利用 Google Artifact Repository 构建docker 镜像仓库
参考了google 官方文档
https://cloud.google.com/artifact-registry/docs/docker/store-docker-container-images
首先 enable GAR api
gcloud services enable artifactregistry.googleapis.com
gcloud services list | grep -i artifact
artifactregistry.googleapis.com Artifact Registry API
其次创建1个docker image 仓库
gcloud artifacts repositories create my-docker-repo --repository-format=docker --location=eurepo-west2 --description=“”
用如下命令来list 已有的仓库
> gcloud artifacts repositories list
Listing items under project jason-hsbc, across all locations.ARTIFACT_REGISTRY
REPOSITORY FORMAT MODE DESCRIPTION LOCATION LABELS ENCRYPTION CREATE_TIME UPDATE_TIME SIZE (MB)
gcf-artifacts DOCKER STANDARD_REPOSITORY This repository is created and used by Cloud Functions for storing function docker images. europe-west2 goog-managed-by=cloudfunctions Google-managed key 2023-11-05T04:54:28 2023-11-05T04:56:07 744.026
java-repo MAVEN STANDARD_REPOSITORY Java package repository europe-west2 Google-managed key 2023-11-11T03:21:31 2023-11-11T03:21:31 0
my-docker-repo DOCKER STANDARD_REPOSITORY europe-west2 Google-managed key 2023-09-09T17:01:40 2023-09-09T17:01:40 0配置docker 的验证方法
因为之后我们需要用docker push 把镜像推送到 Google AR, 所以我们在docker的配置文件里配置docker 访问 Google AR 的验证方式。
docker 到 GAR 的验证方式有四种:
1. gcloud credential helper
配置您的 ArtifactRegistry 凭据,以便直接在 gcloud 中与 Docker 一起使用。 这是最简单的身份验证方法,但可能比Standalone Docker credential helper慢
2. Standalone Docker credential helper
此选项主要用于配置您的凭据,以便在没有 Google Cloud CLI 的情况下与 Docker 一起使用。 它比 gcloud 凭据帮助程序快得多,并使用应用程序默认凭据 (ADC) 自动查找环境中的凭据。
3. Access token
您可以为服务帐户生成短期访问令牌,然后使用该令牌进行密码身份验证。 由于令牌的有效期仅为 60 分钟,因此它是比服务帐户密钥更安全的选择。
4. Service account key
用户管理的密钥对,可用作服务帐户的凭据。 由于凭证的有效期很长,因此它是所有可用身份验证方法中最不安全的选项。
具体参考:
https://cloud.google.com/artifact-registry/docs/docker/authentication
这里选择最简单的方法1: gcloud credential helper
执行以下命令
gcloud auth configure-docker europe-west2-docker.pkg.dev
high lighted 部分请替换成你当前repo所在的region
gateman@DESKTOP-UIU9RFJ:/var/lib/jenkins/workspace/CloudRun/build@2$ gcloud auth configure-docker europe-west2-docker.pkg.dev
Adding credentials for: europe-west2-docker.pkg.dev
After update, the following will be written to your Docker config file located at [/home/gateman/.docker/config.json]:{"credHelpers": {"europe-west2-docker.pkg.dev": "gcloud"}
}Do you want to continue (Y/n)? yDocker configuration file updated.当执行完成, /home/gateman/.docker/config.json 会被updated
docker build or tag
这时你就可以用docker build or docker tag 去为你的镜像打上正确 镜像地址 和 标签
例如
gateman@instance-2:~/Projects/spring-boot-for-cloud-run$ sudo docker build -t europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice:0.0.1-test .
[+] Building 0.2s (2/3) docker:default
[+] Building 5.0s (8/8) FINISHED docker:default=> [internal] load build definition from Dockerfile 0.0s=> => transferring dockerfile: 367B 0.0s=> [internal] load .dockerignore 0.0s=> => transferring context: 2B 0.0s=> [internal] load metadata for docker.io/dockette/jdk8:latest 1.0s=> [1/3] FROM docker.io/dockette/jdk8@sha256:0e87d0c795b0b405a37a95b043b274f2c8539777cd94edc1952502cc6c034cf0 2.9s=> => resolve docker.io/dockette/jdk8@sha256:0e87d0c795b0b405a37a95b043b274f2c8539777cd94edc1952502cc6c034cf0 0.0s=> => sha256:0e87d0c795b0b405a37a95b043b274f2c8539777cd94edc1952502cc6c034cf0 1.16kB / 1.16kB 0.0s=> => sha256:13041d54229cc20958f6524b6256964a99b6bea415204e7ed29f96bdc60b0f56 7.99kB / 7.99kB 0.0s=> => sha256:8e3ba11ec2a2b39ab372c60c16b421536e50e5ce64a0bc81765c2e38381bcff6 2.21MB / 2.21MB 0.3s=> => sha256:9b3c9c2732298ae00f74462af3984d87364a5a1c56c517fd2b26c31829cdee12 503.25kB / 503.25kB 0.2s=> => sha256:4b79398611a193376a779d409b3d194f85d5922137cf55bcbef8efca0c2d0be9 57.43MB / 57.43MB 1.4s=> => sha256:bd535a9d85176af573232201339448103487bb020e6d3dcec9d71fb3d48c45e0 93B / 93B 0.4s=> => extracting sha256:8e3ba11ec2a2b39ab372c60c16b421536e50e5ce64a0bc81765c2e38381bcff6 0.1s=> => extracting sha256:9b3c9c2732298ae00f74462af3984d87364a5a1c56c517fd2b26c31829cdee12 0.0s=> => extracting sha256:4b79398611a193376a779d409b3d194f85d5922137cf55bcbef8efca0c2d0be9 1.4s=> => extracting sha256:bd535a9d85176af573232201339448103487bb020e6d3dcec9d71fb3d48c45e0 0.0s=> [internal] load build context 0.0s=> => transferring context: 4.21kB 0.0s=> [2/3] WORKDIR /app 0.8s=> [3/3] COPY target/*.jar app.jar 0.0s=> exporting to image 0.0s=> => exporting layers 0.0s=> => writing image sha256:221b39f6f5ea8e8c6c9d3461b2490b59b977408c2dd97f0423f099a737a1fe4c 0.0s=> => naming to europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice:0.0.1-test
docker push
这样就可以把镜像推送到GAR了
gateman@instance-2:~/Projects/spring-boot-for-cloud-run$ docker push europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice:0.0.1-test
The push refers to repository [europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice]
27b10e04e8e3: Pushed
40cfa0202c65: Pushed
43d79ecfdc6c: Pushed
bc4a7b790ce8: Pushed
e4a87dd198ff: Pushed
73046094a9b8: Pushed
0.0.1-test: digest: sha256:2796c54b46ea85a3747f6599e37f5beed32a817dd00cb1e4f95d2feb7820b6a4 size: 1571