2. 科技
  3. Docker 私有仓库 --docker-registry

Docker 私有仓库 --docker-registry

it2022-05-05  56

文章目录

Docker 私有仓库 --docker-registry一、私有仓库 --docker-registry 介绍1.1 docker-registry 安装方式 二、yum 安装docker-registry2.1 rpm 包概要2.2 docker-registry 安装2.3 查看安装内容2.4 配置文件2.5 服务启动2.5.1 启动服务 systemctl start docker-distribution.service2.5.2 设置开机自启2.5.3 查看启动端口 三、docker 运行 docker-registry3.1 获取镜像 [官方镜像]3.2 运行镜像 四、docker私有仓库 docker-registry 的使用4.1 准备一个镜像或容器4.2 配置镜像tag标签4.3 将镜像推送到私有仓库4.3.1 修改docker配置文件,忽略私有镜像证书较验4.3.2 push 镜像 4.4 私有仓库中查询镜像4.5 获取镜像4.6运行镜像 五、总结六、附: 镜像 --- 仓库相关命令PS:

Docker 私有仓库 --docker-registry

一、私有仓库 --docker-registry 介绍

有时候使用 Docker Hub 这样的公共仓库可能不方便,用户可以创建一个本地仓库供私人使用。

本节介绍如何使用本地仓库。

docker-registry是官方提供的工具,可以用于构建私有的镜像仓库。docker-registry 目前有两个版本 v1.x 和 v2.x,其中v1.x 在功能上面存在缺陷。本文内容基于 docker-registry v2.x版本。

1.1 docker-registry 安装方式

yum等包管理器 安装docker 容器化安装二进制安装

二、yum 安装docker-registry

2.1 rpm 包概要

[root@hw-tester-11-90 ~]# yum search docker ....... docker-distribution.x86_64 : Docker toolset to pack, ship, store, and deliver content docker-registry.x86_64 : Registry server for Docker ....... [root@hw-tester-11-90 ~]# yum info docker-distribution 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: ftp.sjtu.edu.cn 可安装的软件包 名称 :docker-distribution 架构 :x86_64 版本 :2.6.2 发布 :2.git48294d9.el7 大小 :3.5 M 源 :extras/7/x86_64 简介 : Docker toolset to pack, ship, store, and deliver content 网址 :https://github.com/docker/distribution 协议 : ASL 2.0 描述 : Docker toolset to pack, ship, store, and deliver content [root@hw-tester-11-90 ~]# yum info docker-registry 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: ftp.sjtu.edu.cn ^H可安装的软件包 名称 :docker-registry 架构 :x86_64 版本 :0.9.1 发布 :7.el7 大小 :123 k 源 :extras/7/x86_64 简介 : Registry server for Docker 网址 :https://github.com/docker/docker-registry 协议 : ASL 2.0 描述 : Registry server for Docker (hosting/delivering of repositories and images).

2.2 docker-registry 安装

[root@hw-tester-11-90 ~]# yum install docker-distribution -y

2.3 查看安装内容

[root@hw-tester-11-90 ~]# rpm -ql docker-distribution /etc/docker-distribution/registry/config.yml /usr/bin/registry /usr/lib/systemd/system/docker-distribution.service /usr/share/doc/docker-distribution-2.6.2 /usr/share/doc/docker-distribution-2.6.2/AUTHORS /usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md /usr/share/doc/docker-distribution-2.6.2/LICENSE /usr/share/doc/docker-distribution-2.6.2/MAINTAINERS /usr/share/doc/docker-distribution-2.6.2/README.md /var/lib/registry

2.4 配置文件

[root@hw-tester-11-90 ~]# cat /etc/docker-distribution/registry/config.yml version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000

