传统.NET4.x应用容器化（传统.NET4.x应用容器化）

【容器化】| 总结/Edison Zhou

---

上一篇我们自己通过编写Dockerfile来编译部署一个ASP.NET MVC应用程序到Windows Container，这一篇我们来试着将.NET 4.x的镜像推送到harbor私有镜像仓库。

1 准备工作

假设有两台服务器，这里我使用的是阿里云ECS：

Node1：Windows Server 2019，Docker Client

Node2：CentOS 7.5，Harbor

其中，Node1作为客户端，主要用来推送镜像到harbor镜像仓库 和 从harbor拉取镜像运行容器实例。Node2作为服务端，主要用来运行harbor镜像仓库对企业内部提供容器镜像服务。

2 搭建Harbor镜像仓库

Why Harbor?

因为Harbor是目前最流行的企业级私有容器镜像仓库之一，而且它同时支持Linux Container 和 Windows Container 的镜像，使得它比较符合我的需求。

快速搭建过程

我们在Node2（CentOS）上来快速地基于Harbor搭建一个私有镜像仓库。

step1.安装docker compose

# curl -L https://github.com/docker/compose/releases/download/1.26.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose # chmod x /usr/local/bin/docker-compose # docker-compose -version

step2.下载并解压harbor离线安装包

# wget https://github.com/vmware/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz # tar xvf harbor-offline-installer-v1.10.1.tgz

step3.修改harbor.yml配置，主要修改hostname 和 admin初始密码，注释掉https的配置（生产环境建议开启https，这里只做快速演示）。

# Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: 47.108.111.236 # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config # https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: EDC@123456 # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123456 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 # The default data volume data_volume: /data # Harbor Storage settings by default is using /data dir on local filesystem # Uncomment storage_service setting If you want to using external storage # storage_service: # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. # ca_bundle: # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ # filesystem: # maxthreads: 100 # # set disable to true when you want to disable registry redirect # redirect: # disabled: false # Clair configuration clair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12 jobservice: # Maximum number of job workers in job service max_job_workers: 10 notification: # Maximum retry count for webhook job webhook_job_max_retry: 10 chart: # Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled # Log configurations log: # options are debug, info, warning, error, fatal level: info # configs for logs in local storage local: # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G # are all valid. rotate_size: 200M # The directory on your host that store log location: /var/log/harbor # Uncomment following lines to enable external syslog endpoint. # external_endpoint: # # protocol used to transmit log to external endpoint, options is tcp or udp # protocol: tcp # # The host of external endpoint # host: localhost # # Port of external endpoint # port: 5140 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version: 1.10.0 # Uncomment external_database if using external database. # external_database: # harbor: # host: harbor_db_host # port: harbor_db_port # db_name: harbor_db_name # username: harbor_db_username # password: harbor_db_password # ssl_mode: disable # max_idle_conns: 2 # max_open_conns: 0 # clair: # host: clair_db_host # port: clair_db_port # db_name: clair_db_name # username: clair_db_username # password: clair_db_password # ssl_mode: disable # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port # db_name: notary_signer_db_name # username: notary_signer_db_username # password: notary_signer_db_password # ssl_mode: disable # notary_server: # host: notary_server_db_host # port: notary_server_db_port # db_name: notary_server_db_name # username: notary_server_db_username # password: notary_server_db_password # ssl_mode: disable # Uncomment external_redis if using external Redis server # external_redis: # host: redis # port: 6379 # password: # # db_index 0 is for core, it's unchangeable # registry_db_index: 1 # jobservice_db_index: 2 # chartmuseum_db_index: 3 # clair_db_index: 4 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca # Global proxy # Config http proxy for components, e.g. http://my.proxy.com:3128 # Components doesn't need to connect to each others via http proxy. # Remove component from `components` array if want disable proxy # for it. If you want use proxy for replication, MUST enable proxy # for core and jobservice, and set `http_proxy` and `https_proxy`. # Add domain to the `no_proxy` field, when you want disable proxy # for some special registry. proxy: http_proxy: https_proxy: # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server no_proxy: components: - core - jobservice - clair

step4.安装harbor

# ./install.sh

安装完成后，可以查看各个组件的运行状况：

# docker-compose ps Name Command State Ports --------------------------------------------------------------------------------------------- harbor-core /harbor/harbor_core Up (healthy) harbor-db /docker-entrypoint.sh Up (healthy) 5432/tcp harbor-jobservice /harbor/harbor_jobservice ... Up (healthy) harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp redis redis-server /etc/redis.conf Up (healthy) 6379/tcp registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp registryctl /home/harbor/start.sh Up (healthy)

