docker搭建私有仓库
Posted hello-init
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker搭建私有仓库相关的知识,希望对你有一定的参考价值。
安装必要的依赖:
[[email protected] ~]# yum -y install device-mapper-event-libs
[[email protected] ~]# yum -y install docker-io
获取私有仓库镜像:
[[email protected] ~]# docker pull registry:2.6
设定允许访问docker私有仓库的证书秘钥,使用https访问,安全一些:
[[email protected] ~]# mkdir -p registry/{certs,auth}
[[email protected] ~]# cd registry/certs/
[[email protected] certs]# openssl req -x509 -days 3650 -subj ‘/CN=reg.docker.com/‘ -nodes -newkey rsa:2048 -keyout registry.key -out registry.crt
[[email protected] certs]# cd /root/registry/auth/
运行docker私有仓库一次,生成用户名密码:
[[email protected] auth]# docker run --entrypoint htpasswd registry:2.6 -Bbn docker docker123 >htpasswd
在物理机上创建镜像存放的物理路径:
[[email protected] ~]# mkdir -p /data/DockerRegistry/
正式运行docker私有仓库,搭载证书和镜像存放的物理路径:
[[email protected] ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /etc/pki/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /etc/pki/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key -e REGISTRY_STORAGE_DELETE_ENABLED=true -v /home/DockerRegistry:/var/lib/registry registry:2.6
注:--restart=always最好不要使用
创建私有仓库的证书存放路径:
[[email protected] ~]# mkdir -p /etc/docker/certs.d/reg.docker.com:5000
拷贝证书:
[[email protected] ~]# cp /root/registry/certs/registry.crt /etc/docker/certs.d/reg.docker.com:5000
修改客户端hosts,确保可以访问到私有仓库的地址:
[[email protected] ~]# vim /etc/hosts
192.168.1.7 reg.docker.com
登录:
[[email protected] ~]# docker login reg.docker.com:5000
上传:
[[email protected] ~]# docker tag centos:java1.8 reg.docker.com:5000/java:1.8
[[email protected] ~]# docker push reg.docker.com:5000/java:1.8
下载:
[[email protected] ~]# docker pull reg.docker.com:5000/java:1.8
查看:
[[email protected] ~]# curl -u docker:docker123 -X GET https://reg.docker.com:5000/v2/_catalog -k
{"repositories":["java"]}
[[email protected] ~]# curl -u docker:docker123 -X GET https://reg.docker.com:5000/v2/java/tags/list -k
{"name":"java","tags":["1.8"]}
其他主机访问:
1.创建证书目录(没有此目录自己创建,注意端口号)
mkdir -p /etc/docker/certs.d/docker-domain.ttcdw.com:5000
2.下载证书
scp -r [email protected]:/etc/nginx/ssl/registry/certs/registry.crt /etc/docker/certs.d/docker-domain.ttcdw.com:5000/
3.域名解析,如果有DNS解析无需做此步骤(registry-server-ip=192.168.1.10)
echo 10.0.0.251 docker-domain.ttcdw.com >> /etc/hosts
私有库查看都有哪些镜像:
curl -k -u ttcdw:ttcdw_prod_images https://docker-domain.ttcdw.com:5000/v2/_catalog
私有库查看某一镜像都有哪些版本:
curl -k -u ttcdw:ttcdw_prod_images https://docker-domain.ttcdw.com:5000/v2/tomcat17u80_study/tags/list
私有库删除某一镜像的某一版本:
curl -k -u ttcdw:ttcdw_prod_images --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://docker-domain.ttcdw.com:5000/v2/tomcat17u80_study/manifests/v1.0.10
用获取到的Docker-Content-Digest: sha256:d7be2798303a994d4b4b11188dd7a6410e1cb86f8defffc30126c960c350ae6c
curl -k -u ttcdw:ttcdw_prod_images --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X DELETE https://docker-domain.ttcdw.com:5000/v2/ttcdw_apache_pxgl/manifests/sha256:76d112d06df3b7f012244b7cea6bda62137419e2a3465f39a8286a922fe4ea41
docker exec -it registry /bin/sh
registry garbage-collect /etc/docker/registry/config.yml
以上是关于docker搭建私有仓库的主要内容,如果未能解决你的问题,请参考以下文章