Docker Hub와 registry 활용 기초
.
Data_Engineering_TIL(20200718)
Study Program : Docker 기반의 DevOps 인프라 구축 WORKSHOP
관련 URL : https://www.fastcampus.co.kr/dev_workshop_devops
학습자료 출처 : http://www.authorstream.com/Presentation/k16wire-4341187-devops-docker-day2-v7/
1. 도커허브 활용
1) 도커허브 기초개념
-
도커이미지 공개 저장소
-
Root : 공식 저장소, official 마크
-
User : repository:tag
-
공개 저장소는 무료, 비공개 저장소는 유료
2) 실습
개인 Docker hub를 생성하고 이미지를 push하는 실습
먼저 도커허브 웹사이트로 접속해서 로그인하고 docker repository 생성한다.
그리고 아래와 같이 리눅스 명령어를 통해 도커허브로 부터 이미지를 다운받아 나만의 이미지를 만들고 이 이미지를 나의 도커 레포에 push를 해보자
[ec2-user@ip-10-1-10-133 ~]$ sudo vim Dockerfile
FROM docker/whalesay:latest
RUN apt-get -y update && apt-get install -y fortune
CMD /usr/games/fortune -a | cowsay
[ec2-user@ip-10-1-10-133 ~]$ sudo docker build -t docker-whale .
Sending build context to Docker daemon 207.2MB
Step 1/3 : FROM docker/whalesay:latest
latest: Pulling from docker/whalesay
Image docker.io/docker/whalesay:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
e190868d63f8: Pull complete
909cd34c6fd7: Pull complete
0b9bfabab7c1: Pull complete
a3ed95caeb02: Pull complete
00bf65475aba: Pull complete
c57b6bcc83e3: Pull complete
8978f6879e2f: Pull complete
8eed3712d2cf: Pull complete
Digest: sha256:178598e51a26abbc958b8a2e48825c90bc22e641de3d31e18aaf55f3258ba93b
Status: Downloaded newer image for docker/whalesay:latest
---> 6b362a9f73eb
Step 2/3 : RUN apt-get -y update && apt-get install -y fortune
---> Running in a71cffb67cf2
Ign http://archive.ubuntu.com trusty InRelease
Get:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:2 http://archive.ubuntu.com trusty-security InRelease [65.9 kB]
Hit http://archive.ubuntu.com trusty Release.gpg
Get:3 http://archive.ubuntu.com trusty-updates/main Sources [532 kB]
Get:4 http://archive.ubuntu.com trusty-updates/restricted Sources [6444 B]
Get:5 http://archive.ubuntu.com trusty-updates/universe Sources [288 kB]
Get:6 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1460 kB]
Get:7 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB]
Get:8 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [671 kB]
Get:9 http://archive.ubuntu.com trusty-security/main Sources [220 kB]
Get:10 http://archive.ubuntu.com trusty-security/restricted Sources [5050 B]
Get:11 http://archive.ubuntu.com trusty-security/universe Sources [127 kB]
Get:12 http://archive.ubuntu.com trusty-security/main amd64 Packages [1032 kB]
Get:13 http://archive.ubuntu.com trusty-security/restricted amd64 Packages [18.1 kB]
Get:14 http://archive.ubuntu.com trusty-security/universe amd64 Packages [378 kB]
Hit http://archive.ubuntu.com trusty Release
Hit http://archive.ubuntu.com trusty/main Sources
Hit http://archive.ubuntu.com trusty/restricted Sources
Hit http://archive.ubuntu.com trusty/universe Sources
Hit http://archive.ubuntu.com trusty/main amd64 Packages
Hit http://archive.ubuntu.com trusty/restricted amd64 Packages
Hit http://archive.ubuntu.com trusty/universe amd64 Packages
Fetched 4890 kB in 9s (539 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
fortunes-min librecode0
Suggested packages:
fortunes x11-utils bsdmainutils
The following NEW packages will be installed:
fortune-mod fortunes-min librecode0
0 upgraded, 3 newly installed, 0 to remove and 124 not upgraded.
Need to get 872 kB of archives.
After this operation, 2206 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main librecode0 amd64 3.6-21 [771 kB]
Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe fortune-mod amd64 1:1.99.1-7 [39.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu/ trusty/universe fortunes-min all 1:1.99.1-7 [61.8 kB]
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
dpkg-preconfigure: unable to re-open stdin:
Fetched 872 kB in 2s (352 kB/s)
Selecting previously unselected package librecode0:amd64.
