
192.168.75.211 privateregistry.com
$ docker pull ubuntu
$ docker tag ubuntu privateregistry.com:5000/ubuntu
$ docker push privateregistry.com:5000/ubuntu
# master 에서 확인
$ docker pull privateregistry.com:5000/ubuntu
6. Registry 삭제
$ docker stop kube-registry && docker rm kube-registry
7. image 조회
$ docker images privateregistry.com:5000
8. Tomcat8 Docker file 만들기
$ mkdir -p tomcat
$ cd tomcat
$ vi Dockerfile
FROM java:8-jre
ENV CATALINA_HOME /usr/local/tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
RUN mkdir -p "$CATALINA_HOME"
WORKDIR $CATALINA_HOME
# runtime dependency for Tomcat Native Libraries
RUN apt-get update && apt-get install -y libapr1 && rm -rf /var/lib/apt/lists/*
# see https://www.apache.org/dist/tomcat/tomcat-8/KEYS
RUN set -ex \
&& for key in \
05AB33110949707C93A279E3D3EFE6B686867BA6 \
07E48665A34DCAFAE522E5E6266191C37C037D42 \
47309207D818FFD8DCD3F83F1931D684307A10A5 \
541FBE7D8F78B25E055DDEE13C370389288584E7 \
61B832AC2F1C5A90F0F9B00A1C506407564C17A3 \
79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED \
9BA44C2621385CB966EBA586F72C284D731FABEE \
A27677289986DB50844682F8ACB77FC2E86E29AC \
A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 \
DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 \
F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE \
F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 \
; do \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done
ENV TOMCAT_MAJOR 8
ENV TOMCAT_VERSION 8.5.0
ENV TOMCAT_TGZ_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz
# Tomcat Native 1.2+ requires a newer version of OpenSSL than debian:jessie has available (1.0.2g+)
# see http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5046024.html (and following discussion)
RUN set -x \
\
&& curl -fSL "$TOMCAT_TGZ_URL" -o tomcat.tar.gz \
&& curl -fSL "$TOMCAT_TGZ_URL.asc" -o tomcat.tar.gz.asc \
&& gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz \
&& tar -xvf tomcat.tar.gz --strip-components=1 \
&& rm bin/*.bat \
&& rm tomcat.tar.gz* \
\
&& nativeBuildDir="$(mktemp -d)" \
&& tar -xvf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1 \
&& nativeBuildDeps=" \
gcc \
libapr1-dev \
libssl-dev \
make \
openjdk-${JAVA_VERSION%%[-~bu]*}-jdk=$JAVA_DEBIAN_VERSION \
" \
&& apt-get update && apt-get install -y --no-install-recommends $nativeBuildDeps && rm -rf /var/lib/apt/lists/* \
&& ( \
export CATALINA_HOME="$PWD" \
&& cd "$nativeBuildDir/native" \
&& [ "$(openssl version | cut -d' ' -f2)" = '1.0.1k' ] \
# http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5048274.html (ie, HACK HACK HACK)
&& cp src/sslcontext.c src/sslcontext.c.orig \
&& awk ' \
/^ eckey = EC_KEY_new_by_curve_name/ { print " EC_KEY *eckey = NULL;" } \
{ print } \
' src/sslcontext.c.orig > src/sslcontext.c \
&& ./configure \
--libdir=/usr/lib/jni \
--prefix="$CATALINA_HOME" \
--with-apr=/usr/bin/apr-1-config \
--with-java-home="$(docker-java-home)" \
--with-ssl=yes \
&& make -j$(nproc) \
&& make install \
) \
&& apt-get purge -y --auto-remove $nativeBuildDeps \
&& rm -rf "$nativeBuildDir" \
&& rm bin/tomcat-native.tar.gz
# verify Tomcat Native is working properly
RUN set -e \
&& nativeLines="$(catalina.sh configtest 2>&1)" \
&& nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')" \
&& nativeLines="$(echo "$nativeLines" | sort -u)" \
&& if ! echo "$nativeLines" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then \
echo >&2 "$nativeLines"; \
exit 1; \
fi
EXPOSE 8080
CMD ["catalina.sh", "run"]
$ docker build -tag tomcat-jre8:8 . # 처음 이미지는 . 을 추가할 수 없음
$ docker tag tomcat-jre8:8 tomcat-jre8:8.5.0 # 태그에 . 을 추가
$ docker rmi tomcat-jre8:8 # 처음 태그를 삭제
# 태그이름을 리모트로 변경
$ docker tag tomcat-jre8:8.5.0 privateregistry.com:5000/tomcat-jre8:8.5.0
# 태그 이름이 리모트이므로 리모트로 올리게 됨
$ docker push privateregistry.com:5000/tomcat-jre8:8.0.30
# node01 에서 확인
$ docker pull privateregistry.com:5000/tomcat-jre8:8.0.30
$ https://192.168.230.211:5000/v2/tomcat-jre8/tags/list
$ curl https://privateregistry.com:5000/v2/tomcat-jre8/tags/list