github
1. 简介
一个简单、易用的批量镜像迁移和镜像同步复制工具,支持几乎所有目前主流的基于Docker Registry V2
搭建的镜像存储服务,例如ACR、Docker、Hub、Quay、自建Harbor等,目前已经初步经过了TB级别的生产环境镜像迁移验证
-
特性
- 支持多对多镜像仓库同步
- 支持基于 Docker Registry V2 搭建的 docker 镜像仓库服务 (如 Docker Hub、 Quay、 阿里云镜像服务 ACR、 Harbor等)
- 同步只经过内存和网络,不依赖磁盘存储,同步速度快
- 增量同步, 通过对同步过的镜像 blob 信息落盘,不重复同步已同步的镜像
- 并发同步,可以通过配置文件调整并发数
- 自动重试失败的同步任务,可以解决大部分镜像同步中的网络抖动问题
- 不依赖 docker 以及其他程序
2.安装
wget https://github.com/AliyunContainerService/image-syncer/releases/download/v1.0.3/image-syncer-v1.0.3-linux-amd64.tar.gz
tar zxf image-syncer-v1.0.3-linux-amd64.tar.gz && mv image-syncer /usr/local/bin/
-
参数
-h --help usage information --config set the path of config file, this file need to be created before starting synchronization, default config file is at "current/working/directory/config.json". (This flag can be replaced with flag --auth and --images which for better orgnization.) --auth set the path of authentication file, this file need to be created before starting synchronization, default config file is at "current/working/directory/auth.json". This flag need to be pair used with --images. --images set the path of image rules file, this file need to be created before starting synchronization, default config file is at "current/working/directory/images.json". This flag need to be pair used with --auth. --log set the path of log file, logs will be printed to Stderr by default --namespace set default-namespace, default-namespace can also be set by environment variable "DEFAULT_NAMESPACE", if they are both set at the same time, "DEFAULT_NAMESPACE" will not work at this synchronization, default-namespace will work only if default-registry is not empty. --registry set default-registry, default-registry can also be set by environment variable "DEFAULT_REGISTRY", if they are both set at the same time, "DEFAULT_REGISTRY" will not work at this synchronization, default-registry will work only if default-namespace is not empty. --proc number of goroutines, default value is 5 --records image-syncer will record the information of synchronized image blobs to a disk file, this parameter will set the path of the records file, default path is "current/working/directory/records", a records file can be reused to make incremental synchronization if it is really generated by yourself. image-syncer remove the dependence of records file after v1.1.0 --retries number of retries, default value is 2, the retries of failed sync tasks will start after all sync tasks are executed once, reties of failed sync tasks will resolve most occasional network problems during synchronization --os os list to filter source tags, not works for docker v2 schema1 media, takes no effect if empty --arch architecture list to filter source tags, takes no effect if empty
3. 使用
3.1 Harbor To Aliyun ACR
-
配置文件模板
{ "auth": { // 认证字段,其中每个对象为一个registry的一个账号和 // 密码;通常,同步源需要具有pull以及访问tags权限, // 同步目标需要拥有push以及创建仓库权限,如果没有提供,则默认匿名访问 "quay.io": { // registry的url,需要和下面images中对应registry的url相同 "username": "xxx", // 用户名,可选 "password": "xxxxxxxxx", // 密码,可选 "insecure": true // registry是否是http服务,如果是,insecure字段需要为true }, "registry.cn-beijing.aliyuncs.com": { "username": "xxx", "password": "xxxxxxxxx" }, "registry.hub.docker.com": { "username": "xxx", "password": "xxxxxxxxxx" } }, images: { "quay.io/coreos/kube-rbac-proxy": "quay.io/ruohe/kube-rbac-proxy", "xxxx":"xxxxx", "xxx/xxx/xx:tag1,tag2,tag3":"xxx/xxx/xx" } }
1、同步镜像规则字段,其中一条规则包括一个源仓库(键)和一个目标仓库(值)
2、同步的最大单位是仓库(repo),不支持通过一条规则同步整个namespace以及registry
3、源仓库和目标仓库的格式与docker pull/push命令使用的镜像url类似(registry/namespace/repository:tag)
4、源仓库和目标仓库(如果目标仓库不为空字符串)都至少包含registry/namespace/repository
5、源仓库字段不能为空,如果需要将一个源仓库同步到多个目标仓库需要配置多条规则
6、目标仓库名可以和源仓库名不同(tag也可以不同),此时同步功能类似于:docker pull + docker tag + docker push
7、当源仓库字段中不包含tag时,表示将该仓库所有tag同步到目标仓库,此时目标仓库不能包含tag 8、当源仓库字段中包含tag时,表示只同步源仓库中的一个tag到目标仓库,如果目标仓库中不包含tag,则默认使用源tag 9、源仓库字段中的tag可以同时包含多个(比如"a/b/c:1,2,3"),tag之间通过","隔开,此时目标仓库不能包含tag,并且默认使用原来的tag
10、当目标仓库为空字符串时,会将源镜像同步到默认registry的默认namespace下,并且repo以及tag与源仓库相同,默认registry和默认namespace可以通过命令行参数以及环境变量配置,参考下面的描述
-
创建配置文件:
{ "auth": { "172.20.5.10": { "username": "admin", "password": "Xxzx@789", "insecure": true }, "registry.cn-beijing.aliyuncs.com": { "username": "352@qq.com", "password": "docker" } }, "images": { "172.20.5.10/library/kube-apiserver": "" } }
-
开始迁移:
# 并发数为10,重试次数为10 # 日志输出到./log文件下,不存在会自动创建,不指定的话默认会将日志打印到Stderr # 指定配置文件为harbor-to-acr.json,内容如上所述 image-syncer --proc=10 --config=./harbor_to_acr.json --registry=registry.cn-beijing.aliyuncs.com --namespace=cloud-devops --retries=10 --log=./log Start to generate sync tasks, please wait ... Start to handle sync tasks, please wait ... Finished, 0 sync tasks failed, 0 tasks generate failed
日志打印
{"level":"info","msg":"Get tags of 172.20.5.10/library/kube-apiserver successfully: [v1.20.1]","time":"2021-01-08 10:54:23"} {"level":"info","msg":"Generate a task for 172.20.5.10/library/kube-apiserver:v1.20.1 to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1","time":"2021-01-08 10:54:23"} {"level":"info","msg":"Get manifest from 172.20.5.10/library/kube-apiserver:v1.20.1","time":"2021-01-08 10:54:23"} {"level":"info","msg":"Get a blob sha256:f398b465657ed53ee83af22197ef61be9daec6af791c559ee5220dee5f3d94fe(647423) from 172.20.5.10/library/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:23"} {"level":"info","msg":"Put blob sha256:f398b465657ed53ee83af22197ef61be9daec6af791c559ee5220dee5f3d94fe(647423) to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:24"} {"level":"info","msg":"Get a blob sha256:cbcdf8ef32b41cd954f25c9d85dee61b05acc3b20ffa8620596ed66ee6f1ae1d(723022) from 172.20.5.10/library/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:24"} {"level":"info","msg":"Put blob sha256:cbcdf8ef32b41cd954f25c9d85dee61b05acc3b20ffa8620596ed66ee6f1ae1d(723022) to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:24"} {"level":"info","msg":"Get a blob sha256:d7d21f5bdd8303a60bac834f99867a58e6f3e1abcb6d486158a1ccb67dbf85bf(29033259) from 172.20.5.10/library/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:24"} {"level":"info","msg":"Put blob sha256:d7d21f5bdd8303a60bac834f99867a58e6f3e1abcb6d486158a1ccb67dbf85bf(29033259) to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:24"} {"level":"info","msg":"Get a blob sha256:75c7f711208082c548b935ab31e681ea30acccdce6b7abeecabae5bbfd326627(2630) from 172.20.5.10/library/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:24"} {"level":"info","msg":"Put blob sha256:75c7f711208082c548b935ab31e681ea30acccdce6b7abeecabae5bbfd326627(2630) to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1 success","time":"2021-01-08 10:54:25"} {"level":"info","msg":"Put manifest to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1","time":"2021-01-08 10:54:25"} {"level":"info","msg":"Synchronization successfully from 172.20.5.10/library/kube-apiserver:v1.20.1 to registry.cn-beijing.aliyuncs.com/cloud-devops/kube-apiserver:v1.20.1","time":"2021-01-08 10:54:25"} {"level":"info","msg":"Finished, 0 sync tasks failed, 0 tasks generate failed","time":"2021-01-08 10:54:25"}
3.2 Harbor To Huawei SWR
-
创建配置文件
{ "auth": { "172.20.5.10": { "username": "admin", "password": "Xxzx@789", "insecure": true }, "swr.cn-east-3.myhuaweicloud.com": { "username": "cn-east-3@8B5B8GC", "password": "8b0f1e69f2" } }, "images": { "172.20.5.10/library/kube-apiserver": "", "172.20.5.10/library/controller": "" } }
-
启动任务
image-syncer --proc=10 --config=./harbor_to_swr.json --registry=swr.cn-east-3.myhuaweicloud.com --namespace=cloud-devops --retries=10 --log=./log Start to generate sync tasks, please wait ... Start to handle sync tasks, please wait ... Finished, 0 sync tasks failed, 0 tasks generate failed
3.3 Huawei SWR To Aliyun ACR
-
创建日志文件
{ "auth": { "swr.cn-east-3.myhuaweicloud.com": { "username": "cn-east-3@8B5B8GC", "password": "8b0f1e6a46af8dff0ae519a09f2" }, "registry.cn-beijing.aliyuncs.com": { "username": "352@qq.com", "password": "docker" } }, "images": { "swr.cn-east-3.myhuaweicloud.com/cloud-devops/kube-apiserver": "", "swr.cn-east-3.myhuaweicloud.com/cloud-devops/controller": "" } }
-
开始迁移文章来源:https://www.toymoban.com/news/detail-467895.html
image-syncer --proc=10 --config=./harbor_to_swr.json --registry=registry.cn-beijing.aliyuncs.com --namespace=cloud-devops --retries=10 --log=./log Start to generate sync tasks, please wait ... Start to handle sync tasks, please wait ... Finished, 0 sync tasks failed, 0 tasks generate failed
文章来源地址https://www.toymoban.com/news/detail-467895.html
到了这里,关于image-syncer的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!