(五)Docker Private Registry
阿新 • • 發佈:2018-12-10
docker-distribution
- Registry用於儲存docker映象,包括映象的層次結構和元資料
- 使用者可自建Registry,也可使用官方的Docker Hub
分類:
- Sponsor Registry: 第三方的registry,供客戶和Docker社群使用
- Mirror Registry: 第三方的registry,只讓客戶使用
- Vendor Registry: 由釋出Docker映象的供應商提供registry
- Private Registry: 通過設有防火牆和額外的安全層的私有實體提供的registry
本地部署私有registry,yum安裝docker-registry,會安裝docker-distribution包
[[email protected] ~]# yum install docker-registry -y
[[email protected] ~]# rpm -qa docker-distribution
docker-distribution-2.6.2-2.git48294d9.el7.x86_64
[[email protected] ~]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service # 服務指令碼
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry # 映象存放位置
[ [email protected] ~]# cd /etc/docker-distribution/registry/
[[email protected] registry]# ls
config.yml
[[email protected] registry]# cat config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory # 快取在記憶體
filesystem:
rootdirectory: /var/lib/registry # 映象倉庫本地位置
http:
addr: :5000 # 預設埠
# 啟動服務
[ [email protected] ~]# systemctl start docker-distribution
[[email protected] ~]# ss -tnl | grep 5000
LISTEN 0 128 :::5000 :::*
# 把docker-node1中做的映象PUSH到docker-node2倉庫中,先把映象打標籤
[[email protected] ~]# docker tag rsqhttpd:v0.3-6 node2.docker.com:5000/rsqhttpd:v0.3-6
[[email protected] ~]# docker images
# 此時如果直接PUSH到本地倉庫會報錯
# 因為預設本地倉庫支援的是http,而客戶端支援的是https,所以要把本地安全保護給修改下
[[email protected] ~]# docker push node2.docker.com:5000/rsqhttpd:v0.3-6
The push refers to repository [node2.docker.com:5000/rsqhttpd]
Get https://node2.docker.com:5000/v2/: http: server gave HTTP response to HTTPS client
[[email protected] ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://3po4uu60.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["node2.docker.com:5000"] # 內網要做hosts解析
}
[[email protected] ~]# vim /etc/hosts
10.0.0.102 node2.docker.com
[[email protected] ~]# systemctl restart docker # 重啟docker
# 再次PUSH
[[email protected] ~]# docker push node2.docker.com:5000/rsqhttpd
The push refers to repository [node2.docker.com:5000/rsqhttpd]
e0e59e63950f: Pushed
799a06476d07: Pushed
9a07ffbe3d7d: Pushed
955e7d7f7300: Pushed
95bb4e754f2d: Pushed
ebf12965380b: Pushed
v0.3-6: digest: sha256:01d88616d5417b2a791fd91630e1d69f6abdb7ae2fbf5f53f42e658a574421e5 size: 1568
# 去node2檢視
[[email protected] ~]# cd /var/lib/registry/docker/registry/v2/repositories/
[[email protected] repositories]# ll
total 0
drwxr-xr-x. 5 root root 55 Nov 26 10:31 rsqhttpd
# 若有docker想push或者pull映象,則都需要修改/etc/docker/daemon.json檔案,把registry標記為非安全的registry
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://3po4uu60.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["node2.docker.com:5000"] # 內網要做hosts解析
}
END!