Docker registry V2

部署私有Docker Registry

搭建 Insecure Registry

修改Registry server上的Docker daemon的配置，爲DOCKER_OPTS增長–insecure-registry：
DOCKER_OPTS="--insecure-registry 10.10.105.71:5000
重啓Docker Daemon，啓動Registry容器：

#docker run -d -p 5000:5000 -v /data/registry:/var/lib/registry --restart=always --name registry registry:2

在Private Registry2中查看或檢索Repository或images，將不能用docker search：
但經過v2版本的API，咱們能夠實現相同目的：

#curl http://10.10.105.71:5000/v2/_catalog
#curl http://10.10.105.71:5000/v2/tonybai/busybox/tags/list

注：交互的主機上的Docker Daemon都要配置：–insecure-registry選項

搭建 Secure Registry

須要爲Registry配置tls所需的key和crt文件
一、製做自簽署證書
#mkdir -p certs
#openssl req -newkey rsa:2048 -nodes -sha256 -keyout certs/index.changhong.info.key -x509 -days 365 -out certs/index.changhong.info.crt
…………
Common Name (e.g. server FQDN or YOUR name) []:index.changhong.info

二、修改一下/etc/hosts文件: 10.10.105.71 index.changhong.info
三、配置本地訪問
$ sudo mkdir -p /etc/docker/certs.d/index.changhong.info:5000
$ sudo cp certs/index.changhong.info.crt /etc/docker/certs.d/index.changhong.info:5000/ca.crt
$ sudo service docker restart

若是使用自簽署的證書，那麼全部要與Registry交互的Docker主機都須要安裝index.changhong.info:5000/ca.crt
但若是你使用知名CA這一步也就能夠忽略

Registry的鑑權管理

server上增長test用戶，密碼test123
$ mkdir auth
$ docker run --entrypoint htpasswd registry:2 -Bbn test test123 > auth/htpasswd

啓動Secure Registry
$ docker run -d -p 5000:5000 --restart=always --name registry \
-v /auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /data:/var/lib/registry \
-v /certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/index.changhong.info.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/index.changhong.info.key \
registry:2

執行docker login:
$docker login index.changhong.info:5000
Username: test
Password: test123

Registry中images的管理
$ curl --cacert index.changhong.info.crt --basic --user test:test123 https://index.changhong.info:5000/v2/_catalog