Drea Robot

构建私有docker仓库最佳解决方案

#拉取docker仓库镜像
docker pull registry:2.7.0

#创建临时文件夹(用于存储仓库所需密钥和证书以及挂载目录)
mkdir -p /root/registry/auth /root/registry/certs /root/registry/share

#生成仓库证书,master1为自定义的主机名,你可以直接使用IP地址
openssl req -x509 -days 3650 -subj '/CN=master1:5000/' -nodes -newkey rsa:2048 -keyout /root/registry/certs/domain.key -out /root/registry/certs/domain.crt

#创建临时仓库容器,通过临时仓库容器内的密钥生成组件生成密钥
docker run --name registry --entrypoint htpasswd registry:2.7.0 -Bbn root Aa123456 > /root/registry/auth/htpasswd

#删除临时仓库容器
docker rm -f registry

#创建仓库容器
docker run -d -p 5000:5000 --restart always --name registry -v /root/registry/share:/var/lib/registry -v /root/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /root/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2.7.0

#创建仓库证书目录
mkdir -p /etc/docker/certs.d/master1:5000

#拷贝之前生成的证书到仓库证书目录中
cp /root/registry/certs/domain.crt /etc/docker/certs.d/master1:5000

#修改docker配置,注册私有仓库
vim /etc/docker/daemon.json
{
        "exec-opts":["native.cgroupdriver=systemd"],
        "registry-mirrors":["https://6yu5a2i2.mirror.aliyuncs.com"],
        "insecure-registries":["master1:5000"]
}

#重载docker配置
systemctl reload docker

#重启docker
systemctl restart docker

#拉取测试镜像
docker pull hello_world

#重新指定测试镜像标签
docker tag hello_world master1:5000/hello_world

#登录docker仓库
docker login master1:5000

#推送测试镜像到私有仓库
docker push master1:5000/hello_world

#删除本地测试镜像
docker rmi master1:5000/hello_world

#从私有仓库中重新拉取刚才推送的测试镜像
docker pull master1:5000/hello_world

#查看当前本地镜像,如果成功,则表示从私有仓库中拉取测试镜像成功了
docker images

#完结撒花

 

posted @ 2021-05-14 12:50  Rhyheart  阅读(115)  评论(0编辑  收藏  举报
Rhyheart