Docker Hub做爲Docker默認官方公共鏡像,若是想本身搭建私有鏡像倉庫,官方也提供registry鏡像,使得搭建私有倉庫很是簡單。
下載registry鏡像並啓動node
[root@docker ~]# docker pull registry [root@docker ~]# docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry 790e35569960041b5976786ab76babc8213e81e0a2d3b1bf3a9c0b5cc2bd1280
測試查看鏡像倉庫中全部鏡像linux
[root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog {"repositories":[]}
配置私有倉庫可信任nginx
[root@docker ~]# cat /etc/docker/daemon.json { "registry-mirrors":["https://registry.docker-cn.com"], "insecure-registries":["192.168.193.128:5000"] } [root@docker ~]# systemctl restart docker
打標籤git
[root@docker ~]# docker tag nginx:1.12 192.168.193.128:5000/nginx:1.12
上傳github
[root@docker ~]# docker push 192.168.193.128:5000/nginx:1.12 [root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog {"repositories":["nginx"]} 查看信息 [root@docker ~]# curl http://192.168.193.128:5000/v2/nginx/tags/list {"name":"nginx","tags":["1.12"]}
下載docker
[root@docker ~]# docker run -itd --name nginx -p 80:80 192.168.193.128:5000/nginx:1.12 6c13f1122f713237e44aabe58f345652785d21f4b2a1deda05985bbf03b5a1be
企業一般使用Docker Harbor鏡像管理工具。json
註冊帳號
https://hub.docker.com/
登陸Docker Hub
建立倉庫
windows
linux端登陸dom
[root@docker ~]# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one. Username: yinshoucheng Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 或 [root@docker ~]# docker login --username=yinshoucheng --password=123456
鏡像打標籤curl
[root@docker ~]# docker tag nginx:1.12 yinshoucheng/golden:1.12
上傳
[root@docker ~]# docker push yinshoucheng/golden:1.12
搜索測試
[root@docker ~]# docker search yinshoucheng NAME DESCRIPTION STARS OFFICIAL AUTOMATED yinshoucheng/golden 0
下載
[root@docker ~]# docker pull yinshoucheng/golden:1.12
Harbor是VMware公司開源的企業級Docker Registry項目,項目地址:https://github.com/vmware/harbor
下載離線安裝包
安裝docker
[root@docker ~]# docker info Containers: 26 Running: 1 Paused: 0 Stopped: 25 Images: 16 Server Version: 18.09.6 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84 runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-862.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.697GiB Name: docker ID: 3EAH:DXYW:7DXA:76IW:AKHC:TKG5:FC5N:QPRB:SFAY:T6HB:LSCS:CUPK Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Username: yinshoucheng Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 192.168.193.128:5000 127.0.0.0/8 Registry Mirrors: https://registry.docker-cn.com/ Live Restore Enabled: false Product License: Community Engine
安裝docker-compose
https://github.com/docker/compose/releases/
[root@docker ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0-rc1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose [root@docker ~]# chmod +x /usr/local/bin/docker-compose [root@docker ~]# docker-compose --version docker-compose version 1.25.0-rc1, build 8552e8e2
自籤TLS證書
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
解壓 [root@docker ~]# tar -zxf harbor-offline-installer-v1.8.1.tgz [root@docker ~]# [root@docker ~]# cd harbor 建立存放ssl的目錄 [root@docker harbor]# mkdir ssl 生成ca根證書 [root@docker harbor]# mkdir ssl [root@docker harbor]# cd ssl [root@docker ssl]# openssl req \ > -newkey rsa:4096 -nodes -sha256 -keyout ca.key \ > -x509 -days 365 -out ca.crt Generating a 4096 bit RSA private key ........................................................................................................................................................................++ ...............................................++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:goldenyin Email Address []: [root@docker ssl]# ls ca.crt ca.key [root@docker ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.goldenyin.com.key -out reg.goldenyin.com.csr Generating a 4096 bit RSA private key .................................................................................................................................................................................................++ ........++ writing new private key to 'reg.goldenyin.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:reg.goldenyin.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@docker ssl]# ls ca.crt ca.key reg.goldenyin.com.csr reg.goldenyin.com.key [root@docker ssl]# openssl x509 -req -days 365 -in reg.goldenyin.com.csr -CA ca.crt -CAkey ca.key -CA.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.goldenyin.com.crt Signature ok subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.goldenyin.com Getting CA Private Key [root@docker ssl]# ls ca.crt ca.srl reg.goldenyin.com.csr ca.key reg.goldenyin.com.crt reg.goldenyin.com.key
Harbor安裝與配置
[root@docker ssl]# cd .. [root@docker harbor]# ls harbor.v1.8.1.tar.gz harbor.yml install.sh LICENSE prepare ssl 配置harbor.cfg(新版已經改爲harbor.yml) 修改配置,協議,證書,管理員密碼 示例: hostname = reg.goldenyin.com 將http:和port:80註釋(新版本) ui_url_protocol = https(新版無此項) ssl_cert = ./ssl/reg.lvusyy.com.crt(新版本certificate: ./ssl/reg.goldenyin.com.crt) ssl_cert_key = ./ssl/reg.lvusyy.com.key(新版本private_key: ./ssl/reg.goldenyin.com.key) harbor_admin_password = harbor12345 [root@docker harbor]# ./prepare (讀取配置文件,新版本無需此步驟操做) 將https:和port:443註釋取消(新版本) external_url: https://reg.goldenyin.com:8433(新版本) [root@docker harbor]# ./install.sh ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://reg.goldenyin.com. For more details, please visit https://github.com/goharbor/harbor . windows主機配置hosts(C:\Windows\System32\drivers\etc\hosts) 192.168.193.128 reg.goldenyin.com
http://reg.goldenyin.com/
https://reg.goldenyin.com/(未配置)
docker主機訪問Harbor
[root@docker harbor]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.193.128 reg.goldenyin.com [root@docker harbor]# docker login reg.goldenyin.com 建立證書保存目錄 [root@docker harbor]# mkdir -p /etc/docker/certs.d/reg.goldenyin.com 拷貝證書 [root@docker reg.goldenyin.com]# ls reg.goldenyin.com.crt 從新登陸 [root@docker harbor]# docker login reg.goldenyin.com
docker tag SOURCE_IMAGE[:TAG] reg.goldenyin.com/test/IMAGE[:TAG] docker push reg.goldenyin.com/test/IMAGE[:TAG]