部署docker-registry私有仓库
Posted fatt
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了部署docker-registry私有仓库相关的知识,希望对你有一定的参考价值。
部署docker-registry私有仓库
创建文件夹
sudo mkdir -p /var/docker-data/{registry,certs,auth}
?
sudo openssl req -subj ‘/C=CN/ST=GD/L=GZ/CN=192.192.49.87‘
-newkey rsa:4096 -nodes -sha256 -keyout /var/docker-data/certs/domain.key
-x509 -days 365 -out /var/docker-data/certs/domain.crt
sudo mkdir -p /etc/docker/certs.d/192.192.49.87
sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
?
#可能需要OS级信任
sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
sudo update-ca-trust
?
docker container stop registry && docker container rm -v registry
启动
docker run -d
--restart=always
--name registry
-v /var/docker-data/certs:/certs
-v /var/docker-data/auth:/auth
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-e REGISTRY_STORAGE_DELETE_ENABLED="true"
-p 443:443
registry:2
查看镜像
curl -X GET --insecure https://192.192.49.87/v2/_catalog
客户端配置
sudo mkdir -p /etc/docker/certs.d/192.192.49.87
sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
?
#可能需要OS级信任
sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
sudo update-ca-trust
?
#测试
sudo docker pull busybox
sudo docker tag busybox 192.192.49.87/busybox
sudo docker push 192.192.49.87/busybox
?
删除仓库镜像
#先查找镜像的Docker-Content-Digest
curl -v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json"
-X GET https://192.192.49.87/v2/busybox/manifests/latest 2>&1 |
grep ‘Docker-Content-Digest‘| awk ‘{print ($3)}‘
?
#再删除元数据
#允许删除 -e REGISTRY_STORAGE_DELETE_ENABLED="true"
curl-v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE https://192.192.49.87/v2/busybox/manifests/<Docker-Content-Digest的值>
?
#容器内执行garbage-collect垃圾回收,清磁盘
docker exec -it registry /bin/registry
garbage-collect /etc/docker/registry/config.yml
接入认证
#用户admin,密码niot1234
docker run --entrypoint htpasswd registry:2 -Bbn admin niot1234 > /var/docker-data/auth/htpasswd
?
docker container stop registry
docker rm registry
?
#重启容器
docker run -d
--restart=always
--name registry
-v /var/docker-data/certs:/certs
-v /var/docker-data/auth:/auth
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-e REGISTRY_STORAGE_DELETE_ENABLED="true"
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
-p 443:443
registry:2
docker-compose 配置
安装
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
?
sudo chmod +x /usr/local/bin/docker-compose
?
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
创建docker-registry-compose.yml
registry
启动
sudo docker-compose -f docker-registry-compose.yml up -d
以上是关于部署docker-registry私有仓库的主要内容,如果未能解决你的问题,请参考以下文章