document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

fuowang 翻译完成

Browse Source
This commit is contained in:
fuowang 2018-11-12 19:29:53 +08:00
parent f817bd0480
commit baa0beb83a
2 changed files with 122 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
sources/tech/20180110 Using Your Own Private Registry with Docker Enterprise Edition.md
View File

@ -1,128 +0,0 @@
fuowang 翻译中
Using Your Own Private Registry with Docker Enterprise Edition
======
![docker trusted registry][1]
One of the things that makes Docker really cool, particularly compared to using virtual machines, is how easy it is to move around Docker images. If you've already been using Docker, you've almost certainly pulled images from [Docker Hub][2]. Docker Hub is Docker's cloud-based registry service and has tens of thousands of Docker images to choose from. If you're developing your own software and creating your own Docker images though, you'll want your own private Docker registry. This is particularly true if you have images with proprietary licenses, or if you have a complex continuous integration (CI) process for your build system.
Docker Enterprise Edition includes Docker Trusted Registry (DTR), a highly available registry with secure image management capabilities which was built to run either inside of your own data center or on your own cloud-based infrastructure. In the next few weeks, we'll go over how DTR is a critical component of delivering a secure, repeatable and consistent [software supply chain][3]. You can get started with it today through our [free hosted demo][4] or by downloading and installing the free 30-day trial. The steps to get started with your own installation are below.
## Setting Up Docker Enterprise Edition
Docker Trusted Registry runs on top of Universal Control Plane (UCP), so to begin let's install a single-node cluster. If you've already got your own UCP cluster, you can skip this step. On your docker host, run the command:
```
# Pull and install UCP
docker run -it -rm -v /var/run/docker.sock:/var/run/docker.sock -name ucp docker/ucp:latest install
```
Once UCP is up and running, there are a few more things you should do before you install DTR. Open up your browser against the UCP instance you just installed. There should be a link to it at the end of your log output. If you have already have a Docker Enterprise Edition license, go ahead and upload it through the UI. If you don't, visit the [Docker Store][5] and pick up a free, 30-day trial.
Once you've got licensing squared away, you're probably going to want to change the port which UCP is running on. Since this is a single node cluster, DTR and UCP are going to want to use the same TCP ports for running their web services. If you've got a UCP swarm with more than one node, this probably isn't a problem because DTR will look for a node which has the required free ports. Inside of UCP, click on Admin Settings -> Cluster Configuration and change the Controller Port to something like 5443.
## Installing DTR
We're going to install a simple, single-node instance of Docker Trusted Registry. If you were setting up your DTR for production use, you would likely set things up in High Availability (HA) mode which would require a different type of storage such as a cloud-based object store, or NFS. Since this is a single-node instance, we're going to stick with the default local storage.
First we need to pull the DTR bootstrap image. The bootstrap image is a tiny, self-contained installer which connects to UCP and sets up all of the containers, volumes, and logical networks required to get DTR up and running.
Use the command:
```
# Pull and run the DTR bootstrapper
docker run -it -rm docker/dtr:latest install -ucp-insecure-tls
```
NOTE: Both UCP and DTR by default come with their own certs which won't be recognized by your system. If you've set up UCP with TLS certs which are trusted by your system, you can omit the `-ucp-insecure-tls` option. Alternatively, you can use the `-ucp-ca` option which will let you specify the UCP CA certificate directly.
The DTR bootstrap image should then ask you for a couple of settings, such as the URL of your UCP installation and your UCP admin username and password. It should only take a minute or two to pull all of the DTR images and set everything up.
## Keeping Everything Secure
Once everything is up and running, you're ready to push and pull images to and from
the registry. Before we do that step though, let's set up our TLS certificates so that we can securely talk to DTR.
On Linux, we can use these commands (just make certain you change DTR_HOSTNAME to reflect the DTR we just set up):
```
# Pull the CA certificate from DTR (you can use wget if curl is unavailable)
DTR_HOSTNAME=<Your DTR hostname>
curl -k https://$(DTR_HOSTNAME)/ca > $(DTR_HOSTNAME).crt
sudo mkdir /etc/docker/certs.d/$(DTR_HOSTNAME)
sudo cp $(DTR_HOSTNAME) /etc/docker/certs.d/$(DTR_HOSTNAME)
# Restart the docker daemon (use `sudo service docker restart` on Ubuntu 14.04)
sudo systemctl restart docker
```
On Docker for Mac and Windows, we'll set up our client a little bit differently. Go in to Settings -> Daemon and in the Insecure Registries section, enter in your DTR hostname. Click Apply, and your docker daemon should restart and you should be good to go.
## Pushing and Pulling Images
We now need to set up a repository to hold an image. This is a little bit different than Docker Hub which automatically creates a repository if one doesn't exist when you do a docker push. To create the repository, point your browser to https://<Your DTR hostname> and then sign-in with your admin credentials when prompted. If you added a license to UCP, that license will automatically have been picked up by DTR. If not, make certain you upload your license now.
Once you're in, click on the 'New Repository` button and create a new repository.
We'll create a repo to hold Alpine linux, so type `alpine` in the name field, and click
`Save` (it's labelled `Create` in DTR 2.5 and newer).
Now let's go back to our shell and type the commands:
```
# Pull the latest version of Alpine Linux
docker pull alpine:latest
# Sign in to your new DTR instance
docker login <Your DTR hostname>
# Tag Alpine to be able to push it to your DTR
docker tag alpine:latest <Your DTR hostname>/admin/alpine:latest
# Push the image to DTR
docker push <Your DTR hostname>/admin/alpine:latest
```
And that's it! We just pulled a copy of the latest Alpine Linux, re-tagged it so that we could store it inside of DTR, and then pushed it to our private registry. If you want to pull that image to a different Docker engine, set up your DTR certs as shown above, and issue the command:
```
# Pull the image from DTR
docker pull <Your DTR hostname>/admin/alpine:latest
```
DTR has a lot of great image management features built right in such as image caching, mirroring, scanning, signing, and even automated supply chain policies. We'll leave these to future blog posts which we can explore in more detail.
--------------------------------------------------------------------------------
via: https://blog.docker.com/2018/01/dtr/
作者:[Patrick Devine;Rolf Neugebauer;Docker Core Engineering;Matt Bentley][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://blog.docker.com/author/pdevine/
[1]:https://i1.wp.com/blog.docker.com/wp-content/uploads/ccd278d2-29c2-4866-8285-c2fe60b4bd5e-1.jpg?resize=965%2C452&ssl=1
[2]:https://hub.docker.com/
[3]:https://blog.docker.com/2016/08/securing-enterprise-software-supply-chain-using-docker/
[4]:https://www.docker.com/trial
[5]:https://store.docker.com/search?offering=enterprise&page=1&q=&type=edition

