持续创作,加速成长!这是我参与「掘金日新计划 · 10 月更文挑战」的第10天,点击查看活动详情
1.docker私有registry
========1.普通registry========
所谓普通的registry就是不需要认证,直接就可以上传到仓库
1.安装registry镜像
1.运行容器
[root@192.168.146.112~]# mkdir -p /data/myregistry
[root@192.168.146.112~]# docker run -d -p 5000:5000 --restart=always --name registry -v /data/myregistry:/var/lib/registry registry
......
8fb445163cbce94f566c57cee2e07c030234502919f6bda22c2b01ed94164ade
[root@192.168.146.112~]# docker ps -a -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8fb445163cbc registry "/entrypoint.sh /etc…" 6 minutes ago Up 6 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp registry
--restart=always 表示即使重启docker容器也会自动启动
2.上传一个镜像
- 命令格式:
-
- 上传镜像的命令格式:docker push 镜像名
- 下载镜像的命令格式:docker pull 镜像名
- 步骤:
-
- 如果直接指定镜像名,则会默认传到docker官方的镜像仓库中,不是人人都可以上传的,需要认证
- 当需要上传指定的镜像仓库时,无法直接跟url路径,只能给镜像打个标签,例如1.1.1.1:5000/images
- 在使用docker pull上传,由于默认是https,还需要在配置文件,指定镜像仓库的地址
小扩展:不在配置文件中配置镜像仓库的地址,演示一下
1.先将一个镜像打个标签
[root@192.168.146.112~]# docker tag centos6.9_kod_df:v2 192.168.146.112:5000/centos6.9_kod_df
[root@192.168.146.112~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.146.112:5000/centos6.9_kod_df latest 225ba2e932e1 3 days ago 376MB
2.直接上传镜像
[root@192.168.146.112~]# docker push 192.168.146.112:5000/centos6.9_kod_df
Using default tag: latest
The push refers to repository [192.168.146.112:5000/centos6.9_kod_df]
Get https://192.168.146.112:5000/v2/: http: server gave HTTP response to HTTPS client
3.解决方法就是在配置文件中指定镜像仓库的地址添加为授信
一定要注意json文件中写多行配置用逗号分割,只需做一次即可
[root@192.168.146.112~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["192.168.146.112:5000"]
}
[root@192.168.146.112~]# systemctl restart docker
4.再次推送
[root@192.168.146.112~]# docker push 192.168.146.112:5000/centos6.9_kod_df
Using default tag: latest
The push refers to repository [192.168.146.112:5000/centos6.9_kod_df]
17f13b40b79f: Pushed
fc51b1db3ffa: Pushed
f55de4f12e8e: Pushed
07683cf499cf: Pushed
2f1149eed82e: Pushed
472f7d4b8148: Pushed
aaa5621d7c01: Pushed
latest: digest: sha256:5cbd656bf4c8d2c53b2f08669f35d0e847f2681563fd779ecf033516442ab009 size: 1778
3.完整过程
就是打标签加推送即可
[root@192.168.146.112~]# docker tag centos6.9_kod_ssh:v1 192.168.146.112:5000/centos6.9_kod_ssh
#这个我们只需要写一次即可
[root@192.168.146.112~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["192.168.146.112:5000"]
}
[root@192.168.146.112~]# systemctl restart docker
[root@192.168.146.112~]# docker push 192.168.146.112:5000/centos6.9_kod_ssh
Using default tag: latest
The push refers to repository [192.168.146.112:5000/centos6.9_kod_ssh]
17f13b40b79f: Mounted from centos6.9_kod_df
fc51b1db3ffa: Mounted from centos6.9_kod_df
f55de4f12e8e: Mounted from centos6.9_kod_df
07683cf499cf: Mounted from centos6.9_kod_df
2f1149eed82e: Mounted from centos6.9_kod_df
472f7d4b8148: Mounted from centos6.9_kod_df
aaa5621d7c01: Mounted from centos6.9_kod_df
latest: digest: sha256:7f5f828a095fb56db9bddca31ababb074837aa52c7190e079aad58debb50b91c size: 1778
由于刚刚做了数据卷,因此可以在/data/myregistry目录看到上传的镜像
[root@192.168.146.112/data/myregistry/docker/registry/v2/repositories]# ls
centos6.9_kod_df centos6.9_kod_ssh
1.2.带basic认证的registry
1.创建认证用户和认证文件
[root@192.168.146.112~]# yum -y install httpd-tools
[root@192.168.146.112~]# mkdir /data/myregistry_auth
[root@192.168.146.112~]# cd /data/myregistry_auth/
[root@192.168.146.112/data/myregistry_auth]# htpasswd -Bbn admin admin >> registry_htpasswd
[root@192.168.146.112/data/myregistry_auth]# cat registry_htpasswd
admin:$2y$05$YenJXb5cwD0H.iY9eUoOSO6krG5lt/jqRDZdbdEu.g5AGVAxIMTNm
htpasswd参数
-B 强制对密码进行bcrypt加密(非常安全)
-n 不更新文件,在标准输出上显示结果
-b 从命令行使用密码,而不是提示输入密码。
2.运行registry容器
[root@192.168.146.112~]# docker run -itd -p 7000:5000 -v /data/myregistry:/var/lib/registry -v /data/myregistry_auth/:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry_htpasswd" registry
81fa2b4f3be42f4787f2cfc715f746319acdb3fd92d8f79a37e279a59a87b2c4
[root@192.168.146.112~]# docker ps -a -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81fa2b4f3be4 registry "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:7000->5000/tcp, :::7000->5000/tcp flamboyant_gagarin
3.登录容器
因为是认证的,所以需要登录一下,只登录一次就可以,会把认证写到/root/.docker/config.json
[root@192.168.146.112~]# cat /data/myregistry_auth/registry_htpasswd
admin:$2y$05$YenJXb5cwD0H.iY9eUoOSO6krG5lt/jqRDZdbdEu.g5AGVAxIMTNm
1.首先在配置文件增加镜像仓库的地址
[root@192.168.146.112~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["192.168.146.112:5000"],
"insecure-registries": ["192.168.146.112:7000"]
}
2.重启docker
[root@192.168.146.112~]# systemctl restart docker
3.登录registry认证
[root@192.168.146.112~]# docker login 192.168.146.112:7000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4.推送镜像
[root@192.168.146.112~]# docker tag centos:6.9 192.168.146.112:7000/centos
[root@192.168.146.112~]# docker push 192.168.146.112:7000/centos
Using default tag: latest
The push refers to repository [192.168.146.112:7000/centos]
aaa5621d7c01: Pushed
latest: digest: sha256:7e172600dff1903f186061ce5f5295664ec9942ca120e4e5b427ddf01bb2b35b size: 529
5.查看数据卷上的镜像
[root@192.168.146.112/data/myregistry/docker/registry/v2/repositories]# ls
centos centos6.9_kod_df centos6.9_kod_ssh
总结
1.创建容器 docker run (记得带上数据卷)
docker run -d -it -p 端口:端口 -v 本地目录:容器目录
2.把镜像打标签 docker tag 原本镜像 标签:打包镜像名称
docker tag centos 192.168.148.112:6000/centos
3.配置文件指定镜像仓库地址
"insecure-registries": ["192.168.148.112:6000"]
vim /etc/docker/daemon.json
3.推送镜像 docker push 打包镜像的名称
docker push 192.168.148.112:6000/centos
4.查看本地数据卷的镜像
ls 本地目录
