docker—私有仓库搭建

docker---私有仓库搭建

HTTP

部署

shell 复制代码
docker run -d \
    -p 5000:5000 \
	--restart=always \
	--name registry \
    -v /opt/data/registry:/var/lib/registry \
    registry:2
  • 使用官方的 registry 镜像来启动私有仓库。默认情况下,仓库会被创建在容器的 /var/lib/registry 目录下。你可以通过 -v 参数来将镜像文件存放在本地的指定路径,当然你也可以选择其它本地路径,上面的只是一个示例。

使用

  1. 配置非HTTPS方式推送镜像

    shell 复制代码
    cat <<EOF | tee /etc/docker/daemon.json
    {
      "registry-mirrors": [
        "https://hub-mirror.c.163.com",
        "https://mirror.baidubce.com"
      ],
      "insecure-registries": [
        "your_ip_addr:5000"
      ]
    }
    EOF
    
    systemctl daemon-reload
    systemctl restart docker
  2. push and pull

    shell 复制代码
    docker tag $image $registry_host_address:5000/$image
    docker push $registry_host_address:5000/$image
    docker pull $registry_host_address:5000/$image
  3. check images

    shell 复制代码
    curl your_ip_address:5000/v2/_catalog

HTTPS

部署

  1. registry_name

    shell 复制代码
    export registry_name=registry.domain.local
  2. 生成证书

    shell 复制代码
    sudo -E mkdir -p /opt/registry/certs/
    sudo -E openssl req \
    	-newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key \
    	-subj "/CN=${registry_name}" \
    	-addext "subjectAltName = DNS:${registry_name}" \
    	-x509 -days 365 -out /opt/registry/certs/domain.crt
  3. deploy registry

    shell 复制代码
    docker run -d \
    	--restart=always \
    	--name registry \
    	-v /opt/registry/certs:/certs \
    	-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    	-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
    	-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
    	-p 443:443 \
    	registry:2
  4. add certificate to host trust chain

    1. 任何需要访问registry的主机都需要配置

    2. cat /etc/os-release

    3. case "ubuntu"|"debian"

      shell 复制代码
      sudo cp /opt/registry/certs/domain.crt /usr/local/share/ca-certificates/$registry_name.crt
      sudo update-ca-certificates
    4. case "centos"|"fedora"|"alinux"

      shell 复制代码
      sudo cat /opt/registry/certs/domain.crt >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
      cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
      sudo update-ca-trust
    5. case "rhel"

      shell 复制代码
      # https://access.redhat.com/solutions/3220561
      sudo cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
      sudo update-ca-trust extract
      cd /etc/pki/tls/certs/ && sudo openssl x509 -in ca-bundle.crt -text -noout
    6. case others, Please manual add registry certificates to host trust chain.

  5. Append the entry to allow ip-address resolved to the registry name

    任何需要访问registry的主机都需要配置

    shell 复制代码
    registry_ip=`hostname -I | awk '{print $1}'`
    echo "$registry_ip   $registry_name" | sudo tee -a /etc/hosts
  6. Verifiy registry service works

    shell 复制代码
    export no_proxy=$no_proxy,$registry_name
    if ! curl https://$registry_name/v2/_catalog ; then
    	if ! nc -zv $registry_name 443 ; then
    		echo "ERROR: failed to connect to 443 port "
    	fi
    
    	echo "ERROR: registry service is not ready"
    	exit 1
    fi

使用

push and pull

shell 复制代码
docker tag $image $registry_address/$image
docker push $registry_address/$image
docker pull $registry_address/$image

注意:

  • push的时候,需要把docker仓库设置成insecure-registries
  • pull时不需要设置

注意

镜像拉取

shell 复制代码
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/registry:2
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/registry:2  docker.io/registry:2
相关推荐
IvanCodes22 分钟前
一、Docker:一场颠覆应用部署与运维的容器革命
docker·容器
栗子~~37 分钟前
Milvus docker-compose 部署
docker·容器·milvus
椰汁菠萝1 小时前
ubuntu下免sudo执行docker
ubuntu·docker·免sudo
没有名字的小羊2 小时前
2.安装Docker
运维·docker·容器
xiezhr2 小时前
50 个常用 Docker 命令
运维·docker·容器
退役小学生呀9 天前
三、kubectl使用详解
云原生·容器·kubernetes·k8s
被困者10 天前
Linux部署Sonic前后端(详细版)(腾讯云)
spring cloud·云原生·eureka
API开发10 天前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
程序员小潘10 天前
Kubernetes多容器Pod实战
云原生·容器·kubernetes
进击的码码码码N10 天前
Docker 镜像加速
运维·docker·容器