十一、docker仓库
一、docker仓库的简介
使用官方仓库的话:
1、网络慢,服务器在国外
2、不安全,公共仓库
3、企业内部使用
因此我们需要搭建自己企业的私有仓库
二、私有仓库registry的搭建
Docker 官方提供了一个搭建私有仓库的镜像 registry ,只需把镜像下载下来,运行容器并暴露5000端口,就可以使用了。
实验环境:
inode2: 192.168.32.102 registry仓库 indoe3: 192.168.32.103 docker 服务器
为了管理仓库镜像的方便, 把宿主机的/docker/registry目录挂载到容器中的/var/lib/registry [root@inode2 ~]# mkdir -p /docker/registry [root@inode2 ~]# docker run -d -p 5000:5000 --restart=always -v /docker/registry:/var/lib/registry registry [root@inode2 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 93c188474fd6 registry "/entrypoint.sh /etc…" 11 seconds ago Up 9 seconds 0.0.0.0:5000->5000/tcp fervent_wescoff registry仓库部署完成
上传镜像的格式为 仓库ip:5000/镜像名称:版本号 上传到私有仓库的步骤: a:给要上传的镜像打tag 10.0.0.12:5000/httpd:latest (手动给它打tag) b:上传 docker push 10.0.0.12:5000/httpd:latest
案例:
使用inode3来上传一个nginx的镜像
[root@inode3 ~]# docker tag nginx:latest 192.168.32.102:5000/nginx:latest [root@inode3 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.32.102:5000/nginx latest a1523e859360 10 days ago 127MB nginx latest a1523e859360 10 days ago 127MB 发现2个镜像nginx:latest和192.168.32.102:5000/nginx除了名字外,其它的完全一样
第二步:上传镜像到仓库
[root@inode3 ~]# docker push 192.168.32.102:5000/nginx:latest The push refers to repository [192.168.32.102:5000/nginx] Get https://192.168.32.102:5000/v2/: http: server gave HTTP response to HTTPS client 上传镜像失败;原因:docker 上传下载默认只支持https协议,搭建的私有仓库是http协议。 修改inode3上的/etc/docker/daemon.json,在最后一行添加如下参数 "insecure-registries": ["192.168.32.102:5000"],信任该仓库 vim /etc/docker/daemon.json { "registry-mirrors": ["https://gah3bzo6.mirror.aliyuncs.com"], "insecure-registries": ["192.168.32.102:5000"] } [root@inode3 ~]# systemctl daemon-reload [root@inode3 ~]# systemctl restart docker 再重新上传镜像 [root@inode3 ~]# docker push 192.168.32.102:5000/nginx:latest The push refers to repository [192.168.32.102:5000/nginx] 318be7aea8fc: Pushed fe08d5d042ab: Pushed f2cb0ecef392: Pushed latest: digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de size: 948
[root@inode2 ~]# tree /docker/registry /docker/registry └── docker └── registry └── v2 ├── blobs │ └── sha256 │ ├── 4a │ │ └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de │ │ └── data │ ├── 68 │ │ └── 68ced04f60ab5c7a5f1d0b0b4e7572c5a4c8cce44866513d30d9df1a15277d6b │ │ └── data │ ├── a1 │ │ └── a1523e859360df9ffe2b31a8270f5e16422609fe138c1636383efdc34b9ea2d6 │ │ └── data │ ├── c1 │ │ └── c16ce02d3d6132f7059bf7e9ff6205cbf43e86c538ef981c37598afd27d01efa │ │ └── data │ └── c4 │ └── c4039fd85dccc8e267c98447f8f1b27a402dbb4259d86586f4097acb5e6634af │ └── data └── repositories └── nginx ├── _layers │ └── sha256 │ ├── 68ced04f60ab5c7a5f1d0b0b4e7572c5a4c8cce44866513d30d9df1a15277d6b │ │ └── link │ ├── a1523e859360df9ffe2b31a8270f5e16422609fe138c1636383efdc34b9ea2d6 │ │ └── link │ ├── c16ce02d3d6132f7059bf7e9ff6205cbf43e86c538ef981c37598afd27d01efa │ │ └── link │ └── c4039fd85dccc8e267c98447f8f1b27a402dbb4259d86586f4097acb5e6634af │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de │ │ └── link │ └── tags │ └── latest │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de │ └── link └── _uploads 34 directories, 12 files
上面显示的为我们刚才上传的镜像信息
列出仓库中的所有镜像
[root@inode3 ~]# curl -X GET http://192.168.32.102:5000/v2/_catalog -k {"repositories":["nginx"]}
下载仓库镜像
先删除原来的192.168.32.102:5000/nginx:latest的镜像 [root@inode3 ~]# docker image rm 192.168.32.102:5000/nginx:latest Untagged: 192.168.32.102:5000/nginx:latest Untagged: 192.168.32.102:5000/nginx@sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de 在从私有仓库中下载 [root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest latest: Pulling from nginx Digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de Status: Downloaded newer image for 192.168.32.102:5000/nginx:latest 192.168.32.102:5000/nginx:latest [root@inode3 ~]# docker images REPOSITORY TAG IMAGE IDCREATED SIZE 192.168.32.102:5000/nginx latest a1523e85936010 days ago 127MB
四、搭建认证仓库
1.创建用户密码文件,testuser,testpassword
yum install httpd-tools -y mkdir /opt/registry-var/auth/ -p htpasswd -Bbn ywx 123456 >> /opt/registry-var/auth/htpasswd
docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /docker/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
3.现在尝试拉取镜像
[root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest Error response from daemon: Get http://192.168.32.102:5000/v2/nginx/manifests/latest: no basic auth credentials 需要认证
4.登录registry,push镜像
[root@inode3 ~]# docker login 192.168.32.102:5000 Username: ywx Password: (输入的密码是看不到的) WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest latest: Pulling from nginx Digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de Status: Downloaded newer image for 192.168.32.102:5000/nginx:latest 192.168.32.102:5000/nginx:latest 镜像拉取成功 同理上传镜像,也需要先登陆docker login 192.168.32.102:5000d
I have a dream so I study hard!!!