睿云智合基于 Dragonfly 支持docker proxy https
1、部署https harbor
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
2、部署docker_proxy
pull images
pull_images.sh
#!/bin/sh
docker_registry_proxy="dockerhubwp/docker_proxy_nginx:latest"
supernode="registry.cn-hangzhou.aliyuncs.com/alidragonfly/supernode:0.2.0"
dfclient="dockerhubwp/dfclient:latest"
images="${docker_registry_proxy} ${supernode} ${dfclient}"
function pullImage(){
for image in ${images}; do
echo -e "pull image ======>${image}"
docker pull ${image}
done
}
pullImage
docker_proxy.sh
#! /bin/sh
# Separate deployment docker_proxy
# dfdaemon and docker registry map
# example x.x.x
registry="harbor域名"
containername=docker_registry_proxy
# 你需要配置的dns 服务器 (如:dnsmasq)
DNS_SERVER="dns-server"
docker_registry_proxy="dockerhubwp/docker_proxy_nginx:latest"
# get localhost ip
ipaddr=$(ip addr | awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}')
localhostIp=$(echo ${ipaddr} | cut -d " " -f 1)
function changeDockerProxy() {
mkdir -p /etc/systemd/system/docker.service.d
cat <<EOD >/etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:3128/"
Environment="HTTPS_PROXY=http://127.0.0.1:3128/"
EOD
}
function dockerDockerProxyRun() {
if [[ 0 != $(docker ps -a | grep ${containername} | wc -l) ]]; then
docker rm -f ${containername}
fi
docker run --restart=always --privileged=true --name ${containername} -d -p 0.0.0.0:3128:3128 \
-v /etc/docker_proxy_nginx/docker_mirror_certs:/ca -v /var/log/docker_proxy_nginx:/var/log/nginx/ \
-e DRAGONFLY_REGISTRIES="${registry},http://${localhostIp}:65001" -e REGISTRIES="${registry}" \
-e DNS_SERVER=${DNS_SERVER} ${docker_registry_proxy}
}
changeDockerProxy
systemctl daemon-reload
systemctl restart docker
dockerDockerProxyRun
3、部署dragonfly
部署Supernode
supernode.sh
#!/bin/sh
# Separate deployment supernode
supernode="registry.cn-hangzhou.aliyuncs.com/alidragonfly/supernode:0.2.0"
containername=supernode
function superNode() {
if [[ 0 != $(docker ps -a | grep ${containername} | wc -l) ]]; then
docker rm -f ${containername}
fi
docker run --name ${containername} --restart=always -d -p 8001:8001 -p 8002:8002 ${supernode}
}
superNode
部署dfclient
dfclient.sh
#!/bin/sh
# Separate deployment docker_proxy
dfclient="dockerhubwp/dfclient:latest"
#harbor 地址
dfdaemon_registry="https://x.x.x"
containername=dfclient
# supernode ips example (10.0.0.160,10.0.0.162)
supernodes="supernodeip"
ipaddr=$(ip addr | awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}')
localhostIp=$(echo ${ipaddr} | cut -d " " -f 1)
cat <<EOD >/etc/dragonfly.conf
[node]
address=${supernodes}
EOD
function startDfClient() {
if [[ 0 != $(docker ps -a | grep ${containername} | wc -l) ]]; then
docker rm -f ${containername}
fi
docker run --name ${containername} --restart=always -d -p 65001:65001 \
-v /root/.small-dragonfly:/root/.small-dragonfly -v /etc/dragonfly.conf:/etc/dragonfly.conf \
-e dfdaemon_registry=${dfdaemon_registry} -e localhostIp=${localhostIp} ${dfclient}
}
startDfClient
最后
trust.sh
#!/bin/sh
# trust ca
curl http://127.0.0.1:3128/ca.crt >/etc/pki/ca-trust/source/anchors/docker_proxy_nginx.crt
update-ca-trust
测试: 拉取镜像
docker pull x.x.x/library/nginx:latest
原文链接:https://mp.weixin.qq.com/s/95mX8cDox5bmgQ2xGHLPqQ
参考: