部署docker-registry私有倉庫

部署docker-registry私有倉庫

建立文件夾

  sudo mkdir -p /var/docker-data/{registry,certs,auth}
 ​
 sudo openssl req -subj '/C=CN/ST=GD/L=GZ/CN=192.192.49.87'\
   -newkey rsa:4096 -nodes -sha256 -keyout /var/docker-data/certs/domain.key \
   -x509 -days 365 -out /var/docker-data/certs/domain.crt
   
 sudo mkdir -p /etc/docker/certs.d/192.192.49.87
 sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
 ​
 #可能須要OS級信任
 sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
 sudo update-ca-trust
 ​
 docker container stop registry && docker container rm -v registry

啓動

  docker run -d \
   --restart=always \
   --name registry \
   -v /var/docker-data/certs:/certs \
   -v /var/docker-data/auth:/auth \
   -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
   -e REGISTRY_STORAGE_DELETE_ENABLED="true" \
   -p 443:443 \
  registry:2

查看鏡像

  curl -X GET --insecure https://192.192.49.87/v2/_catalog

客戶端配置

  sudo mkdir -p /etc/docker/certs.d/192.192.49.87
 sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
 ​
 #可能須要OS級信任
 sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
 sudo update-ca-trust
 ​
 #測試
 sudo docker pull busybox
 sudo docker tag busybox 192.192.49.87/busybox
 sudo docker push 192.192.49.87/busybox
 ​

刪除倉庫鏡像

  #先查找鏡像的Docker-Content-Digest
 curl -v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
 -X GET https://192.192.49.87/v2/busybox/manifests/latest 2>&1 | \
 grep 'Docker-Content-Digest'| awk '{print ($3)}'
 ​
 #再刪除元數據
 #容許刪除 -e REGISTRY_STORAGE_DELETE_ENABLED="true"
 curl-v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \-X DELETE https://192.192.49.87/v2/busybox/manifests/<Docker-Content-Digest的值>
 ​
 #容器內執行garbage-collect垃圾回收，清磁盤
 docker exec -it registry /bin/registry \
 garbage-collect /etc/docker/registry/config.yml

接入認證

  #用戶admin，密碼niot1234
 docker run --entrypoint htpasswd registry:2 -Bbn admin niot1234 > /var/docker-data/auth/htpasswd
 ​
 docker container stop registry
 docker rm registry
 ​
 #重啓容器
 docker run -d \
   --restart=always \
   --name registry \
   -v /var/docker-data/certs:/certs \
   -v /var/docker-data/auth:/auth \
   -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
   -e REGISTRY_STORAGE_DELETE_ENABLED="true" \
   -e "REGISTRY_AUTH=htpasswd" \
   -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
   -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
   -p 443:443 \
  registry:2

docker-compose 配置

安裝

  sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  ​
 sudo chmod +x /usr/local/bin/docker-compose
 ​
 sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
 docker-compose --version

建立docker-registry-compose.yml

  registry:
  restart: always
  image: registry:2
  ports:
    - 443:443
  environment:
    REGISTRY_HTTP_ADDR: 0.0.0.0:443
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
    REGISTRY_HTTP_TLS_KEY: /certs/domain.key
 #   REGISTRY_AUTH: htpasswd
 #   REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
 #   REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
  volumes:
    - /var/docker-data/registry:/var/lib/registry
    - /var/docker-data/certs:/certs
    - /var/docker-data/auth:/auth

啓動

  sudo docker-compose -f docker-registry-compose.yml up -d

END