十一、docker仓库

一、docker仓库的简介

在 Docker中,当我们执行docker pull xxx 的时候 ,它实际上是从registry.hub.docker.com 这个地址官方仓库从查找,当我们docker push xxx时候,默认也是上传到官方仓库,前提是我们有在官方仓库注册。

使用官方仓库的话:

1、网络慢,服务器在国外

2、不安全,公共仓库

3、企业内部使用

因此我们需要搭建自己企业的私有仓库

二、私有仓库registry的搭建

Docker 官方提供了一个搭建私有仓库的镜像 registry ,只需把镜像下载下来,运行容器并暴露5000端口,就可以使用了。

实验环境:

inode2: 192.168.32.102  registry仓库
indoe3: 192.168.32.103  docker 服务器

在inode2上部署registry仓库

 
为了管理仓库镜像的方便, 把宿主机的/docker/registry目录挂载到容器中的/var/lib/registry
[root@inode2 ~]# mkdir -p /docker/registry
[root@inode2 ~]# docker run -d -p 5000:5000 --restart=always  -v /docker/registry:/var/lib/registry  registry
[root@inode2 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                            NAMES
93c188474fd6        registry            "/entrypoint.sh /etc…"   11 seconds ago      Up 9 seconds        0.0.0.0:5000->5000/tcp                                                           fervent_wescoff

registry仓库部署完成

三、仓库镜像的上传和下载

上传镜像的格式为
仓库ip:5000/镜像名称:版本号

上传到私有仓库的步骤:
a:给要上传的镜像打tag
 10.0.0.12:5000/httpd:latest (手动给它打tag)    
b:上传
 docker push 10.0.0.12:5000/httpd:latest 

案例:

使用inode3来上传一个nginx的镜像

第一步:给镜像打tag,把镜像的名字给为192.168.32.102:5000/nginx:latest

192.168.32.102:5000为inode2仓库的ip和端口号

nginx:latest为镜像名:版本

 
[root@inode3 ~]# docker tag nginx:latest 192.168.32.102:5000/nginx:latest
[root@inode3 ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE

 192.168.32.102:5000/nginx   latest              a1523e859360        10 days ago         127MB
 nginx                       latest              a1523e859360        10 days ago         127MB

发现2个镜像nginx:latest和192.168.32.102:5000/nginx除了名字外,其它的完全一样

第二步:上传镜像到仓库

[root@inode3 ~]# docker push 192.168.32.102:5000/nginx:latest 
The push refers to repository [192.168.32.102:5000/nginx]
Get https://192.168.32.102:5000/v2/: http: server gave HTTP response to HTTPS client
上传镜像失败;原因:docker 上传下载默认只支持https协议,搭建的私有仓库是http协议。

修改inode3上的/etc/docker/daemon.json,在最后一行添加如下参数
"insecure-registries": ["192.168.32.102:5000"],信任该仓库

vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://gah3bzo6.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.32.102:5000"]
}
[root@inode3 ~]# systemctl daemon-reload
[root@inode3 ~]# systemctl restart docker

再重新上传镜像

[root@inode3 ~]# docker push 192.168.32.102:5000/nginx:latest 
The push refers to repository [192.168.32.102:5000/nginx]
318be7aea8fc: Pushed 
fe08d5d042ab: Pushed 
f2cb0ecef392: Pushed 
latest: digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de size: 948

查看信息

 
[root@inode2 ~]# tree /docker/registry
/docker/registry
  └── docker
   └── registry
    └── v2
        ├── blobs
        │   └── sha256
        │       ├── 4a
        │       │   └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de
        │       │       └── data
        │       ├── 68
        │       │   └── 68ced04f60ab5c7a5f1d0b0b4e7572c5a4c8cce44866513d30d9df1a15277d6b
        │       │       └── data
        │       ├── a1
        │       │   └── a1523e859360df9ffe2b31a8270f5e16422609fe138c1636383efdc34b9ea2d6
        │       │       └── data
        │       ├── c1
        │       │   └── c16ce02d3d6132f7059bf7e9ff6205cbf43e86c538ef981c37598afd27d01efa
        │       │       └── data
        │       └── c4
        │           └── c4039fd85dccc8e267c98447f8f1b27a402dbb4259d86586f4097acb5e6634af
        │               └── data
        └── repositories
            └── nginx
                ├── _layers
                │   └── sha256
                │       ├── 68ced04f60ab5c7a5f1d0b0b4e7572c5a4c8cce44866513d30d9df1a15277d6b
                │       │   └── link
                │       ├── a1523e859360df9ffe2b31a8270f5e16422609fe138c1636383efdc34b9ea2d6
                │       │   └── link
                │       ├── c16ce02d3d6132f7059bf7e9ff6205cbf43e86c538ef981c37598afd27d01efa
                │       │   └── link
                │       └── c4039fd85dccc8e267c98447f8f1b27a402dbb4259d86586f4097acb5e6634af
                │           └── link
                ├── _manifests
                │   ├── revisions
                │   │   └── sha256
                │   │       └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de
                │   │           └── link
                │   └── tags
                │       └── latest
                │           ├── current
                │           │   └── link
                │           └── index
                │               └── sha256
                │                   └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de
                │                       └── link
                └── _uploads

34 directories, 12 files

上面显示的为我们刚才上传的镜像信息

也可以访问仓库地址http://192.168.32.102:5000/v2/_catalog

 

列出仓库中的所有镜像

[root@inode3 ~]#  curl -X GET http://192.168.32.102:5000/v2/_catalog -k
{"repositories":["nginx"]}

下载仓库镜像

先删除原来的192.168.32.102:5000/nginx:latest的镜像
[root@inode3 ~]# docker image rm 192.168.32.102:5000/nginx:latest
Untagged: 192.168.32.102:5000/nginx:latest
Untagged: 192.168.32.102:5000/nginx@sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de

在从私有仓库中下载
[root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest
latest: Pulling from nginx
Digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de
Status: Downloaded newer image for 192.168.32.102:5000/nginx:latest
192.168.32.102:5000/nginx:latest
[root@inode3 ~]# docker images
REPOSITORY  TAG IMAGE IDCREATED SIZE
192.168.32.102:5000/nginx   latest  a1523e85936010 days ago 127MB

​ 镜像已经重新下载完成

四、搭建认证仓库

1.创建用户密码文件,testuser,testpassword

yum install httpd-tools -y
mkdir /opt/registry-var/auth/ -p
htpasswd  -Bbn ywx 123456  >> /opt/registry-var/auth/htpasswd

2.运行registry容器

 
docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /docker/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry 

3.现在尝试拉取镜像

[root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest
Error response from daemon: Get http://192.168.32.102:5000/v2/nginx/manifests/latest: no basic auth credentials

需要认证

4.登录registry,push镜像

[root@inode3 ~]# docker login 192.168.32.102:5000
Username: ywx
Password: (输入的密码是看不到的)
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest
latest: Pulling from nginx
Digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de
Status: Downloaded newer image for 192.168.32.102:5000/nginx:latest
 192.168.32.102:5000/nginx:latest

镜像拉取成功

同理上传镜像,也需要先登陆docker login 192.168.32.102:5000d

 

posted @ 2020-12-24 20:44  yaowx  阅读(280)  评论(0编辑  收藏  举报