(Reading database ... 13116 files and directories currently installed.)
Preparing to unpack .../librecode0_3.6-21_amd64.deb ...
Unpacking librecode0:amd64 (3.6-21) ...
Selecting previously unselected package fortune-mod.
Preparing to unpack .../fortune-mod_1%3a1.99.1-7_amd64.deb ...
Unpacking fortune-mod (1:1.99.1-7) ...
Selecting previously unselected package fortunes-min.
Preparing to unpack .../fortunes-min_1%3a1.99.1-7_all.deb ...
Unpacking fortunes-min (1:1.99.1-7) ...
Setting up librecode0:amd64 (3.6-21) ...
Setting up fortune-mod (1:1.99.1-7) ...
Setting up fortunes-min (1:1.99.1-7) ...
Processing triggers for libc-bin (2.19-0ubuntu6.6) ...
Removing intermediate container a71cffb67cf2
---> b3bd9802fb02
Step 3/3 : CMD /usr/games/fortune -a | cowsay
---> Running in 8a57dd26a39e
Removing intermediate container 8a57dd26a39e
---> 8648bda3605c
Successfully built 8648bda3605c
Successfully tagged docker-whale:latest
[ec2-user@ip-10-1-10-133 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[ec2-user@ip-10-1-10-133 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-whale latest 8648bda3605c 8 seconds ago 275MB
mysql 5.7 d05c76dbbfcf 4 days ago 448MB
nginx latest 0901fa9da894 7 days ago 132MB
tomcat 8.0 ef6a7c98d192 22 months ago 356MB
docker/whalesay latest 6b362a9f73eb 5 years ago 247MB
도커허브 로그인
[ec2-user@ip-10-1-10-133 ~]$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: minman2115
Password: **********
WARNING! Your password will be stored unencrypted in /home/ec2-user/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
이미지에 레포정보를 아래와 같이 태그한다.
docker tag [이미지ID] [도커허브 계정아이디]/[이미지 이름]:[태그]
[ec2-user@ip-10-1-10-133 ~]$ docker tag 6b362a9f73eb minman2115/docker-whale:latest
[ec2-user@ip-10-1-10-133 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-whale latest 8648bda3605c 2 minutes ago 275MB
mysql 5.7 d05c76dbbfcf 4 days ago 448MB
nginx latest 0901fa9da894 7 days ago 132MB
tomcat 8.0 ef6a7c98d192 22 months ago 356MB
minman2115/docker-whale latest 6b362a9f73eb 5 years ago 247MB
docker/whalesay latest 6b362a9f73eb 5 years ago 247MB
이미지를 레포에 푸쉬
[ec2-user@ip-10-1-10-133 ~]$ docker push minman2115/docker-whale:latest
The push refers to repository [docker.io/minman2115/docker-whale]
5f70bf18a086: Mounted from docker/whalesay
d061ee1340ec: Mounted from docker/whalesay
d511ed9e12e1: Mounted from docker/whalesay
091abc5148e4: Mounted from docker/whalesay
b26122d57afa: Mounted from docker/whalesay
37ee47034d9b: Mounted from docker/whalesay
528c8710fd95: Mounted from docker/whalesay
1154ba695078: Mounted from docker/whalesay
latest: digest: sha256:4a79736c5f63638261bc21228b48e9991340ca6d977b73de3598be20606e5d87 size: 2402
push후 도커허브에서 레포를 확인해보면 아래와 같이 이미지가 저장되어 있는 것을 확인할 수 있다.
2. docker registry 활용
1) 기초개념
-
도커 이미지를 저장하고 공유할 수 있는 서버
-
오픈소스, 아파치 라이센스
-
v1과 v2가 호환되지 않는다.
-
클라우드 : DockerHub
-
인트라넷 : DTR
-
레지스트리도 이미지 저장소이다.
-
로컬에 레지스트리를 띄우고 이미지를 저장할수도 있지만 클라우드 밴더의 s3 같은 저장소를 이용할 수도 있다.
-
레지스트리는 접근권한 관리 등 보안기능에 대해서도 지원을 해준다.
-
레지스트리 보안모델
- docker-compose로 레지스트리 실행하는 예시
2) 실습
로컬에 레지스트리 컨테이너를 실행하고 이미지를 save해보고, 다시 load하는 실습
아래와 같은 리눅스 커맨드로 실습할 수 있다.
