docker搭建私有仓库

Posted hello-init

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker搭建私有仓库相关的知识,希望对你有一定的参考价值。

安装必要的依赖:

[[email protected] ~]# yum -y install device-mapper-event-libs

[[email protected] ~]# yum -y install docker-io

获取私有仓库镜像:

[[email protected] ~]# docker pull registry:2.6

设定允许访问docker私有仓库的证书秘钥,使用https访问,安全一些:

[[email protected] ~]# mkdir -p registry/{certs,auth}

[[email protected] ~]# cd registry/certs/

[[email protected] certs]# openssl req -x509 -days 3650 -subj ‘/CN=reg.docker.com/‘ -nodes -newkey rsa:2048 -keyout registry.key -out registry.crt

[[email protected] certs]# cd /root/registry/auth/

运行docker私有仓库一次,生成用户名密码:

 [[email protected] auth]# docker run --entrypoint htpasswd registry:2.6 -Bbn docker docker123 >htpasswd

在物理机上创建镜像存放的物理路径:

 [[email protected] ~]# mkdir -p /data/DockerRegistry/

 正式运行docker私有仓库,搭载证书和镜像存放的物理路径:

[[email protected] ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /etc/pki/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /etc/pki/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key -e REGISTRY_STORAGE_DELETE_ENABLED=true -v /home/DockerRegistry:/var/lib/registry registry:2.6

注:--restart=always最好不要使用

 创建私有仓库的证书存放路径:

[[email protected] ~]# mkdir -p /etc/docker/certs.d/reg.docker.com:5000

 拷贝证书:

[[email protected] ~]# cp /root/registry/certs/registry.crt /etc/docker/certs.d/reg.docker.com:5000

 修改客户端hosts,确保可以访问到私有仓库的地址:

[[email protected] ~]# vim /etc/hosts

192.168.1.7 reg.docker.com

 

登录:

[[email protected] ~]# docker login reg.docker.com:5000

上传:

[[email protected] ~]# docker tag centos:java1.8 reg.docker.com:5000/java:1.8

[[email protected] ~]# docker push reg.docker.com:5000/java:1.8

下载:

[[email protected] ~]# docker pull reg.docker.com:5000/java:1.8

查看:

[[email protected] ~]# curl -u docker:docker123 -X GET https://reg.docker.com:5000/v2/_catalog -k

{"repositories":["java"]}

[[email protected] ~]# curl -u docker:docker123 -X GET https://reg.docker.com:5000/v2/java/tags/list -k

{"name":"java","tags":["1.8"]}

 

 

 

 

 

 

其他主机访问:

1.创建证书目录(没有此目录自己创建,注意端口号)

mkdir -p /etc/docker/certs.d/docker-domain.ttcdw.com:5000

 

2.下载证书

scp -r [email protected]:/etc/nginx/ssl/registry/certs/registry.crt /etc/docker/certs.d/docker-domain.ttcdw.com:5000/

 

3.域名解析,如果有DNS解析无需做此步骤(registry-server-ip=192.168.1.10)

echo 10.0.0.251 docker-domain.ttcdw.com >> /etc/hosts

 

私有库查看都有哪些镜像:

curl -k -u ttcdw:ttcdw_prod_images https://docker-domain.ttcdw.com:5000/v2/_catalog

 

私有库查看某一镜像都有哪些版本:

curl -k -u ttcdw:ttcdw_prod_images https://docker-domain.ttcdw.com:5000/v2/tomcat17u80_study/tags/list

 

私有库删除某一镜像的某一版本:

curl -k -u ttcdw:ttcdw_prod_images  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET https://docker-domain.ttcdw.com:5000/v2/tomcat17u80_study/manifests/v1.0.10

         用获取到的Docker-Content-Digest: sha256:d7be2798303a994d4b4b11188dd7a6410e1cb86f8defffc30126c960c350ae6c

curl -k -u ttcdw:ttcdw_prod_images  --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X DELETE https://docker-domain.ttcdw.com:5000/v2/ttcdw_apache_pxgl/manifests/sha256:76d112d06df3b7f012244b7cea6bda62137419e2a3465f39a8286a922fe4ea41

 

 

 

 

 

 

docker exec -it registry /bin/sh

registry garbage-collect /etc/docker/registry/config.yml

以上是关于docker搭建私有仓库的主要内容,如果未能解决你的问题,请参考以下文章

搭建docker私有镜像仓库

Docker私有仓库的搭建与使用

docker私有镜像仓库搭建和镜像删除

搭建docker私有仓库

docker私有仓库的搭建

docker搭建私有仓库