registry私有仓库

docker私有仓库registry只需要启动一个容器即可

试验环境

docker01 10.0.0.10

docker02 10.0.0.11

一、普通registry

1.1docker01启动私有仓库容器

[root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v \
/opt/myregistry:/var/lib/registry  registry

参数解释    
-d                    后台运行
-p                    映射端口
--restart=always        重启docker服务时拉起容器
--name                名字
-v                    挂载卷, /opt/myregistry:/var/lib/registry表示将宿主机的/opt/myregistry挂载到容器的/var/lib/registry

1.2docker02给镜像打标签

1.初始镜像
[root@docker02 ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
centos                  6.9                 adf829198a7f        4 months ago        195MB

2.给镜像打标签
语法
docker tag 镜像名称 标签名称
[root@docker02 ~]# docker tag centos:6.9 10.0.0.10:5000/centos:6.9

3.打完标签后的镜像,id相同,相当于硬链接
[root@docker02 ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
10.0.0.10:5000/centos   6.9                 adf829198a7f        4 months ago        195MB
centos                  6.9                 adf829198a7f        4 months ago        195MB

1.3docker02推送镜像到私有仓库docker01

1.默认推送是采用https协议,因此第一次推送会报错
[root@docker02 ~]# docker push 10.0.0.10:5000/centos:6.9 
The push refers to repository [10.0.0.10:5000/centos] 
Get https://10.0.0.10:5000/v2/: http: server gave HTTP response to HTTPS client

2.修改配置文件,使推送使用http协议
[root@docker02 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.10:5000"]
}

3.重启docker
[root@docker02 ~]# systemctl restart docker

4.再次推送即可成功
[root@docker02 ~]# docker push 10.0.0.10:5000/centos:6.9
The push refers to repository [10.0.0.20:5000/centos]
aaa5621d7c01: Pushed 
6.9: digest: sha256:7e172600dff1903f186061ce5f5295664ec9942ca120e4e5b427ddf01bb2b35b size: 529

1.4docker 普通registry缺点

没有认证,任何人都可以推送镜像到私有仓库,不安全!!!

1.docker02导入镜像或者下载镜像
[root@docker02 ~]# docker load -i nginx.tar.gz

2.给镜像打标签
[root@docker02 ~]# docker tag nginx:latest 10.0.0.10:5000/nginx:latest

3.推送任意一个镜像到私有仓库
[root@docker02 ~]# docker push 10.0.0.10:5000/nginx:latest

4.推送镜像存放路径
创建私有镜像仓库时指定的宿主机目录/opt/myregistry        
-v /opt/myregistry:/var/lib/registry  registry
[root@docker01 ~]# ls /opt/myregistry/docker/registry/v2/repositories/
centos/        centos6.9_ssh/ nginx/

二、带basic认证的registry

2.1docker01初始环境准备

1.安装httpd-tools
[root@docker01 ~]# yum -y install httpd-tools

2.创建存放密码的目录并设置密码
[root@docker01 ~]# mkdir -p /opt/registry-var/auth
[root@docker01 ~]# htpasswd  -Bbn test 123456  >> /opt/registry-var/auth/htpasswd

2.2docker01启动容器

[root@docker01 ~]# docker run -d -p 5000:5000 --name registry --restart=always -v /opt/registry-var/auth/:/auth/ -v \
/opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e \
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd\
 registry

2.3docker02直接拉取镜像

1.直接拉取镜像会报错,因为没有认证
[root@docker02 ~]# docker pull 10.0.0.10:5000/nginx
Using default tag: latest
Error response from daemon: Get http://10.0.0.10:5000/v2/nginx/manifests/latest: no basic auth credentials

2.4登陆私有仓库,然后拉取镜像

1.登陆私有仓库
[root@docker02 ~]# docker login 10.0.0.10:5000
Username: test
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2.拉取镜像
[root@docker02 ~]# docker pull 10.0.0.10:5000/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:278fefc722ffe1c36f6dd64052758258d441dcdb5e1bbbed0670485af2413c9f
Status: Image is up to date for 10.0.0.10:5000/nginx:latest

3.上传镜像,先打标签,再上传
[root@docker02 ~]# docker tag centos:6.9 10.0.0.10:5000/my-centos
[root@docker02 ~]# docker push 10.0.0.10:5000/my-centos

registry镜像存储位置

registry镜像存储位置为
挂载目录/docker/registry/v2/repositories/镜像名称


目录挂载
/opt/myregistry:/var/lib/registry

镜像存储位置  
/opt/myregistry/docker/registry/v2/repositories
泡泡吐肥皂o © gitbook.pptfz.top 2021 all right reserved,powered by Gitbook文件修订时间: 秃笔南波湾!!!

results matching ""

    No results matching ""