搭建私有镜像仓库

用户9822880

发布于 2022-06-13 15:04:10

1.2K0

发布于 2022-06-13 15:04:10

文章被收录于专栏：3分钟云计算

“ 本文将使用Podman在本地搭建一个私有的镜像仓库，并查询该私有库的镜像”

1，创建registry目录。

$ mkdir -p /opt/registry/{auth,certs,data}

2，生成registry服务器证书, 并创建密码。

$ cd /opt/registry/certs
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt
Generating a 4096 bit RSA private key
....................++
......................................................................................................................................++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:localhost
Email Address []:

$ htpasswd -bBc /opt/registry/auth/htpasswd test xxx

3，添加该证书到信任列表。

$ cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
$ update-ca-trust

4，后台运行Podman.

$ podman run -ti -d --name registry01 -p 5001:5000   -v /opt/registry/data:/var/lib/registry:z      -v /opt/registry/auth:/auth:z      -e "REGISTRY_AUTH=htpasswd"      -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"      -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd      -v /opt/registry/certs:/certs:z      -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt      -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry

查看运行的容器：

$ podman ps
CONTAINER ID  IMAGE                         COMMAND               CREATED     STATUS         PORTS                   NAMES
d0385bb08bc1  docker.io/library/registry:2  /etc/docker/regis...  4 days ago  Up 4 days ago  0.0.0.0:5001->5000/tcp  registry01

5，拉取一个镜像，并把它push 到这个私有库，如下：

$ podman images
REPOSITORY                                        TAG       IMAGE ID       CREATED        SIZE
localhost:5001/podman/upstream-opm-builder        latest    6ff688cecdcc   7 days ago     56.9 MB

6，查看该私有库的所有镜像，因为这个库并不是官方的，所有Podman, docker CLI 中并没有内置的指令可以使用。所以，我们使用curl.

查询该库中的所有镜像

$ curl -k --user test:xxx https://localhost:5001/v2/_catalog 
{"repositories":["podman/upstream-opm-builder"]}

查询某个镜像的所有tag

$ curl -k --user test:xx https://localhost:5001/v2/podman/upstream-opm-builder/tags/list
{"name":"podman/upstream-opm-builder","tags":["latest"]}

查询某个镜像的manifest

$ curl -k --user test:xxx https://localhost:5001/v2/podman/upstream-opm-builder/manifests/latest
{
   "schemaVersion": 1,
   "name": "podman/upstream-opm-builder",
   "tag": "latest",
   "architecture": "amd64",
   "fsLayers": [
      {
         "blobSum": "sha256:e19f7f395db13ad9f4fa9ab2452f927b7c3a54cfe26b48a97830899f8555ac5e"
      },
      {
         "blobSum": "sha256:4469a46fbd9624ac1ecf98ac5c246319f9d051d1202c6f68b0933fc64b70481b"
      }
   ],
   "history": [
      {
         "v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":null,\"Image\":\"sha256:bf9c54267fd958bd9e57155b9cfea95b0cce194b37c972bec37be38533676dde\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"container_config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:9501a4e82bb8fa49a1f5b0ba285f0b3f779adbb71346b968b1c4940041ff9c17 in /bin/grpc_health_probe \"],\"Image\":\"sha256:bf9c54267fd958bd9e57155b9cfea95b0cce194b37c972bec37be38533676dde\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"created\":\"2020-05-01T19:28:57.236239398Z\",\"docker_version\":\"18.02.0-ce\",\"id\":\"58ba1cf06a7d90a132411f7d649751afafb7d7cb9bdd61ecf51e2bdea8546a7d\",\"os\":\"linux\",\"parent\":\"d76e896f5e092051877d3c1f4d096341e564641445881ab30cccf9a62604da65\"}"
      },
      {
         "v1Compatibility": "{\"id\":\"d76e896f5e092051877d3c1f4d096341e564641445881ab30cccf9a62604da65\",\"created\":\"2020-05-01T19:28:56.771941093Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) COPY file:0953fd9956e33173eb8adfe33569b025bd52788d25b3488dc251068b19530c41 in /bin/opm \"]}}"
      }
   ],
   "signatures": [
      {
         "header": {
            "jwk": {
               "crv": "P-256",
               "kid": "V6CS:YNVT:UEXX:WACD:KGKN:WLU4:RFJW:46AE:BJYR:OQ3W:AP6M:SSND",
               "kty": "EC",
               "x": "BJMfLxL6pC2avpeg9ZqYfVUhmuXrS4Dp_232M77qbVY",
               "y": "-Zkt6N5wjL6zZAzrXaJe9SWhu2ecV0t2LpDZBFHf6xU"
            },
            "alg": "ES256"
         },
         "signature": "tQVFxgGuc0dWBwKn_gvDMcIbkEJ8Ey6sxsMh3S1cav8Wfx1C57B1WEYvVYXQ1ajmuRNYahH0syAv6k-9RrfGtQ",
         "protected": "eyJmb3JtYXRMZW5ndGgiOjIwNzQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAyMC0wNS0wOVQxMTo1MzoxMloifQ"
      }
   ]
}

搞定！下班！

本文参与腾讯云自媒体同步曝光计划，分享自微信公众号。

原始发表：2020-05-09，如有侵权请联系 cloudcommunity@tencent.com 删除

https

本文分享自 3分钟云计算微信公众号，前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与腾讯云自媒体同步曝光计划，欢迎热爱写作的你一起参与！

https

登录后参与评论

0 条评论

热度

搭建私有镜像仓库

搭建私有镜像仓库

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