【Linux】【Services】【SaaS】Docker+kubernetes(7. 安装Docker私有镜像仓库)
1. 简介
1.1. 自己做个私有镜像,方便上传和下载,我也在docker官网注册了一个账号,做好的镜像可以传上去
1.2. Redhat自带私有镜像的功能,需要安装包,这是howto:
https://access.redhat.com/documentation/enus/red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_containers/get_started_with_docker_formatted_container_images#creating_a_private_docker_registry_optional
1.3. IBM的howto:https://www.ibm.com/developerworks/linux/library/l-docker-private-reg/index.html(主要流程按照这个做的)
1.4. docker的官方网网站:https://www.docker.com/
2. 环境
2.1. docker-distribution:2.6.2-1.git48294d9.el7
2.2. docker:2:1.12.6-68.gitec8512b.el7
3. 安装与配置
3.1. 使用yum安装
yum install docker-distribution
3.2. 启动服务
systemctl start docker-distribution && systemctl enable docker-distibution
3.3. 给镜像仓库来个独立磁盘
# lvcreate -n lv_docker_registry -L 20G vg_system # mkfs.xfs /dev/mapper/vg_system-lv_docker_registry # mkdir /data_docker_registry
# echo "/dev/mapper/vg_system-lv_docker_registry /data_docker_registry xfs defaults 0 0" >> /etc/fstab
# mount -a
3.4. 使用htpasswd工具进行认证
# yum install -y httpd-tools
# htpasswd -Bc /etc/docker-distribution/registry/egistry_passwd admin
3.5. 给http服务加上一个ssl
# mkdir /etc/docker/certs.d/hctjosadm01.hccos.cn/ # openssl req -newkey rsa:4096 -nodes -sha256 -keyout /etc/docker/certs.d/hctjosadm01.hccos.cn/hccos.key -x509 -days 365 -out /etc/docker/certs.d/hctjosadm01.hccos.cn/hccos.crt 注意:服务名字和机器名字要一致,其他都默认就好
# update-ca-trust
# systemctl restart docker
注意:如果出现不能重启docker情况,吧原始数据删掉就好,rm -rf /var/lib/docker/*
3.6. 修改yml配置文件 /etc/docker-distribution/registry/config.yml
version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /data_docker_registry http: addr: hctjosadm01.hccos.cn:5000 host: https://hctjosadm01.hccos.cn:5000 tls: certificate: /etc/docker/certs.d/hctjosadm01.hccos.cn/hccos.crt key: /etc/docker/certs.d/hctjosadm01.hccos.cn/hccos.key auth: htpasswd: realm: basic-realm path: /etc/docker-distribution/registry/registry_passwd
3.7. 重启docker-distribution服务
systemctl restart docker-distribution
3.8. 由于是私建CA,所有客户端访问的时候会不信任,需要在启动时候加上这个选项或者修改/usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd-current \ --insecure-registry hctjosadm01.hccos.cn:5000
3.9. 记得reload systemd
systemctl daemon-reload
3.10. 试试吧
~]# docker login https://hctjosadm01.hccos.cn:5000 Username: admin Password: Login Succeeded
4. 常用命令
# docker pull # docker push # docker login # docker logout
# docker search
# docker image
5. 使用Vmware harbor搭建带UI功能的docker hub
5.1. 官方网站:https://github.com/vmware/harbor
5.2. 安装手册:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
5.3. 说实话这个写的已经非常的全了,而且搭建起来非常简单,以后有项目需要的话我再写在博客里