仓库的端口默认为: 5000 docker镜像的存储位置:/var/lib/registry

2.5 服务启动

2.5.1 启动服务 systemctl start docker-distribution.service

[root@hw-tester-11-90 ~]# systemctl start docker-distribution.service [root@hw-tester-11-90 ~]# systemctl status docker-distribution.service ● docker-distribution.service - v2 Registry server for Docker Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; disabled; vendor preset: disabled) Active: active (running) since 四 2019-04-11 11:10:22 CST; 4s ago Main PID: 39084 (registry) CGroup: /system.slice/docker-distribution.service └─39084 /usr/bin/registry serve /etc/docker-distribution/registry/config.yml 4月 11 11:10:22 hw-tester-11-90.7dtest.cn systemd[1]: Started v2 Registry server for Docker. 4月 11 11:10:22 hw-tester-11-90.7dtest.cn systemd[1]: Starting v2 Registry server for Docker... 4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a sha... 4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="redis not configured" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown" 4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="Starting upload purge in 6m0s" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown" 4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="using inmemory blob descriptor cache" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown" 4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="listening on [::]:5000" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown" Hint: Some lines were ellipsized, use -l to show in full.

2.5.2 设置开机自启

[root@hw-tester-11-90 ~]# systemctl enable docker-distribution.service Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.

2.5.3 查看启动端口

[root@hw-tester-11-90 ~]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:40180 0.0.0.0:* LISTEN 33873/java tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 979/sshd tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 1000/zabbix_agentd tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1305/mysqld tcp6 0 0 :::22 :::* LISTEN 979/sshd tcp6 0 0 :::10050 :::* LISTEN 1000/zabbix_agentd tcp6 0 0 :::5000 :::* LISTEN 39084/registry

三、docker 运行 docker-registry

你可以通过获取官方 registry 镜像来运行。

[root@k8s-node01-11-168 ~]# docker search registry NAME DESCRIPTION STARS OFFICIAL AUTOMATED registry The Docker Registry 2.0 implementation for s… 2509 [OK] konradkleine/docker-registry-frontend Browse and modify your Docker registry in a … 221 [OK] hyper/docker-registry-web Web UI, authentication service and event rec… 164 [OK] atcol/docker-registry-ui A web UI for easy private/local Docker Regis… 114 [OK] distribution/registry WARNING: NOT the registry official image!!! … 57 [OK] marvambass/nginx-registry-proxy Docker Registry Reverse Proxy with Basic Aut… 44 [OK] jhipster/jhipster-registry JHipster Registry, based on Netflix Eureka a… 43 [OK] google/docker-registry Docker Registry w/ Google Cloud Storage driv… 38 confluentinc/cp-schema-registry Official Confluent Docker Images for Schema … 33 joxit/docker-registry-ui Docker registry v2 web User Interface 24 [OK] klausmeyer/docker-registry-browser Web Interface for the Docker Registry HTTP A… 18 [OK] openshift/origin-docker-registry The integrated OpenShift V3 registry 13 deis/registry Docker image registry for the Deis open sour… 12 landoop/schema-registry-ui UI for Confluent's Schema Registry 7 [OK] parabuzzle/docker-registry-ui Docker registry frontend for registry v2 6 quiq/docker-registry-ui Docker Registry UI 6 anoxis/registry-cli You can list and delete tags from your priva… 6 [OK] elasticio/docker-registry-ecs Docker image to run Docker private registry … 4 [OK] allingeek/registry A specialization of registry:2 configured fo… 4 [OK] yammer/docker-registry-cache Simple docker registry cache using squid-pro… 1 [OK] webhippie/registry Docker images for Docker Registry 1 [OK] aibaars/docker-registry2-gcs Docker Registry2 w/ Google Cloud Storage dri… 1 metadata/registry Metadata Registry is a tool which helps you … 1 [OK] convox/registry 0 lorieri/registry-ceph Ceph Rados Gateway (and any other S3 compati… 0

3.1 获取镜像 [官方镜像]

[root@k8s-node01-11-168 ~]# docker pull registry Using default tag: latest latest: Pulling from library/registry c87736221ed0: Pull complete 1cc8e0bb44df: Pull complete 54d33bcb37f5: Pull complete e8afc091c171: Pull complete b4541f6d3db6: Pull complete Digest: sha256:3b00e5438ebd8835bcfa7bf5246445a6b57b9a50473e89c02ecc8e575be3ebb5 Status: Downloaded newer image for registry:latest [root@k8s-node01-11-168 ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE registry latest f32a97de94e1 4 weeks ago 25.8MB