确认没有问题，通过浏览器访问查看harbor管理界面：

使用账号 admin 和你配置的初始密码 即可进入管理面板，这里我们来创建一个项目，这里我们暂且命名为dotnet：

后面的示例，我们就在客户端推送镜像到这个dotnet项目中。

3 推送镜像到镜像仓库

在Node1，首先，配置一下hosts映射，这里配置了一个Node2的内网地址：

172.10.10.100 reg.edisonzhou.cn

然后，修改一下docker的配置文件，将 reg.edisonzhou.cn 作为可以使用http访问的仓库：

配置文件：C:\ProgramData\docker\config\daemon.json

{ "insecure-registries" : [ "reg.edisonzhou.cn" ] }

然后，就是熟悉的push镜像过程了，还是原来的味道：

> docker login reg.edisonzhou.cn > docker tag reg.edisonzhou.cn/samples:aspnetmvcapp reg.edisonzhou.cn/dotnet/samples:framework-4.8-aspnetmvcapp > docker push reg.edisonzhou.cn/dotnet/samples:framework-4.8-aspnetmvcapp The push refers to repository [reg.edisonzhou.cn/dotnet/samples] 11d8e5abf6ac: Pushed 265452af5f33: Pushed f9fe54bc871d: Pushed ddaa4e132ef2: Pushed 0fd048ba07e9: Pushed df61cb75b354: Pushed 825bd5d0379d: Pushed 0037a968c4d7: Pushed 6420f996a252: Skipped foreign layer a7ba3db29ebb: Skipped foreign layer 4.8: digest: sha256:7da03aef9a9acb66678d5c14dda85c741268557bdcd55484e6351e373445157f size: 2779

最开始我以为.net 4.x的镜像动不动就7~8个G，即使是内网推送也可能很慢，但是没想到的是在阿里云ECS的内网推送，如此大的镜像也能很快的完成。

此外，建议先将.net 4.x sdk的基础镜像先推送到harbor，后续推送应用程序的镜像会共享基础镜像层的文件，因此速度也会加快很多。

当然，第一次push的过程还是需要耐心等待一下，速度取决于你的服务器的配置和网络环境（如是否内网、带宽等因素）

如果出现以下错误：

received unexpected HTTP status: 500 Internal Server Error

你可以对harbor镜像仓库所在的linux服务器关闭SELinux：

setenforce 0

push完成之后再看看harbor中的仓库项目列表：

*.后面我又陆续push了sdk 和 runtime的镜像。

4 拉取镜像并运行

有了私有镜像仓库，又push了镜像，我们来模拟一下在Node1（Windows Server 2019）中拉取私有仓库中的镜像来运行一下：

>docker run --name aspnet_mvc_sample --rm -it -d -p 8000:80 --cpus 1 -m 1024m reg.edisonzhou.cn/dotnet/samples:framework-4.8-aspnetmvcapp

成功运行后，通过浏览器访问验证一下：

可以看到，成功运行，完美！

对于如此巨大的容器镜像，我跑了两到三个相同的asp.net mvc sample容器实例，验证发现磁盘空间会每个实例多占用0.2G左右，内存会每个多占用200M左右。当然，这也是因为这个asp.net mvc sample实在太简单，没有任何依赖交互，但是它也侧面反映，看似庞大的asp.net容器镜像，实则不会随着容器实例的增多而重复占用空间，而是共享Windows内核。

5 总结

本文介绍了如何快速搭建一个harbor私有镜像仓库，并通过在Windows Server客户端推送ASP.NET应用程序的镜像到harbor，最后在Windows Server客户端拉取harbor的镜像并成功运行。

事实证明，对于传统.NET Framework 4.x应用程序，从物理机/虚拟机迁移到容器中运行是可行的，并且Windows Server 2019版本做了许多对容器的支持做了许多优化，大家可以尝试使用。

,