docker registry:设置私有的镜像缓存仓库
背景介绍
docker 提供了官方的 registry 仓库镜像,可以通过docker hub进行拉取:
docker pull registry但是直接拉取的registry我们并不知道如何设置,我们可以看看他的Dockerfile地址,git地址:
https://github.com/docker/distribution-library-image
通过这个仓库知道主要是通过config-example.yml来配置。
version: 0.1
log:
accesslog:
disabled: true
level: debug
formatter: text
fields:
service: registry
environment: staging
hooks:
- type: mail
disabled: true
levels:
- panic
options:
smtp:
addr: mail.example.com:25
username: mailuser
password: password
insecure: true
from: sender@example.com
to:
- errors@example.com
loglevel: debug # deprecated: use "log"
storage:
filesystem:
rootdirectory: /var/lib/registry
maxthreads: 100
azure:
accountname: accountname
accountkey: base64encodedaccountkey
container: containername
gcs:
bucket: bucketname
keyfile: /path/to/keyfile
credentials:
type: service_account
project_id: project_id_string
private_key_id: private_key_id_string
private_key: private_key_string
client_email: client@example.com
client_id: client_id_string
auth_uri: http://example.com/auth_uri
token_uri: http://example.com/token_uri
auth_provider_x509_cert_url: http://example.com/provider_cert_url
client_x509_cert_url: http://example.com/client_cert_url
rootdirectory: /gcs/object/name/prefix
chunksize: 5242880
s3:
accesskey: awsaccesskey
secretkey: awssecretkey
region: us-west-1
regionendpoint: http://myobjects.local
bucket: bucketname
encrypt: true
keyid: mykeyid
secure: true
v4auth: true
chunksize: 5242880
multipartcopychunksize: 33554432
multipartcopymaxconcurrency: 100
multipartcopythresholdsize: 33554432
rootdirectory: /s3/object/name/prefix
swift:
username: username
password: password
authurl: https://storage.myprovider.com/auth/v1.0 or https://storage.myprovider.com/v2.0 or https://storage.myprovider.com/v3/auth
tenant: tenantname
tenantid: tenantid
domain: domain name for Openstack Identity v3 API
domainid: domain id for Openstack Identity v3 API
insecureskipverify: true
region: fr
container: containername
rootdirectory: /swift/object/name/prefix
oss:
accesskeyid: accesskeyid
accesskeysecret: accesskeysecret
region: OSS region name
endpoint: optional endpoints
internal: optional internal endpoint
bucket: OSS bucket
encrypt: optional enable server-side encryption
encryptionkeyid: optional KMS key id for encryption
secure: optional ssl setting
chunksize: optional size valye
rootdirectory: optional root directory
inmemory: # This driver takes no parameters
delete:
enabled: false
redirect:
disable: false
cache:
blobdescriptor: redis
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
auth:
silly:
realm: silly-realm
service: silly-service
token:
autoredirect: true
realm: token-realm
service: token-service
issuer: registry-token-issuer
rootcertbundle: /root/certs/bundle
htpasswd:
realm: basic-realm
path: /path/to/htpasswd
middleware:
registry:
- name: ARegistryMiddleware
options:
foo: bar
repository:
- name: ARepositoryMiddleware
options:
foo: bar
storage:
- name: cloudfront
options:
baseurl: https://my.cloudfronted.domain.com/
privatekey: /path/to/pem
keypairid: cloudfrontkeypairid
duration: 3000s
ipfilteredby: awsregion
awsregion: us-east-1, use-east-2
updatefrenquency: 12h
iprangesurl: https://ip-ranges.amazonaws.com/ip-ranges.json
storage:
- name: redirect
options:
baseurl: https://example.com/
reporting:
bugsnag:
apikey: bugsnagapikey
releasestage: bugsnagreleasestage
endpoint: bugsnagendpoint
newrelic:
licensekey: newreliclicensekey
name: newrelicname
verbose: true
http:
addr: localhost:5000
prefix: /my/nested/registry/
host: https://myregistryaddress.org:5000
secret: asecretforlocaldevelopment
relativeurls: false
draintimeout: 60s
tls:
certificate: /path/to/x509/public
key: /path/to/x509/private
clientcas:
- /path/to/ca.pem
- /path/to/another/ca.pem
letsencrypt:
cachefile: /path/to/cache-file
email: emailused@letsencrypt.com
hosts: [myregistryaddress.org]
debug:
addr: localhost:5001
prometheus:
enabled: true
path: /metrics
headers:
X-Content-Type-Options: [nosniff]
http2:
disabled: false
notifications:
events:
includereferences: true
endpoints:
- name: alistener
disabled: false
url: https://my.listener.com/event
headers: <http.Header>
timeout: 1s
threshold: 10
backoff: 1s
ignoredmediatypes:
- application/octet-stream
ignore:
mediatypes:
- application/octet-stream
actions:
- pull
redis:
addr: localhost:6379
password: asecret
db: 0
dialtimeout: 10ms
readtimeout: 10ms
writetimeout: 10ms
pool:
maxidle: 16
maxactive: 64
idletimeout: 300s
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
file:
- file: /path/to/checked/file
interval: 10s
http:
- uri: http://server.to.check/must/return/200
headers:
Authorization: [Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
statuscode: 200
timeout: 3s
interval: 10s
threshold: 3
tcp:
- addr: redis-server.domain.com:6379
timeout: 3s
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io
username: [username]
password: [password]
compatibility:
schema1:
signingkeyfile: /etc/registry/key.json
enabled: true
validation:
manifests:
urls:
allow:
- ^https?://([^/]+\.)*example\.com/
deny:
- ^https?://www\.example\.com/和 proxy cache 相关的参数是 proxy 。
搭建 docker registry
okay,下面我们通过原始dockerfile构建一个缓存私有仓库:
1.修改config-example.conf文件
由于本机是intel的64位系统,因此选择amd64,修改里面的config-example.conf:
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io2.构建registry镜像
构建registry镜像:
docker build -t dokcer-registry:v0.1 .3.运行registry容器
运行registry容器:
docker run -it -p 5000:5000 docker-registry:v0.14.测试缓存是否生效
在测试的daemon.json配置目标地址:
cat > /etc/docker/daemon.json << EOF
{
"insecure-registries": ["10.10.6.111:5000"],
"registry-mirrors":["http://10.10.6.111:5000"]
}
EOF重启容器服务service docker restart
测试:
docker pull node:8.4.0-onbuild用docker logs 查看 registry 容器:
docker logs -f docker-registry
time="2019-10-31T07:48:33.210442036Z" level=info msg="Adding new scheduler entry for library/node@sha256:0485a8f7251f7823455cb5efb010ee034e7b44b13414d11080c4daae8af1acb3 with ttl=167h59m59.999996323s" go.version=go1.11.2 instance.id=154296c5-33a6-44cc-bc25-9cb74eb2fc47 service=registry version=v2.7.1
time="2019-10-31T07:48:33.210850287Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="10.10.6.111:5000" http.request.id=05a32ff6-54f1-4b70-b86e-1802959c0ff2 http.request.method=GET http.request.remoteaddr="10.10.6.19:60562" http.request.uri="/v2/library/node/manifests/8.4.0-onbuild" http.request.useragent="docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \(linux\))" http.response.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.response.duration=3.632741932s http.response.status=200 http.response.written=2213
10.10.6.19 - - [31/Oct/2019:07:48:29 +0000] "GET /v2/library/node/manifests/8.4.0-onbuild HTTP/1.1" 200 2213 "" "docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \\(linux\\))"
time="2019-10-31T07:48:35.734990871Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="10.10.6.111:5000" http.request.id=76e0c7e6-b6e2-4d48-8baf-bcd296996e69 http.request.method=GET http.request.remoteaddr="10.10.6.19:60564" http.request.uri="/v2/library/node/blobs/sha256:d24de6795fb1d44f2ecd12ab0768fefb45c3a31674824961512f71fbf234a704" http.request.useragent="docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.522583499s http.response.status=200 http.response.written=8639
10.10.6.19 - - [31/Oct/2019:07:48:33 +0000] "GET /v2/library/node/blobs/sha256:d24de6795fb1d44f2ecd12ab0768fefb45c3a31674824961512f71fbf234a704 HTTP/1.1" 200 8639 "" "docker/19.03.3 go/go1.12.10 git-commit/a872fc2f86 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.3 \\(linux\\))"
time="2019-10-31T07:48:36.375234583Z" level=info msg="Adding new scheduler entry for library/node@sha256:d24de6795fb1d44f2ecd12ab0768fefb45c3a31674824961512f71fbf234a704 with ttl=167h59m59.999996974s" go.version=go1.11.2 instance.id=154296c5-33a6-44cc-bc25-9cb74eb2fc47 service=registry version=v2.7.1从日志可以看出缓存成功了~
PS: 镜像第一次拉取还比较慢,第二次拉取速度立刻飞起~大家可以试试
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2019-10-31,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