레지스트리 컨테이너 실행
[ec2-user@ip-10-1-10-133 ~]$ docker run -d -p 5000:5000 --name myregistry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:2
8994282093ce326a6975171f5790acddec222a1c71635287c28c382ab918a283
[ec2-user@ip-10-1-10-133 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8994282093ce registry:2 "/entrypoint.sh /etc…" 43 seconds ago Up 42 seconds 0.0.0.0:5000->5000/tcp myregistry
이미지에 프라이빗 레포 테그하기
[ec2-user@ip-10-1-10-133 ~]$ docker tag 6b362a9f73eb localhost:5000/docker-whale:latest
이미지 푸쉬
[ec2-user@ip-10-1-10-133 ~]$ docker push localhost:5000/docker-whale:latest
The push refers to repository [localhost:5000/docker-whale]
5f70bf18a086: Pushed
d061ee1340ec: Pushed
d511ed9e12e1: Pushed
091abc5148e4: Pushed
b26122d57afa: Pushed
37ee47034d9b: Pushed
528c8710fd95: Pushed
1154ba695078: Pushed
latest: digest: sha256:df326a383b4a036fd5a33402248027d1c972954622924158a28744ed5f9fca1e size: 2402
[ec2-user@ip-10-1-10-133 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8994282093ce registry:2 "/entrypoint.sh /etc…" About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp myregistry
[ec2-user@ip-10-1-10-133 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-whale latest 8648bda3605c 9 minutes ago 275MB
mysql 5.7 d05c76dbbfcf 4 days ago 448MB
nginx latest 0901fa9da894 7 days ago 132MB
registry 2 2d4f4b5309b1 4 weeks ago 26.2MB
tomcat 8.0 ef6a7c98d192 22 months ago 356MB
docker/whalesay latest 6b362a9f73eb 5 years ago 247MB
minman2115/docker-whale latest 6b362a9f73eb 5 years ago 247MB
localhost:5000/docker-whale latest 6b362a9f73eb 5 years ago 247MB
기존 이미지 삭제
[ec2-user@ip-10-1-10-133 ~]$ docker rmi 8648bda3605c 6b362a9f73eb 6b362a9f73eb
Untagged: docker-whale:latest
Deleted: sha256:8648bda3605c8240aa7e3349a61fd7cb353a90e372b9fc32c774c9bceab88875
Deleted: sha256:b3bd9802fb020ccc63fe48721e7922015bbcbd129b1812f0280bf49b1b173e91
Deleted: sha256:3bfda62fa803f556d8ea0c08ef9de4a252e2d644401444b6510e98c53caa2dc9
Error response from daemon: conflict: unable to delete 6b362a9f73eb (must be forced) - image is referenced in multiple repositories
Error response from daemon: conflict: unable to delete 6b362a9f73eb (must be forced) - image is referenced in multiple repositories
[ec2-user@ip-10-1-10-133 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 d05c76dbbfcf 4 days ago 448MB
nginx latest 0901fa9da894 7 days ago 132MB
registry 2 2d4f4b5309b1 4 weeks ago 26.2MB
tomcat 8.0 ef6a7c98d192 22 months ago 356MB
docker/whalesay latest 6b362a9f73eb 5 years ago 247MB
minman2115/docker-whale latest 6b362a9f73eb 5 years ago 247MB
localhost:5000/docker-whale latest 6b362a9f73eb 5 years ago 247MB
레지스트리로 부터 이미지 풀링
[ec2-user@ip-10-1-10-133 ~]$ docker pull localhost:5000/docker-whale:latest
latest: Pulling from docker-whale
Digest: sha256:df326a383b4a036fd5a33402248027d1c972954622924158a28744ed5f9fca1e
Status: Image is up to date for localhost:5000/docker-whale:latest
localhost:5000/docker-whale:latest
이미지 실행
[ec2-user@ip-10-1-10-133 ~]$ docker run localhost:5000/docker-whale:latest
[ec2-user@ip-10-1-10-133 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8994282093ce registry:2 "/entrypoint.sh /etc…" 3 minutes ago Up 3 minutes 0.0.0.0:5000->5000/tcp myregistry
[ec2-user@ip-10-1-10-133 ~]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7dc82c89ae1b localhost:5000/docker-whale:latest "/bin/bash" 16 seconds ago Exited (0) 15 seconds ago lucid_yalow
8994282093ce registry:2 "/entrypoint.sh /etc…" 3 minutes ago Up 3 minutes 0.0.0.0:5000->5000/tcp myregistry