“ 本文将使用Podman在本地搭建一个私有的镜像仓库,并查询该私有库的镜像”
1, 创建registry目录。
$ mkdir -p /opt/registry/{auth,certs,data}
2, 生成registry服务器证书, 并创建密码。
$ cd /opt/registry/certs
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt
Generating a 4096 bit RSA private key
....................++
......................................................................................................................................++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:localhost
Email Address []:
$ htpasswd -bBc /opt/registry/auth/htpasswd test xxx
3, 添加该证书到信任列表。
$ cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
$ update-ca-trust
4, 后台运行Podman.
$ podman run -ti -d --name registry01 -p 5001:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry
查看运行的容器:
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d0385bb08bc1 docker.io/library/registry:2 /etc/docker/regis... 4 days ago Up 4 days ago 0.0.0.0:5001->5000/tcp registry01
5, 拉取一个镜像,并把它push 到这个私有库,如下:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost:5001/podman/upstream-opm-builder latest 6ff688cecdcc 7 days ago 56.9 MB
6, 查看该私有库的所有镜像,因为这个库并不是官方的,所有Podman, docker CLI 中并没有内置的指令可以使用。所以, 我们使用curl.
$ curl -k --user test:xxx https://localhost:5001/v2/_catalog
{"repositories":["podman/upstream-opm-builder"]}
$ curl -k --user test:xx https://localhost:5001/v2/podman/upstream-opm-builder/tags/list
{"name":"podman/upstream-opm-builder","tags":["latest"]}
$ curl -k --user test:xxx https://localhost:5001/v2/podman/upstream-opm-builder/manifests/latest
{
"schemaVersion": 1,
"name": "podman/upstream-opm-builder",
"tag": "latest",
"architecture": "amd64",
"fsLayers": [
{
"blobSum": "sha256:e19f7f395db13ad9f4fa9ab2452f927b7c3a54cfe26b48a97830899f8555ac5e"
},
{
"blobSum": "sha256:4469a46fbd9624ac1ecf98ac5c246319f9d051d1202c6f68b0933fc64b70481b"
}
],
"history": [
{
"v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":null,\"Image\":\"sha256:bf9c54267fd958bd9e57155b9cfea95b0cce194b37c972bec37be38533676dde\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"container_config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:9501a4e82bb8fa49a1f5b0ba285f0b3f779adbb71346b968b1c4940041ff9c17 in /bin/grpc_health_probe \"],\"Image\":\"sha256:bf9c54267fd958bd9e57155b9cfea95b0cce194b37c972bec37be38533676dde\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"created\":\"2020-05-01T19:28:57.236239398Z\",\"docker_version\":\"18.02.0-ce\",\"id\":\"58ba1cf06a7d90a132411f7d649751afafb7d7cb9bdd61ecf51e2bdea8546a7d\",\"os\":\"linux\",\"parent\":\"d76e896f5e092051877d3c1f4d096341e564641445881ab30cccf9a62604da65\"}"
},
{
"v1Compatibility": "{\"id\":\"d76e896f5e092051877d3c1f4d096341e564641445881ab30cccf9a62604da65\",\"created\":\"2020-05-01T19:28:56.771941093Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) COPY file:0953fd9956e33173eb8adfe33569b025bd52788d25b3488dc251068b19530c41 in /bin/opm \"]}}"
}
],
"signatures": [
{
"header": {
"jwk": {
"crv": "P-256",
"kid": "V6CS:YNVT:UEXX:WACD:KGKN:WLU4:RFJW:46AE:BJYR:OQ3W:AP6M:SSND",
"kty": "EC",
"x": "BJMfLxL6pC2avpeg9ZqYfVUhmuXrS4Dp_232M77qbVY",
"y": "-Zkt6N5wjL6zZAzrXaJe9SWhu2ecV0t2LpDZBFHf6xU"
},
"alg": "ES256"
},
"signature": "tQVFxgGuc0dWBwKn_gvDMcIbkEJ8Ey6sxsMh3S1cav8Wfx1C57B1WEYvVYXQ1ajmuRNYahH0syAv6k-9RrfGtQ",
"protected": "eyJmb3JtYXRMZW5ndGgiOjIwNzQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAyMC0wNS0wOVQxMTo1MzoxMloifQ"
}
]
}
搞定!下班!