3.2 运行镜像

docker run -d -p 5000:5000 --restart=always --name registry registry

registry 仓库将镜像保存在/var/lib/registry中,为了保证镜像数据的安全性,我们使用数据卷的方式持久保存。

docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry

[root@k8s-node01-11-168 ~]# docker run -d \ > -p 5000:5000 \ > -v /opt/data/registry:/var/lib/registry \ > registry bab6d21e0722ed6253edf7c8c751b5dcfc6e23d1f6b9bcb5b331af49b0b4f853 [root@k8s-node01-11-168 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES bab6d21e0722 registry "/entrypoint.sh /etc…" 12 seconds ago Up 11 seconds 0.0.0.0:5000->5000/tcp eloquent_raman [root@k8s-node01-11-168 ~]# netstat -tanlp |grep 5000 tcp6 0 0 :::5000 :::* LISTEN 74265/docker-proxy

四、docker私有仓库 docker-registry 的使用

docker 私有仓库和gitlab 一样是一个私有的仓库由于存储docker的image进行使用的。和数据库一样,对于仓库来讲我们操作的方式一般为:增删改查,已经是推送新增镜像,删除镜像,修改镜像(版本),查询镜像。下面我们将我们本地的一个image镜像推送到私有仓库

4.1 准备一个镜像或容器

[root@hw-apptest01-11-172 ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB 。。。。。。

4.2 配置镜像tag标签

docker tag 本地镜像仓库:本地镜像标签 远程仓库名:远程镜像标签

[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4 The push refers to repository [10.40.11.90:5000/jdk1.8testbug4] An image does not exist locally with the tag: 10.40.11.90:5000/jdk1.8testbug4 [root@hw-apptest01-11-172 ~]# docker tag jdk1.8testbug4 10.40.11.90:5000/jdk1.8testbug4 [root@hw-apptest01-11-172 ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE 10.40.11.90:5000/jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB

4.3 将镜像推送到私有仓库

[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4 The push refers to repository [10.40.11.90:5000/jdk1.8testbug4] Get https://10.40.11.90:5000/v2/: http: server gave HTTP response to HTTPS client

push 报错,原来docker 从docker 仓库中推送或获取镜像都是默认走https协议的。解决方案:

方案一: ssl证书 可以用nginx反向代理过去,或使用私有仓库的高级用法 方案二: 修改docker配置文件,关闭证书 “insecure-registries”: [“10.40.11.90:5000”]

4.3.1 修改docker配置文件,忽略私有镜像证书较验

[root@hw-apptest01-11-172 ~]# vim /etc/docker/daemon.json [root@hw-apptest01-11-172 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"], "insecure-registries": ["10.40.11.90:5000"] } [root@hw-apptest01-11-172 ~]# systemctl reload docker

注意,修改完docker配置后需要reload,一定要注意 restart会导致所有正在运行的容器关闭。

4.3.2 push 镜像

[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4 The push refers to repository [10.40.11.90:5000/jdk1.8testbug4] 028f3402bc33: Pushed 29efa81e94c5: Pushed 0efdc57e9299: Pushed f20d820fa2b7: Pushed bb0bedfed055: Pushed 071d8bd76517: Pushed latest: digest: sha256:c2ffafa1cbc86f614d0055b5d8fb0511d01a9c48d6520e1a6cfd56bcb25cfbd8 size: 1587

4.4 私有仓库中查询镜像

刚刚我们上传了一个镜像,下面我们查看下进行。docker-registry v2.x 开始提供了api接口可以进行镜像的查询操作。

[root@k8s-node01-11-168 ~]# curl http://10.40.11.90:5000/v2/_catalog {"repositories":["jdk1.8testbug4"]}

