Docker私有仓库Registry

释放双眼,带上耳机,听听看~!

Docker Registry分类

1. Sponsor Registry:第三方的registry,供客户和docker社区使用
2. Mirror Registry:第三方的registry,只让客户使用。他们通常是由Docker Hub第三方提供
3. Vendor Registry:由发布Docker镜像的供应商提供的registry;比如某家公司所提供Registry,但并不开放给所有人使用,只开放给他们的客户使用,例如花钱买了他们的产品、服务等的客户使用。
4. Private Registry:通过设有防火墙和额外的安全层的私有实体提供的Registry,就是我们自己搭建的私有Registry

注意:我们使用的Docker registry都是走的https协议,而我们在内部局域网自建的Registry是为http的,但docker是拒绝使用http协议的,除非你明确告诉它为http明文传输协议
Docker为了我们能够快速创建私有Registry,专门提供了一个程序包 docker-distribution,并且Docker官方也已经把registry构建成了镜像

安装docker-registry

先来到Docker Hub来查看registry的镜像的版本

安装docker-registry

yum install docker-registry

docker-registry文件介绍

[root@Docker-node1 /]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml                #主配置文件
/usr/bin/registry                                           #主程序目录
/usr/lib/systemd/system/docker-distribution.service         #启动服务目录
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry                                           #数据存放目录,意为镜像存储目录,我们以后会放很多镜像,建议修改为挂载存储服务器上

主配置文件介绍

[root@Docker-node1 /]# cat /etc/docker-distribution/registry/config.yml 
version: 0.1
log:
  fields:                                       #启动服务为registry
    service: registry
storage:
    cache:                                      #数据缓存到内存
        layerinfo: inmemory
    filesystem:                                 #镜像存储位置
        rootdirectory: /var/lib/registry    
http:                                           #监听IP地址及端口
    addr: :5000

启动docker-registry

[root@Docker-node1 /]# systemctl start docker-distribution
[root@Docker-node1 /]# ss -anplt |grep 5000
LISTEN     0      128         :::5000                    :::*                   users:(("registry",pid=5673,fd=3))
[root@Docker-node1 /]# ps -ef|grep docker-distribution
root       5673      1  0 18:40 ?        00:00:00 /usr/bin/registry serve /etc/docker-distribution/registry/config.yml
root       5692   1447  0 18:40 pts/0    00:00:00 grep --color=auto docker-distribution

上传镜像

注意:以下使用的是docker客户端,客户端不需要安装docker-registry
1.docker host到docker registry默认使用的是https协议,由于是在局域网内部,所以在此修改为http

官方给出在/etc/docker/daemon.json,添加 “insecure-registryies”: []  来标记为使用http不加密协议
实例:“insecure-registries”: [“192.168.56.5:5000”]
192.168.56.5为我们registry仓库的主机地址
5000为监听端口
[root@docker-node2 ~]# cat /etc/docker/daemon.json 
{
 "registry-mirrors": ["http://hub-mirror.c.163.com"],
 "insecure-registries": ["192.168.56.5:5000"]
}

2.修改镜像标签
镜像上传到镜像仓库修改为指定格式的标签

[root@docker-node2 ~]# docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
redis               latest              1babb1dde7e1        5 weeks ago         94.9MB
tomcat              latest              05af71dd9251        5 weeks ago         463MB
nginx               latest              dbfc48660aeb        5 weeks ago         109MB
busybox             latest              59788edf1f3e        7 weeks ago         1.15MB

#192.168.56.5为registry的IP地址,如果可以IP地址可以换为主机名,5000为监听端口
[root@docker-node2 ~]# docker tag busybox:latest 192.168.56.5:5000/busybox:V1
[root@docker-node2 ~]# docker tag nginx:latest 192.168.56.5:5000/nginx:V1

3.上传镜像

[root@docker-node2 ~]# docker push 192.168.56.5:5000/busybox:V1
The push refers to repository [192.168.56.5:5000/busybox]
8a788232037e: Pushed 
V1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527

[root@docker-node2 ~]# docker push 192.168.56.5:5000/nginx:V1
The push refers to repository [192.168.56.5:5000/nginx]
86df2a1b653b: Pushed 
bc5b41ec0cfa: Pushed 
237472299760: Pushed 
V1: digest: sha256:d98b66402922eccdbee49ef093edb2d2c5001637bd291ae0a8cd21bb4c36bebe size: 948

查看仓库镜像

1.在客户端上可以使用curl命令查看

[root@docker-node2 ~]# curl -XGET http://192.168.56.5:5000/v2/busybox/tags/list
{"name":"busybox","tags":["V1"]}
[root@docker-node2 ~]# curl -XGET http://192.168.56.5:5000/v2/nginx/tags/list
{"name":"nginx","tags":["V1"]}

2.在registry主机上查看

[root@Docker-node1 /]# ls /var/lib/registry/docker/registry/v2/repositories/
busybox  nginx

下载镜像

[root@docker-node2 ~]# docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
redis               latest              1babb1dde7e1        5 weeks ago         94.9MB
tomcat              latest              05af71dd9251        5 weeks ago         463MB
nginx               latest              dbfc48660aeb        5 weeks ago         109MB
busybox             latest              59788edf1f3e        7 weeks ago         1.15MB
[root@docker-node2 ~]# docker pull 192.168.56.5:5000/busybox:V1
V1: Pulling from busybox
Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5
Status: Downloaded newer image for 192.168.56.5:5000/busybox:V1
[root@docker-node2 ~]# docker pull 192.168.56.5:5000/nginx:V1
V1: Pulling from nginx
Digest: sha256:d98b66402922eccdbee49ef093edb2d2c5001637bd291ae0a8cd21bb4c36bebe
Status: Downloaded newer image for 192.168.56.5:5000/nginx:V1
[root@docker-node2 ~]# docker image ls
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
redis                       latest              1babb1dde7e1        5 weeks ago         94.9MB
tomcat                      latest              05af71dd9251        5 weeks ago         463MB
192.168.56.5:5000/nginx     V1                  dbfc48660aeb        5 weeks ago         109MB
nginx                       latest              dbfc48660aeb        5 weeks ago         109MB
192.168.56.5:5000/busybox   V1                  59788edf1f3e        7 weeks ago         1.15MB
busybox                     latest              59788edf1f3e        7 weeks ago         1.15MB

Docker官方给提供的私有registry就是如此之简陋,下章讲解Vmware公司在docker官方提供的私有registry之上开发的harbor产品

人已赞赏
0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
有新消息 消息中心
搜索