004.构建私有Docker-Registry
004.构建私有Docker-Registry
CoderJed
发布于 2020-11-12 11:46:26
发布于 2020-11-12 11:46:26
1. Docker构建私有Registry
# 1.运行一个容器,此容器是用作存储镜像的私有Registry容器
# --restart=always:只要docker服务启动,此容器就会一起启动
# 将容器内存放镜像的目录映射到宿主机,防止容器破坏后镜像丢失
[root@bdc01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /data/docker/registry:/var/lib/registry registry
# tips:如果想实现全部容器随docker服务启动,可以修改配置
# 文件:/etc/docker/daemon.json
{
....
# 新增这个配置即可
"live-restore": true
}
# 2.修改宿主机的docker服务的配置文件:/etc/docker/daemon.json
{
....
# 设置为宿主机的IP:5000,之后pull镜像的时候,会优先从这个地址去pull
"insecure-registries": ["10.0.0.11:5000"]
}
# 3.重启docker服务
[root@bdc01 ~]# systemctl restart docker
# 4.上传一些基础镜像
# 首先给官方镜像重命名,要求格式必须为[私有Registry服务的地址/name:tag],然后才能上传
# name中可以有多层/
[root@bdc01 ~]# docker tag nginx:latest 10.0.0.11:5000/nginx:latest
[root@bdc01 ~]# docker push 10.0.0.11:5000/nginx:latest
# 5.在局域网另一台docker服务器上测试,保证另一台docker服务器的/etc/docker/daemon.json文件中配置了私有Registry的地址
# "insecure-registries": ["10.0.0.11:5000"]
[root@bdc02 ~]# docker pull 10.0.0.11:5000/nginx:latest
latest: Pulling from nginx
bae8bf68c463: Pull complete
f1c81ad02d10: Pull complete
29eda3d2dd55: Pull complete
d765c51a99b4: Pull complete
cea6e8eec3a8: Pull complete
Digest: sha256:021e979f2d1343cbb82ab0a9c1ad098c8c9fddf48dd65f0740ae026ce58c634a
Status: Downloaded newer image for 10.0.0.11:5000/nginx:latest
# 6.给私有仓库增加认证功能
[root@bdc01 ~]# yum install httpd-tools -y
[root@bdc01 ~]# mkdir -p /data/docker/registry/auth
# 这里admin和123456是账号密码
[root@bdc01 ~]# htpasswd -Bbn admin 123456 > /data/docker/registry/auth/htpasswd
# 7.重启Registry容器
[root@bdc01 ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0f8b83b0885 registry "/entrypoint.sh /e..." 42 minutes ago Up 38 minutes 0.0.0.0:5000->5000/tcp registry
[root@bdc01 ~]# docker rm -f b0f8b83b0885
[root@bdc01 ~]# docker run -d --restart=always -p 5000:5000 -v /data/docker/registry/auth:/var/lib/registry/auth -v /data/docker/registry:/var/lib/registry --name register-auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/auth/htpasswd" registry
ded545c34aaff331c5d3636505ce8331bea2c21f9c0aa809d3893f4b6a2d4b5e
# 8.push镜像需要密码
[root@bdc01 auth]# docker push 10.0.0.11:5000/centos:7.5.1804
The push refers to a repository [10.0.0.11:5000/centos]
c586101ee955: Preparing
no basic auth credentials
[root@bdc01 auth]# docker login 10.0.0.11:5000
Username: admin
Password:
Login Succeeded
[root@bdc01 auth]# docker tag centos:7.5.1804 10.0.0.11:5000/centos:7.5.1804
[root@bdc01 auth]# docker push 10.0.0.11:5000/centos:7.5.1804
# 9.拉取镜像
[root@bdc02 ~]# docker pull 10.0.0.11:5000/centos:7.5.1804
Pulling repository 10.0.0.11:5000/centos
Error: image centos:7.5.1804 not found
[root@bdc02 ~]# docker login 10.0.0.11:5000
Username: admin
Password:
Login Succeeded
[root@bdc02 ~]# docker pull 10.0.0.11:5000/centos:7.5.1804
7.5.1804: Pulling from centos
0bce71907c70: Pull complete
Digest: sha256:e34007d050c9033e75bb6f767dc9532e2da96f611aa72028f91e616911334f12
Status: Downloaded newer image for 10.0.0.11:5000/centos:7.5.18042. 使用Habor实现Registry图形化管理