122
translated/tech/20180110 Using Your Own Private Registry with Docker Enterprise Edition.md Normal file
View File

@ -0,0 +1,122 @@
使用企业版 Docker 搭建自己的私有注册服务器
======
![docker trusted registry][1]
Docker 真的很酷,特别是和使用虚拟机相比,转移 Docker 镜像十分容易。如果你已准备好使用 Docker那你肯定已从 [Docker Hub][2] 上拉取完整的镜像。Docker Hub 是 Docker 的云端注册服务器服务,包含成千上万个供选择的 Docker 镜像。如果你开发了自己的软件包并创建了自己的 Docker 镜像那么你会想有自己的私有注册服务器。如果你有搭配着专有许可的镜像或想为你的构建系统提供复杂的持续集成CI过程则更应该拥有自己的私有注册服务器。
Docker 企业版包括 Docker Trusted Registry译者注DTRDocker 可信注册服务器)。这是一个具有安全镜像管理功能的高可用的注册服务器,为了在你自己的数据中心或基于云端的架构上运行而构建。在接下来的几周,我们将了解 DTR 是提供安全、可重用且连续的[软件供应链][3]的一个关键组件。你可以通过我们的[免费托管小样][4]立即开始使用,或者通过下载安装进行 30 天的免费试用。下面是开始自己安装的步骤。
## 配置 Docker 企业版
Docker Trusted Registry 在通用控制面板UCP上运行所以开始前要安装一个单节点集群。如果你已经有了自己的 UCP 集群,可以跳过这一步。在你的 docker 托管主机上,运行以下命令:
```
# 拉取并安装 UCP
docker run -it -rm -v /var/run/docker.sock:/var/run/docker.sock -name ucp docker/ucp:latest install
```
当 UCP 启动并运行后,在安装 DTR 之前你还有几件事要做。针对刚刚安装的 UCP 实例,打开浏览器。在日志输出的末尾应该有一个链接。如果你已经有了 Docker 企业版的许可证,那就在这个界面上输入它吧。如果你还没有,可以访问 [Docker 商店][5]获取30天的免费试用版。
准备好许可证后,你可能会需要改变一下 UCP 运行的端口。因为这是一个单节点集群DTR 和 UCP 可能会以相同的端口运行他们的 web 服务。如果你拥有不只一个节点的 UCP 集群,这就不是问题,因为 DTR 会寻找有所需空闲端口的节点。在 UCP 中,点击管理员设置 -> 集群配置并修改控制器端口,比如 5443。
## 安装 DTR
我们要安装一个简单的、单节点的 Docker Trusted Registry 实例。如果你要安装实际生产用途的 DTR那么你会将其设置为高可用HA模式即需要另一种存储介质比如基于云端的对象存储或者 NFS译者注Network File System网络文件系统。因为目前安装的是一个单节点实例我们依然使用默认的本地存储。
首先我们需要拉取 DTR 的 bootstrap 镜像。Boostrap 镜像是一个微小的独立安装程序,包括连接到 UCP 以及设置和启动 DTR 所需的所有容器、卷和逻辑网络。
使用命令:
```
# 拉取并运行 DTR 引导程序
docker run -it -rm docker/dtr:latest install -ucp-insecure-tls
```
注意默认情况下UCP 和 DTR 都有自己的证书,系统无法识别。如果你已使用系统信任的 TLS 证书设置 UCP则可以省略 `-ucp-insecure-tls` 选项。另外,你可以使用 `-ucp-ca` 选项来直接指定 UCP 的 CA 证书。
然后 DTR bootstrap 镜像会让你确定几项设置,比如 UCP 安装的 URL 地址以及管理员的用户名和密码。从拉取所有的 DTR 镜像到设置全部完成,只需要一到两分钟的时间。
## 保证一切安全
一切都准备好后,就可以向注册服务器推送或者从中拉取镜像了。在做这一步之前,让我们设置 TLS 证书,以便安全的与 DTR 通信。
在 Linux 上,我们可以使用以下命令(只需确保更改了 DTR_HOSTNAME 变量,来正确映射我们刚刚设置的 DTR
```
# 从 DTR 拉取 CA 证书(如果 curl 不可用,你可以使用 wget
DTR_HOSTNAME=< DTR 主机名>
