Docker Registry使用：公有Docker Registry使用私有Docker Registry的搭建

Posted 2020-12-27 onetwothree

公有Docker Registry的操作

首先必须注册自己的dockerhub账号，假设为simpledockerhub

[[email protected] ]# docker login --默认即https://hub.docker.com

Username : simpledockerhub

Password: *****

Login Succeeded

[[email protected] ]# docker pull hello-world

[[email protected] ]# docker tag hello-world simpledockerhub/hello-world

[[email protected] ]#docker push simpledockerhub/hello-world     ------注意 /前面的名称必须是用户注册的用户名。

这样就把hello-world镜像上传到simpledockerhub用户下，使用docker pull命令就可以下载该镜像了

私有Docker Registry的搭建

1. 单机版：只能通过localhost操作(个人玩玩还行)

[[email protected] ]#  docker run -d -p 5000:5000 registry:2

[[email protected] ]#  docker tag hello-world localhost:5000/hello-world

[[email protected] ]#  docker push localhost:5000/hello-world

2.通过自签名证书方式联机访问(生产环境推荐使用该方案)：

在主机上安装一个自签名的证书，并同时给需要访问寄存服务器的每个Docker 守护进程都安装一份。

Registry主机地址：10.76.64.63,  访问者地址：10.76.64.82

Registry主机10.76.64.63做如下操作：

1. 创建目录，存放证书文件：

[[email protected] ]# mkdir centos1_certs

2. 生成自签名证书，拷贝到 /etc/docker/certs.d/centos1:5000目录

[[email protected] ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout centos1_certs/domain.key -x509 -days 365 -out centos1_certs/domain.crt
。。。
Common Name (eg, your name or your server‘s hostname) []:centos1    ---这个为主机名称，需要和/etc/hosts里对应上
。。。

[[email protected] ~]# mkdir -p /etc/docker/certs.d/centos1:5000

[[email protected] ~]# cp centos1_certs/domain.crt /etc/docker/certs.d/centos1:5000/domain.crt

3. 修改hosts文件

[[email protected] ~]#  vi /etc/hosts

10.76.64.63 centos1

4. 修改docker代理服务器文件（如果原来没有设置可以跳过）

[[email protected] ~]# vi /etc/systemd/system/docker.service.d/http-proxy.conf      --------该文件配置见：https://www.cnblogs.com/onetwothree/p/9371752.html

[Service]
Environment="NO_PROXY=127.0.0.1,localhost,centos1,10.76.*.*"

5. 重启服务

[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl restart docker.service

6. 启动registry V2

[[email protected] ~]# docker run -d --rm -p 5000:5000 --name registry -v /root/centos1_certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key docker.io/registry:2

7. 测试push命令

[[email protected] ]#  docker tag hello-world centos1:5000/hello-world

[[email protected] ~]# docker push centos1:5000/hello-world
The push refers to repository [centos1:5000/hello-world]
ee83fc5847cb: Pushed
latest: digest: sha256:aca41a608e5eb015f1ec6755f490f3be26b48010b178e78c00eac21ffbe246f1 size: 524

通过浏览器调用

  到此为止可以通过主机名在本机访问registry了，如何在另外一台安装了docker环境的客户机访问registry呢？

8. 客户机10.76.64.82配置

直接访问：如下，报错是必然的

[[email protected] ~]# docker tag hello-world centos1:5000/hello-world:1.1
[[email protected] ~]# docker push centos1:5000/hello-world:1.1
The push refers to repository [centos1:5000/hello-world]
Get https://centos1:5000/v2/: Service Unavailable

解决步骤：

把centos1主机的domain.crt文件上传到客户机的centos1_certs目录，然后执行：

[[email protected] ~]# mkdir -p /etc/docker/certs.d/centos1:5000

[[email protected] ~]# cp centos1_certs/domain.crt /etc/docker/certs.d/centos1:5000/domain.crt

接下来执行上面的3、4、5步。

现在可以测试push命令了：

[[email protected] ~]# docker tag hello-world centos1:5000/helloworld
[[email protected] ~]# docker push centos1:5000/helloworld
The push refers to repository [centos1:5000/helloworld]
ee83fc5847cb: Mounted from hello-world
latest: digest: sha256:aca41a608e5eb015f1ec6755f490f3be26b48010b178e78c00eac21ffbe246f1 size: 524

 成功啦！

3.另外的方案：

对将要访问寄存服务器的所有Docker 守护进程加上-- insecure-registry ip或hostname:5000 参数，其中的地址和端口需要替换成你的服务器的信息，然后重新启动Docker 守护进程。

1. [[email protected] ~]#vi /etc/hosts

10.76.64.82 centosdocker

2. [[email protected] ~]# vi /lib/systemd/system/docker.service

....

OPTIONS=‘--selinux-enabled --insecure-registry centosdocker:5000‘      -----添加这一行
[Install]
WantedBy=multi-user.target

3. [[email protected] ~]# vi  /etc/docker/daemon.json

{"insecure-registries":["centosdocker:5000"] }

4. [[email protected] system]# systemctl daemon-reload
5. [[email protected] system]# systemctl restart docker.service
6. [[email protected] system]# docker run -d -p 5000:5000 registry:2

7. [[email protected] system]# docker tag hello-world centosdocker:5000/hello-world

8. [[email protected] system]# docker push centosdocker:5000/hello-world
The push refers to repository [centosdocker:5000/hello-world]
ee83fc5847cb: Pushed
latest: digest: sha256:aca41a608e5eb015f1ec6755f490f3be26b48010b178e78c00eac21ffbe246f1 size: 524

部署到客户机除了不需要[[email protected] system]# docker run -d -p 5000:5000 registry:2外，其他操作相同，有兴趣可以试一下，如果有代理的话，需要在docker的no_proxy配置项上添加上registry主机名，如：

[Service]
Environment="NO_PROXY=127.0.0.1,localhost,centos1,centosdocker,10.76.*.*"