一佳互联
虚拟化容器,大数据,DBA,中间件,监控。

Docker私有仓库registry(九)

11 11月
作者:admin|分类:容器虚拟化

1.docker私有仓库registry

###1.1.普通registry

所谓普通的registry就是不需要认证,直接就可以上传到仓库

1)安装registry镜像

[root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /data/myregistry:/var/lib/registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
cbdbe7a5bc2a: Already exists 
47112e65547d: Pull complete 
46bcb632e506: Pull complete 
c1cc712bcecd: Pull complete 
3db6272dcbfa: Pull complete 
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
4cdd4a5ec5f5177ae16b998beaed651d5fcfd9633f1d72725024c636fb75d948
[root@docker01 ~]# 

--restart=always	表示即使重启docker容器也会自动启动

2)上传一个镜像

  • 命令格式:

    • 上传镜像的命令格式:docker push 镜像名
    • 下载镜像的命令格式:docker pull 镜像名

  • 步骤:

    • 如果直接指定镜像名则会默认传到docker官方的镜像仓库中,不是人人都可以上传的,需要认证
    • 因此当需要指定上传的镜像仓库时,无法直接跟url路径只能给镜像打个标签,例如1.1.1.1:5000/images
    • 然后在使用docker push上传,由于默认是https,还需要再配置文件指定镜像仓库的地址

小扩展:不在配置文件中配置镜像仓库的地址,看下报错信息

1.先将一个镜像打个标签
docker tag zabbix/zabbix-web-nginx-mysql 192.168.81.210:5000/zabbix-web-nginx-mysql
[root@docker01 ~]# docker images
REPOSITORY                                   TAG                 IMAGE ID            CREATED             SIZE
192.168.81.210:5000/zabbix-web-nginx-mysql   latest              78ef5b16fae8        2 days ago          169MB

2.直接上传镜像
报错内容如下
[root@docker01 ~]# docker push  192.168.81.210:5000/zabbix-web-nginx-mysql
The push refers to repository [192.168.81.210:5000/zabbix-web-nginx-mysql]
Get https://192.168.81.210:5000/v2/: http: server gave HTTP response to HTTPS client

3.解决方法就是再配置文件中指定镜像仓库的地址添加为受信
一定要注意json文件中写多行配置用逗号分隔,只需做一次即可
[root@docker01 ~]# vim /etc/docker/daemon.json  
{
        "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
        "insecure-registries": ["192.168.81.210:5000"]
}

4.再次推送
[root@docker01 ~]# docker push  192.168.81.210:5000/zabbix-web-nginx-mysql
The push refers to repository [192.168.81.210:5000/zabbix-web-nginx-mysql]
c7d4c4c251eb: Pushed 
110573809d6b: Pushed 
aade1782ce2c: Pushed 
f00e9515db6e: Pushed 
3e207b409db3: Pushed 
latest: digest: sha256:9c88d10ec90159fe60352aa5a70ec02360d2a68b1c589b98fd2b7d06134a82d8 size: 1367

3)完整过程

就是打标签加推送即可

[root@docker01 ~]# docker tag zabbix/zabbix-java-gateway:latest  192.168.81.210:5000/zabbix-java-gateway
[root@docker01 ~]# docker push 192.168.81.210:5000/zabbix-java-gateway
The push refers to repository [192.168.81.210:5000/zabbix-java-gateway]
03ea0be04121: Pushed 
ff6241fd382e: Pushed 
d27aea6a2d4e: Pushed 
96e014442158: Pushed 
7505c2a793ad: Pushed 
3e207b409db3: Mounted from zabbix-web-nginx-mysql 
latest: digest: sha256:cd437020aa5461e5177b9fe99c84b59aa455ffefff3e9fbd1ec81de6d0d31f76 size: 1571


由于刚刚做了数据卷,因此可以在/data/myregistry目录看到上传的镜像
[root@docker01 ~]# ls /data/myregistry/docker/registry/v2/repositories/
zabbix-java-gateway  zabbix-web-nginx-mysql

1.2.带basic认证的registry

1)创建认证用户和认证文件

[root@docker01 ~]# yum -y install httpd-tools
[root@docker01 ~]# mkdir /data/myregistry_auth
[root@docker01 ~]# cd /data/myregistry_auth
[root@docker01 myregistry_auth]# htpasswd -Bbn admin admin >> registry_htpasswd 
[root@docker01 myregistry_auth]# cat registry_htpasswd 
admin:$2y$05$VI3tsyFXIsB12nC5G.ANdexGMr3p2U4IY1FewUOMo5A1PievsFu3m

htpasswd参数
-B 强制对密码进行bcrypt加密(非常安全)。
-n 不更新文件;在标准输出上显示结果。
-b 从命令行使用密码,而不是提示输入密码。

2)运行registry容器

[root@docker01 ~]# docker run -itd -p 7000:5000 -v /data/myregistry:/var/lib/registry -v /data/myregistry_auth/:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry_htpasswd" registry
6cc059b68aeecdc410c8be3e06c0398d26158a0dd59b6a6d131efcc1686a0e1c

3)登录容器

因为是认证的所有需要登录一下,只登录一次就可以,会把认证写到/root/.docker/config.json

在这里插入图片描述

1.首先在配置文件增加镜像仓库的地址
[root@docker01 ~]# vim /etc/docker/daemon.json 
{
	"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
	"insecure-registries": ["192.168.81.210:5000"],
	"insecure-registries": ["192.168.81.210:7000"]
}

2.重启docker
[root@docker01 ~]# systemctl restart docker

3.登录registry认证
[root@docker01 ~]# docker login 192.168.81.210:7000
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

4.推送镜像
[root@docker01 ~]# docker push 192.168.81.210:7000/mysql
The push refers to repository [192.168.81.210:7000/mysql]
c90a34afcab0: Pushed 
ac7657905788: Pushed 
8f0182ef7c8c: Pushed 
91ae264962fb: Pushed 
3a2464d8e0c0: Pushed 
44853bb67274: Pushed 
61cbb8ea6481: Pushed 
66c45123fd43: Pushed 
c3f46b20a0d3: Pushed 
365386a39e0e: Pushed 
13cb14c2acd3: Pushed 
latest: digest: sha256:0563b36ec2d1a262f79e1d8562e61f642a0f64f93306d8a709047cdea0444d0a size: 2621

5.查看数据卷上的镜像
[root@docker01 ~]# ls /data/myregistry/docker/registry/v2/repositories/
mysql  zabbix-java-gateway  zabbix-server-mysql  zabbix-web-nginx-mysql

更多文章推荐

历史上的今天
11月
11
浏览434 评论0
返回
目录 返回
首页
Docker的四种网络模型(十) Dockerfile构建kodexporer(七)