curl -k https://$(DTR_HOSTNAME)/ca > $(DTR_HOSTNAME).crt
sudo mkdir /etc/docker/certs.d/$(DTR_HOSTNAME)
sudo cp $(DTR_HOSTNAME) /etc/docker/certs.d/$(DTR_HOSTNAME)
# 重启 docker 守护进程(在 Ubuntu 14.04 上,使用 `sudo service docker restart` 命令)
sudo systemctl restart docker
```
对于 Mac 和 Windows 版的 Docker我们会以不同的方式安装客户端。转入设置 -> 守护进程,在 Insecure Registries译者注不安全的注册服务器部分输入你的 DTR 主机名。点击应用docker 守护进程应在重启后可以良好使用。
## 推送和拉取镜像
现在我们需要设置一个仓库来存放镜像。这和 Docker Hub 有一点不同,如果你做的 docker 推送仓库中不存在,它会自动创建一个。要创建一个仓库,在浏览器中打开 https://<Your DTR hostname> 并在出现登录提示时使用你的管理员凭据登录。如果你向 UCP 添加了许可证,则 DTR 会自动获取该许可证。如果没有,请现在确认上传你的许可证。
进入刚才的网页之后,点击`新建仓库`按钮来创建新的仓库。
我们会创建一个用于存储 Alpine linux 的仓库,所以在名字输入处键入 `alpine`,点击`保存`(在 DTR 2.5 及更高版本中叫`创建`)。
现在我们回到 shell 界面输入以下命令:
```
# 拉取 Alpine Linux 的最新版
docker pull alpine:latest
# 登入新的 DTR 实例
docker login <Your DTR hostname>
# 标记上 Alpine 使能推送其至你的 DTR
docker tag alpine:latest <Your DTR hostname>/admin/alpine:latest
# 向 DTR 推送镜像
docker push <Your DTR hostname>/admin/alpine:latest
```
就是这样!我们刚刚推送了最新的 Alpine Linux 的一份拷贝,重新打了标签以便将其存储到 DTR 中,并将其推送到我们的私有注册服务器。如果你想将镜像拉取至不同的 Docker 引擎中,按如上所示设置你的 DTR 证书,然后执行以下命令:
```
# 从 DTR 中拉取镜像
docker pull <Your DTR hostname>/admin/alpine:latest
```
DTR 具有许多优秀的镜像管理功能,例如图像缓存,镜像,扫描,签名甚至自动化供应链策略。这些功能我们在后期的博客文章中更详细的探讨。
--------------------------------------------------------------------------------
via: https://blog.docker.com/2018/01/dtr/
作者:[Patrick Devine;Rolf Neugebauer;Docker Core Engineering;Matt Bentley][a]
译者:[fuowang](https://github.com/fuowang)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://blog.docker.com/author/pdevine/
[1]:https://i1.wp.com/blog.docker.com/wp-content/uploads/ccd278d2-29c2-4866-8285-c2fe60b4bd5e-1.jpg?resize=965%2C452&ssl=1
[2]:https://hub.docker.com/
[3]:https://blog.docker.com/2016/08/securing-enterprise-software-supply-chain-using-docker/
[4]:https://www.docker.com/trial
[5]:https://store.docker.com/search?offering=enterprise&page=1&q=&type=edition