08: docker registry 私有倉庫

時間  2019-11-10
標籤 docker registry 私有 倉庫 欄目 Docker 简体版
原文   原文鏈接

docker registry 私有倉庫nginx

不須要咱們本身去搭建私有倉庫,只須要起一個容器(官方封裝好的倉庫鏡像)就能夠了。
有關命令:
1:docker push xx.xxx.com/google_containers/busybox #上傳鏡像到私有私有倉庫
2:docker pull xxx.xxx.com/google_containers/busybox #下載私有倉庫的busybox鏡像到本地docker


#普通的registry
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
--restart=always #容器服務每次重啓了,自動把這個容器掛載起來啓動
--name registry # 容器起來後,docker ps -a 看到的鏡像名字
-v /opt/myregistry:/var/lib/registry #把宿主機的 /opt/myregistry目錄,掛載到容器的/var/lib/registry 目錄下面
registry #鏡像名字
#啓動docker registry 容器
[root@k8s129 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:latest
3a7fee0d5a3cebbb9c43d60c430e774d86e16fa314350cf7b6f710e5fc2341ad
[root@k8s129 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a7fee0d5a3c registry "/entrypoint.sh /etc…" 53 seconds ago Up 52 seconds 0.0.0.0:5000->5000/tcp registry
[root@k8s129 ~]#json


怎麼上傳鏡像到咱們剛纔啓動的私有倉庫中:
1: 打tag
2: 上傳瀏覽器

#打tag
[root@k8s129 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 19485c79a9bb 8 weeks ago 1.22MB
registry latest f32a97de94e1 8 months ago 25.8MB
# docker tag 源鏡像名字:版本 私有倉庫地址/鏡像名字:版本(默認和源的同樣)
[root@k8s129 ~]# docker tag busybox:latest 192.168.6.129:5000/busybox:latest
[root@k8s129 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.6.129:5000/busybox latest 19485c79a9bb 8 weeks ago 1.22MB
busybox latest 19485c79a9bb 8 weeks ago 1.22MB
registry latest f32a97de94e1 8 months ago 25.8MB
[root@k8s129 ~]#
#把剛纔的鏡像push(推)到鏡像私有倉庫
[root@k8s129 ~]# docker push 192.168.6.129:5000/busybox:latest (報錯了,是由於docker默認使用https)
The push refers to repository [192.168.6.129:5000/busybox]
Get https://192.168.6.129:5000/v2/: http: server gave HTTP response to HTTPS client
[root@k8s129 ~]# 修改配置文件,添加一句信任私有倉庫: "insecure-registries": ["192.168.6.129:5000"]"
[root@k8s129 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"], #注意這裏是有逗號的哦。。。。。
"insecure-registries": ["192.168.6.129:5000"]
}
[root@k8s129 ~]#systemctl restart docker.service #重啓docker
[root@k8s129 ~]# docker push 192.168.6.129:5000/busybox:latest #上傳
The push refers to repository [192.168.6.129:5000/busybox]
6c0ea40aef9d: Pushed
latest: digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808 size: 527
[root@k8s129 repositories]# pwd # 去倉庫目錄,會發現鏡像已經上傳上來了。
/opt/myregistry/docker/registry/v2/repositories
[root@k8s129 repositories]# ls
busybox
#看看在另一臺機器,使用docker pull 能不能把剛纔的鏡像pull 拉取下來
[root@k8s130 ~]# docker pull 192.168.6.129:5000/busybox:latest #注意/etc/docker/daemon.json 也要添加配置
latest: Pulling from busybox
Digest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808
Status: Image is up to date for 192.168.6.129:5000/busybox:latest
192.168.6.129:5000/busybox:latest
[root@k8s130 ~]#安全

 

 

#如今誰都能往咱們的私庫上傳鏡像,這樣是不安全的,所以咱們要設置密碼認證,增長安全認真。
#帶basic認證的registry
[root@k8s129 ~]#yum install httpd-tools -y
[root@k8s129 ~]#mkdir /opt/registry-var/auth/ -p
[root@k8s129 ~]#htpasswd -Bbn xujin 123456 >> /opt/registry-var/auth/htpasswd
[root@k8s129 auth]# cat /opt/registry-var/auth/htpasswd
xujin:$2y$05$daHhmHOs7h7BsOHirUjaHO5xJ2QycWl5bFpXbwZx2vnPQphhaKXf6
#因爲以前咱們是沒有啓用認證方式,起的倉庫容器,這裏把在運行的容器所有刪除。
[root@k8s129 auth]# docker rm -f `docker ps -a -q`
3a7fee0d5a3c
.......
[root@k8s129 auth]# docker run -d -p 5000:5000 --restart=always  -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
69c6617b88fc9d6a6fb7ddb07cba06d8674d3541deed42607f4261fab25edba6
[root@k8s129 auth]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
69c6617b88fc registry "/entrypoint.sh /etc…" 7 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp nostalgic_stonebraker
[root@k8s129 auth]#
#嘗試下載鏡像,報錯,提示沒有認證
[root@k8s129 auth]# docker pull 192.168.6.129:5000/nginx1:v1.1
Error response from daemon: Get http://192.168.6.129:5000/v2/nginx1/manifests/v1.1: no basic auth credentials
#登陸
[root@k8s129 auth]# docker login 192.168.6.129:5000 # docker login 若是不指定咱們私庫,會默認是鏈接官方的
Username: xujin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json. #注意這個文件,認證的信息保存在這裏,手動刪除後須要從新認證
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#再次pull下載,成功
[root@k8s129 auth]# docker pull 192.168.6.129:5000/nginx1:v1.1
v1.1: Pulling from nginx1
Digest: sha256:224f1b76ad5d6d5878c2dccba5b3dcc8e9a263ff04efdf0f8e0ef8f68c208a44
Status: Image is up to date for 192.168.6.129:5000/nginx1:v1.1
192.168.6.129:5000/nginx1:v1.1
#上次push ,也成功了
[root@k8s129 auth]# docker tag busybox:latest 192.168.6.129:5000/busybox:latest
[root@k8s129 auth]# docker push 192.168.6.129:5000/busybox:latest
The push refers to repository [192.168.6.129:5000/busybox]
1da8e4c8d307: Pushed
latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527
[root@k8s129 auth]# tcp

查看私有倉庫鏡像列表:
使用瀏覽器訪問:
http://192.168.6.129:5000/v2/_catalogthis

 

查看私有倉庫鏡像版本:
使用瀏覽器訪問:
http://192.168.6.129:5000/v2/nginx/tags/listgoogle

私有倉庫刪除鏡像spa

1)進入docker registry的容器中3d

docker exec -it registry /bin/sh

2) 刪除repo

rm -fr /var/lib/registry/docker/registry/v2/repositories/nginx

3) 清楚掉blob

registry garbage-collect /etc/docker/registry/config.yml

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程