如何搭建docker私有镜像仓库

设置登录鉴权操作搭建参考:

https://blog.csdn.net/shida_csdn/article/details/78435971

参考指南:https://blog.51cto.com/ganbing/2080140

服务端机器 主机名为registry):docker私有仓库服务器,运行registry容器;
节点机器 主机名为node):普通的docker服务器,在这台服务器上可以上传和下载镜像;

1. 服务端下载镜像registry

docker pull registry

2. 生成登录的用户名和密码

docker run --entrypoint htpasswd docker.io/registry:latest -Bbn hy 000000  >> /data/docker-registry/auth/htpasswd 

3. 节设置配置文件,启用删除镜像功能(也可以不启用,看业务需要,修改 storage - delete - enable 为 false 即可)


# mkdir -p /opt/registry-var/config

# vim /opt/registry-var/config/config.yml

version: 0.1

log:

  fields:

    service: registry

storage:

  delete:

    enabled: true

  cache:

    blobdescriptor: inmemory

  filesystem:

    rootdirectory: /var/lib/registry

http:

  addr: :5000

  headers:

    X-Content-Type-Options: [nosniff]

health:

  storagedriver:

    enabled: true

    interval: 10s

threshold: 3

4. 启动registry镜像服务

docker run -d -p 5000:5000 --restart=always  --name=registry\

  -v /data/docker-registry/config/:/etc/docker/registry/ \

  -v /data/docker-registry/auth/:/auth/ \

  -e "REGISTRY_AUTH=htpasswd" \

  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \

  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \

  -v /data/docker-registry/:/var/lib/registry/ \

docker.io/registry:latest

5. 开启节点的http形式访问私有仓库

vim /etc/docker/daemon.json

{

    "log-driver": "json-file",

    "registry-mirrors":["55.18.67.171:5000"],

    "insecure-registries":["55.18.67.171:5000"]

}

# systemctl daemon-reload

# systemctl restart docker

6. 上传和下载镜像到私有仓库

docker pull docker.io/hello-world

docker tag docker.io/hello-world:latest 55.18.67.171:5000/hello-word:latest

docker login 55.18.67.171:5000 -u hy -p 000000

docker push 55.18.67.171:5000/hello-word:latest

curl -u hy:000000  http://55.18.67.171:5000/v2/_catalog

7. 创建secret让pod访问不需要鉴权登录

默认default命名空间使用的secret

kubectl create secret docker-registry 10.10.10.149  --docker-server=55.18.67.171:5000 --docker-username=hy --docker-password=000000 --docker-email=niewx@ruyi.ai

 

hy-uat命名空间使用的secret

kubectl create secret docker-registry 10.10.10.149  --docker-server=55.18.67.171:5000 –namespace=hy-uat --docker-username=hy --docker-password=000000 --docker-email=niewx@ruyi.ai

8. 列出所有镜像

curl -u hy:000000  http://55.18.67.171:5000/v2/_catalog

9. 列出busybox镜像有哪些tag

curl -u hy:000000  http://55.18.67.171:5000/v2/company-ner/tags/list

posted @ 2019-10-12 17:54  爱写bug的小猿  阅读(625)  评论(0编辑  收藏  举报