導入導出鏡像比較麻煩,共享鏡像佔了工做中一大部分時間.node
搭建了個本地registry, 不支持用戶名密碼驗證的 和 支持用戶名密碼驗證的兩種.docker
https://docs.docker.com/registry/#requirements
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
https://docs.docker.com/registry/deploying/#restricting-accessshell
docker run -d -p 5000:5000 -v /data/docker/registy:/var/lib/registry registry:2
$ cat /etc/docker/daemon.json { "insecure-registries" : ["192.168.14.132:5000"] }
$ systemctl restart docker $ docker info ... Experimental: false Insecure Registries: 192.168.14.132:5000 #看到這玩意了 127.0.0.0/8 ...
docker tag centos 192.168.14.132:5000/maotai/centos docker push 192.168.14.132:5000/maotai/centos
[root@node1 repositories]# tree -L 1 ./maotai ./maotai #根據用名來操做 ├── busybox └── centos
打tag有講究,把對應人的名字打上,容易區分json
查看centos
查看倉庫中的鏡像:dom
GET /v2/_catalog
查看鏡像的 tag:ui
GET /v2/huayong/busybox/tags/list
稍微比較麻煩,docker要求驗證時候不能明文傳輸用戶名密碼.全部只能https了.rest
mkdir /data/registry/auth/{certs,auth} -p cd /data/registry/auth/certs openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt -subj "/CN=reg.maotai.com" cd /data/registry/auth ## 建立testuser/testpassword docker run \ --entrypoint htpasswd \ registry:2 -Bbn testuser testpassword > auth/htpasswd cd /data/registry docker run -d \ -p 5000:5000 \ --restart=always \ -v /data/docker/registy:/var/lib/registry \ -v /etc/localtime:/etc/localtime \ --name registry \ -v `pwd`/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2
客戶端一樣須要配置daemon.jsoncode