4.5 获取镜像

docker pull 镜像地址/镜像名称/版本

[root@k8s-node01-11-168 ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE [root@k8s-node01-11-168 ~]# docker pull 10.40.11.90:5000/jdk1.8testbug4 Using default tag: latest Error response from daemon: Get https://10.40.11.90:5000/v2/: http: server gave HTTP response to HTTPS client # docker 的push 和pull操作都需要https协议,直接忽略该私有仓库证书校验 [root@k8s-node01-11-168 ~]# vim /etc/docker/daemon.json [root@k8s-node01-11-168 ~]# systemctl reload docker [root@k8s-node01-11-168 ~]# docker pull 10.40.11.90:5000/jdk1.8testbug4 Using default tag: latest latest: Pulling from jdk1.8testbug4 a02a4930cb5d: Pull complete 915783117a15: Pull complete 8674a53df34b: Pull complete 12f89fef257c: Pull complete c41934a5be2d: Pull complete 2520b3c70a8a: Pull complete Digest: sha256:c2ffafa1cbc86f614d0055b5d8fb0511d01a9c48d6520e1a6cfd56bcb25cfbd8 Status: Downloaded newer image for 10.40.11.90:5000/jdk1.8testbug4:latest [root@k8s-node01-11-168 ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE 10.40.11.90:5000/jdk1.8testbug4 latest 67d7ce25869d 3 weeks ago 867MB

镜像获取成功,下面我们进行运行镜像测试

4.6运行镜像

[root@k8s-node01-11-168 ~]# docker run -it -d --name jdk1.8-test 10.40.11.90:5000/jdk1.8testbug4 703c257f4ff2110402fbe159c4026195175e8963cd9646a22927cac482b3508d [root@k8s-node01-11-168 ~]# [root@k8s-node01-11-168 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 703c257f4ff2 10.40.11.90:5000/jdk1.8testbug4 "sh -c /bin/whole51/…" 8 seconds ago Up 7 seconds jdk1.8-test [root@k8s-node01-11-168 ~]# docker exec -it jdk1.8-test /bin/bash [admin@703c257f4ff2 sz-app-loanrepay-rpc]$ [admin@703c257f4ff2 sz-app-loanrepay-rpc]$ jps 35 jar 103 Jps [admin@703c257f4ff2 sz-app-loanrepay-rpc]$ ps -ef |grep java admin 1 0 0 06:11 pts/0 00:00:00 /bin/bash /bin/whole51/java-start.sh admin 33 1 0 06:11 pts/0 00:00:00 /bin/bash /bin/whole51/java-service loanrepay-rpc start dev admin 35 33 9 06:11 pts/0 00:00:13 /usr/local/jdk1.8.0_144/bin/java -server -Denv=dev -Ddubbo.registry.file=.dubbo/dubbo-registry-zookeeper1.dafy.com.cache -XX:+UseG1GC -Xms128m -Xmx128m -Dsun.net.inetaddr.ttl=600 -XX:MaxMetaspaceSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=heap_dump_2019-04-11_06-11-05.hprof -Xloggc:/data/logs/loanrepay-rpc/2019-04-11_06-11-05.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution -XX:+PrintGCCause -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=20m -Dfile.encoding=UTF-8 -jar loanrepay-rpc-bootstrap-1.1.0-SNAPSHOT.jar admin 116 85 0 06:13 pts/1 00:00:00 grep --color=auto java

五、总结

docker 是一种容器技术,docker 服务是一种容器引擎可以运行容器。而容器的运行需要通过镜像为模板来创建容器,存储镜像的仓库叫做镜像仓库。和git一样有共有仓库平台 和 私有仓库平台。docker-registry 就是docker 官方提供的私有镜像平台,在不断迭代中目前的版本为v2.x,可以满足基础仓库操作的需要,但依然不是很方便。后面的章节中我们会介绍其他的几款开源的仓库。

六、附: 镜像 — 仓库相关命令

Docker可以像GitHub/gitlab一样进行Push和Pull操作并且十分简单

1.在Docker Hub/阿里云等平台 上注册一个账号,然后创建一个远程仓库 Docker Hub地址: https://hub.docker.com/

2.首先将本地容器打包成本地镜像 docker commit 容器名 镜像仓库:镜像标签 然后只要使用docker images可以查看到你打包到本地镜像就可以了

3.将本地容器打包到远程仓库 docker tag 本地镜像仓库:本地镜像标签 远程仓库名:远程镜像标签

4.push到远程仓库 docker login docker push 远程仓库名:远程镜像标签 注意 : 这里的远程镜像标签是自己定义的名称,即在Docker Hub上看到的标签名 push之前要先登录

5.从远程pull到本地

总体而言docker镜像push到仓库是需要两个大步骤:

tag 标签 push 仓库

PS:

公有仓库需要 账号登录,push 和 pull 默认都是ssl,私有仓库要加ssl证书或修改docker配置,允许非ssl

专利

最新回复(0)