部署docker-registry私有仓库

Posted fatt

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了部署docker-registry私有仓库相关的知识,希望对你有一定的参考价值。

部署docker-registry私有仓库

创建文件夹

  sudo mkdir -p /var/docker-data/{registry,certs,auth}
?
sudo openssl req -subj ‘/C=CN/ST=GD/L=GZ/CN=192.192.49.87‘
 -newkey rsa:4096 -nodes -sha256 -keyout /var/docker-data/certs/domain.key
 -x509 -days 365 -out /var/docker-data/certs/domain.crt
 
sudo mkdir -p /etc/docker/certs.d/192.192.49.87
sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
?
#可能需要OS级信任
sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
sudo update-ca-trust
?
docker container stop registry && docker container rm -v registry

启动

  docker run -d 
 --restart=always
 --name registry
 -v /var/docker-data/certs:/certs
 -v /var/docker-data/auth:/auth
 -e REGISTRY_HTTP_ADDR=0.0.0.0:443
 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
 -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
 -e REGISTRY_STORAGE_DELETE_ENABLED="true"
 -p 443:443
registry:2

查看镜像

  curl -X GET --insecure  https://192.192.49.87/v2/_catalog

客户端配置

  sudo mkdir -p /etc/docker/certs.d/192.192.49.87
sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
?
#可能需要OS级信任
sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
sudo update-ca-trust
?
#测试
sudo docker pull busybox
sudo docker tag busybox 192.192.49.87/busybox
sudo docker push 192.192.49.87/busybox
?

删除仓库镜像

  #先查找镜像的Docker-Content-Digest
curl -v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json"
-X GET https://192.192.49.87/v2/busybox/manifests/latest 2>&1 |
grep ‘Docker-Content-Digest‘| awk ‘{print ($3)}‘
?
#再删除元数据
#允许删除 -e REGISTRY_STORAGE_DELETE_ENABLED="true"
curl-v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE https://192.192.49.87/v2/busybox/manifests/<Docker-Content-Digest的值>
?
#容器内执行garbage-collect垃圾回收,清磁盘
docker exec -it registry /bin/registry
garbage-collect /etc/docker/registry/config.yml

接入认证

  #用户admin,密码niot1234
docker run --entrypoint htpasswd registry:2 -Bbn admin niot1234 > /var/docker-data/auth/htpasswd
?
docker container stop registry
docker rm registry
?
#重启容器
docker run -d
 --restart=always
 --name registry
 -v /var/docker-data/certs:/certs
 -v /var/docker-data/auth:/auth
 -e REGISTRY_HTTP_ADDR=0.0.0.0:443
 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
 -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
 -e REGISTRY_STORAGE_DELETE_ENABLED="true"
 -e "REGISTRY_AUTH=htpasswd"
 -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
 -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
 -p 443:443
registry:2

docker-compose 配置

安装

  sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
?
sudo chmod +x /usr/local/bin/docker-compose
?
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version

创建docker-registry-compose.yml

  registry:
restart: always
image: registry:2
ports:
  - 443:443
environment:
  REGISTRY_HTTP_ADDR: 0.0.0.0:443
  REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
  REGISTRY_HTTP_TLS_KEY: /certs/domain.key
#   REGISTRY_AUTH: htpasswd
#   REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
#   REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
  - /var/docker-data/registry:/var/lib/registry
  - /var/docker-data/certs:/certs
  - /var/docker-data/auth:/auth

启动

  sudo docker-compose -f docker-registry-compose.yml up -d

END






















































































以上是关于部署docker-registry私有仓库的主要内容,如果未能解决你的问题,请参考以下文章

docker仓库使用+harbor私有仓库部署

7.docker-registry私有仓库

docker私有仓库yum安装 docker-registry

Centos版的安装docker-registry私有仓库

Docker 私有仓库

Docker的私有仓库