# 第一步:安装docker和docker-compose
[root@bdc01 opt]# yum install -y docker-compose
# 第二步:下载harbor-offline-installer-vxxx.tgz
# 下载地址:https://github.com/goharbor/harbor/releases
# 我这里使用harbor-offline-installer-v2.1.1.tgz
# 此版本需要Docker版本为17.06.0+.
# 第三步:上传到/opt,并解压
[root@bdc01 opt]# tar -zxvf harbor-offline-installer-v2.1.1.tgz
[root@bdc01 opt]# cd harbor
# 第四步:修改harbor.cfg配置文件
[root@bdc01 harbor]# cp harbor.yml.tmpl harbor.yml
[root@bdc01 harbor]# vim harbor.yml
# 宿主机的IP或者主机名
hostname = 10.0.0.11
http:
port: 50000
# 设置一个管理员密码
harbor_admin_password = 123456
# 注释掉https相关的配置
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# 第五步:执行install.sh
...
✔ ----Harbor has been installed and started successfully.----
# 第六步: 修改docker客户端的配置文件,/etc/docker/daemon.json
{
...
# 填写harbor的访问地址
"insecure-registries": ["10.0.0.11:50000"],
# 设置docker重启后,容器跟随启动
"live-restore": true
}
# 第7步: 重启的docker
systemctl daemon-reload
systemctl restart docker
# 上传镜像
# 首先给官方镜像重命名
[root@bdc01 ~]# docker tag centos:7.5.1804 10.0.0.11:50000/my_registry/centos:7.5.1804
# 登录私服
[root@bdc01 ~]# docker login 10.0.0.11:50000
Username: admin
Password:
Login Succeeded
# push镜像
[root@bdc01 ~]# docker push 10.0.0.11:50000/my_registry/centos:7.5.1804
The push refers to repository [10.0.0.11:50000/my_registry/centos]
4826cdadf1ef: Pushed
7.5.1804: digest: sha256:65decb5f8c6d37cdd06332ef1116a92fdb52aa1b55fe6256bb3b843ee97d2279 size: 529
# 其他客户端pull镜像
[root@bdc02 ~]# docker pull 10.0.0.11:50000/my_registry/centos:7.5.1804
7.5.1804: Pulling from my_registry/centos
Digest: sha256:65decb5f8c6d37cdd06332ef1116a92fdb52aa1b55fe6256bb3b843ee97d2279
Status: Downloaded newer image for 10.0.0.11:50000/my_registry/centos:7.5.1804
# 使用页面上复制的命令拉取镜像,但要把主机名改成IP,因为我们配置文件中是IP而不是主机名
[root@bdc02 ~]# docker pull 10.0.0.11:50000/my_registry/centos@sha256:65decb5f8c6d37cdd06332ef1116a92fdb52aa1b55fe6256bb3b843ee97d2279
sha256:65decb5f8c6d37cdd06332ef1116a92fdb52aa1b55fe6256bb3b843ee97d2279: Pulling from my_registry/centos
Digest: sha256:65decb5f8c6d37cdd06332ef1116a92fdb52aa1b55fe6256bb3b843ee97d2279
Status: Downloaded newer image for 10.0.0.11:50000/my_registry/centos@sha256:65decb5f8c6d37cdd06332ef1116a92fdb52aa1b55fe6256bb3b843ee97d2279本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读