十一、docker倉庫
阿新 • • 發佈:2020-12-24
一、docker倉庫的簡介
使用官方倉庫的話:
1、網路慢,伺服器在國外
2、不安全,公共倉庫
3、企業內部使用
因此我們需要搭建自己企業的私有倉庫
二、私有倉庫registry的搭建
Docker 官方提供了一個搭建私有倉庫的映象 registry ,只需把映象下載下來,執行容器並暴露5000埠,就可以使用了。
實驗環境:
inode2: 192.168.32.102 registry倉庫 indoe3: 192.168.32.103 docker 伺服器
為了管理倉庫映象的方便, 把宿主機的/docker/registry目錄掛載到容器中的/var/lib/registry [root@inode2 ~]# mkdir -p /docker/registry [root@inode2 ~]# docker run -d -p 5000:5000 --restart=always -v /docker/registry:/var/lib/registry registry [root@inode2 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 93c188474fd6 registry"/entrypoint.sh /etc…" 11 seconds ago Up 9 seconds 0.0.0.0:5000->5000/tcp fervent_wescoff registry倉庫部署完成
上傳映象的格式為 倉庫ip:5000/映象名稱:版本號 上傳到私有倉庫的步驟: a:給要上傳的映象打tag 10.0.0.12:5000/httpd:latest (手動給它打tag) b:上傳 docker push 10.0.0.12:5000/httpd:latest
案例:
使用inode3來上傳一個nginx的映象
[root@inode3 ~]# docker tag nginx:latest 192.168.32.102:5000/nginx:latest [root@inode3 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.32.102:5000/nginx latest a1523e859360 10 days ago 127MB nginx latest a1523e859360 10 days ago 127MB 發現2個映象nginx:latest和192.168.32.102:5000/nginx除了名字外,其它的完全一樣
第二步:上傳映象到倉庫
[root@inode3 ~]# docker push 192.168.32.102:5000/nginx:latest The push refers to repository [192.168.32.102:5000/nginx] Get https://192.168.32.102:5000/v2/: http: server gave HTTP response to HTTPS client 上傳映象失敗;原因:docker 上傳下載預設只支援https協議,搭建的私有倉庫是http協議。 修改inode3上的/etc/docker/daemon.json,在最後一行新增如下引數 "insecure-registries": ["192.168.32.102:5000"],信任該倉庫 vim /etc/docker/daemon.json { "registry-mirrors": ["https://gah3bzo6.mirror.aliyuncs.com"], "insecure-registries": ["192.168.32.102:5000"] } [root@inode3 ~]# systemctl daemon-reload [root@inode3 ~]# systemctl restart docker 再重新上傳映象 [root@inode3 ~]# docker push 192.168.32.102:5000/nginx:latest The push refers to repository [192.168.32.102:5000/nginx] 318be7aea8fc: Pushed fe08d5d042ab: Pushed f2cb0ecef392: Pushed latest: digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de size: 948
[root@inode2 ~]# tree /docker/registry /docker/registry └── docker └── registry └── v2 ├── blobs │ └── sha256 │ ├── 4a │ │ └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de │ │ └── data │ ├── 68 │ │ └── 68ced04f60ab5c7a5f1d0b0b4e7572c5a4c8cce44866513d30d9df1a15277d6b │ │ └── data │ ├── a1 │ │ └── a1523e859360df9ffe2b31a8270f5e16422609fe138c1636383efdc34b9ea2d6 │ │ └── data │ ├── c1 │ │ └── c16ce02d3d6132f7059bf7e9ff6205cbf43e86c538ef981c37598afd27d01efa │ │ └── data │ └── c4 │ └── c4039fd85dccc8e267c98447f8f1b27a402dbb4259d86586f4097acb5e6634af │ └── data └── repositories └── nginx ├── _layers │ └── sha256 │ ├── 68ced04f60ab5c7a5f1d0b0b4e7572c5a4c8cce44866513d30d9df1a15277d6b │ │ └── link │ ├── a1523e859360df9ffe2b31a8270f5e16422609fe138c1636383efdc34b9ea2d6 │ │ └── link │ ├── c16ce02d3d6132f7059bf7e9ff6205cbf43e86c538ef981c37598afd27d01efa │ │ └── link │ └── c4039fd85dccc8e267c98447f8f1b27a402dbb4259d86586f4097acb5e6634af │ └── link ├── _manifests │ ├── revisions │ │ └── sha256 │ │ └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de │ │ └── link │ └── tags │ └── latest │ ├── current │ │ └── link │ └── index │ └── sha256 │ └── 4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de │ └── link └── _uploads 34 directories, 12 files
上面顯示的為我們剛才上傳的映象資訊
列出倉庫中的所有映象
[root@inode3 ~]# curl -X GET http://192.168.32.102:5000/v2/_catalog -k {"repositories":["nginx"]}
下載倉庫映象
先刪除原來的192.168.32.102:5000/nginx:latest的映象 [root@inode3 ~]# docker image rm 192.168.32.102:5000/nginx:latest Untagged: 192.168.32.102:5000/nginx:latest Untagged: 192.168.32.102:5000/nginx@sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de 在從私有倉庫中下載 [root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest latest: Pulling from nginx Digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de Status: Downloaded newer image for 192.168.32.102:5000/nginx:latest 192.168.32.102:5000/nginx:latest [root@inode3 ~]# docker images REPOSITORY TAG IMAGE IDCREATED SIZE 192.168.32.102:5000/nginx latest a1523e85936010 days ago 127MB
四、搭建認證倉庫
1.建立使用者密碼檔案,testuser,testpassword
yum install httpd-tools -y mkdir /opt/registry-var/auth/ -p htpasswd -Bbn ywx 123456 >> /opt/registry-var/auth/htpasswd
docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /docker/registry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
3.現在嘗試拉取映象
[root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest Error response from daemon: Get http://192.168.32.102:5000/v2/nginx/manifests/latest: no basic auth credentials 需要認證
4.登入registry,push映象
[root@inode3 ~]# docker login 192.168.32.102:5000 Username: ywx Password: (輸入的密碼是看不到的) WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@inode3 ~]# docker pull 192.168.32.102:5000/nginx:latest latest: Pulling from nginx Digest: sha256:4a50ed86d8c86e35f530d4a168173677a192177eed14146fbb5728b1b3a2d4de Status: Downloaded newer image for 192.168.32.102:5000/nginx:latest 192.168.32.102:5000/nginx:latest 映象拉取成功 同理上傳映象,也需要先登陸docker login 192.168.32.102:5000d