docker—私有仓库搭建

docker---私有仓库搭建

HTTP

部署

shell 复制代码
docker run -d \
    -p 5000:5000 \
	--restart=always \
	--name registry \
    -v /opt/data/registry:/var/lib/registry \
    registry:2
  • 使用官方的 registry 镜像来启动私有仓库。默认情况下,仓库会被创建在容器的 /var/lib/registry 目录下。你可以通过 -v 参数来将镜像文件存放在本地的指定路径,当然你也可以选择其它本地路径,上面的只是一个示例。

使用

  1. 配置非HTTPS方式推送镜像

    shell 复制代码
    cat <<EOF | tee /etc/docker/daemon.json
    {
      "registry-mirrors": [
        "https://hub-mirror.c.163.com",
        "https://mirror.baidubce.com"
      ],
      "insecure-registries": [
        "your_ip_addr:5000"
      ]
    }
    EOF
    
    systemctl daemon-reload
    systemctl restart docker
  2. push and pull

    shell 复制代码
    docker tag $image $registry_host_address:5000/$image
    docker push $registry_host_address:5000/$image
    docker pull $registry_host_address:5000/$image
  3. check images

    shell 复制代码
    curl your_ip_address:5000/v2/_catalog

HTTPS

部署

  1. registry_name

    shell 复制代码
    export registry_name=registry.domain.local
  2. 生成证书

    shell 复制代码
    sudo -E mkdir -p /opt/registry/certs/
    sudo -E openssl req \
    	-newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key \
    	-subj "/CN=${registry_name}" \
    	-addext "subjectAltName = DNS:${registry_name}" \
    	-x509 -days 365 -out /opt/registry/certs/domain.crt
  3. deploy registry

    shell 复制代码
    docker run -d \
    	--restart=always \
    	--name registry \
    	-v /opt/registry/certs:/certs \
    	-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    	-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
    	-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
    	-p 443:443 \
    	registry:2
  4. add certificate to host trust chain

    1. 任何需要访问registry的主机都需要配置

    2. cat /etc/os-release

    3. case "ubuntu"|"debian"

      shell 复制代码
      sudo cp /opt/registry/certs/domain.crt /usr/local/share/ca-certificates/$registry_name.crt
      sudo update-ca-certificates
    4. case "centos"|"fedora"|"alinux"

      shell 复制代码
      sudo cat /opt/registry/certs/domain.crt >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
      cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
      sudo update-ca-trust
    5. case "rhel"

      shell 复制代码
      # https://access.redhat.com/solutions/3220561
      sudo cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
      sudo update-ca-trust extract
      cd /etc/pki/tls/certs/ && sudo openssl x509 -in ca-bundle.crt -text -noout
    6. case others, Please manual add registry certificates to host trust chain.

  5. Append the entry to allow ip-address resolved to the registry name

    任何需要访问registry的主机都需要配置

    shell 复制代码
    registry_ip=`hostname -I | awk '{print $1}'`
    echo "$registry_ip   $registry_name" | sudo tee -a /etc/hosts
  6. Verifiy registry service works

    shell 复制代码
    export no_proxy=$no_proxy,$registry_name
    if ! curl https://$registry_name/v2/_catalog ; then
    	if ! nc -zv $registry_name 443 ; then
    		echo "ERROR: failed to connect to 443 port "
    	fi
    
    	echo "ERROR: registry service is not ready"
    	exit 1
    fi

使用

push and pull

shell 复制代码
docker tag $image $registry_address/$image
docker push $registry_address/$image
docker pull $registry_address/$image

注意:

  • push的时候,需要把docker仓库设置成insecure-registries
  • pull时不需要设置

注意

镜像拉取

shell 复制代码
docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/registry:2
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/registry:2  docker.io/registry:2
相关推荐
掘金-我是哪吒7 分钟前
分布式微服务系统架构第118集:Future池管理容器-CompletableFuture
分布式·微服务·云原生·架构·系统架构
爱的叹息1 小时前
本地(NAS/服务器)与云端(Docker/Kubernetes)部署详解与对比
服务器·docker·kubernetes
itachi-uchiha3 小时前
Docker配置带证书的远程访问监听
docker·容器·tls
lizhou8283 小时前
IDEA中Quarkus框架(3.13版本)容器编排、压测与调优、注意事项等
docker·云原生·intellij-idea·quarkus
云闲不收4 小时前
CAP原理,zookeeper是强一致性么?为什么zookeeper不满足线性一致性依然可以实现分布式锁?
分布式·zookeeper·云原生
bst@微胖子5 小时前
K8S探针的应用
云原生·容器·kubernetes
时迁2476 小时前
【k8s】docker、k8s、虚拟机的区别以及使用场景
docker·容器·kubernetes
weixin_435208167 小时前
深入微服务核心:从架构设计到规模化
微服务·云原生·架构
YUELEI1187 小时前
Centos9安装docker
运维·docker·容器