5.1:Docker Registry(Distribution)
Docker Registry 在 0.9 版本之后停止了开发,新项目名为 Distribution由 go 语言开发;
Docker Registry 官方文档:https://docs.docker.com/registry/
Distribution 的 github 地址:https://github.com/docker/distribution
5.1.1:拉取 Registry 镜像
[root@centos ~]# docker pull registry
5.1.2:创建用户
创建用于授权的目录:
[root@centos ~]# mkdir -pv /docker/auth
安装 httpd-tools,以使用 htpasswd 命令创建用户:
[root@centos ~]# yum install httpd-tools -y
创建用户:
[root@centos ~]# cd /docker
[root@centos ~]# htpasswd -Bbn yqc 123456 > auth/htpasswd
验证用户:
[root@centos docker]# cat auth/htpasswd
yqc:$2y$05$NfAl7jVxImjjyeEjiP9myubhH3lcu6i2ST.GE1oznIJVTUM6k0852
5.1.3:启动 Docker Registry
启动,将 /docker/auth 目录作为 volume 挂载到容器,并指定使用 htpasswd 文件作为认证文件:
docker run -d -p 5000:5000 \
--restart=always \
--name registry1 \
-v /docker/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
验证 Registry 容器:
[root@centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8c058de7f7f registry "/entrypoint.sh /etc…" 14 minutes ago Up 14 minutes 0.0.0.0:5000->5000/tcp registry1
验证监听端口:
[root@centos ~]# ss -tnlp | grep 5000
LISTEN 0 20480 :::5000 :::* users:(("docker-proxy",pid=2954,fd=4))
5.1.4:登录 Docker Registry
客户端 Docker 配置 insecure-registry
以前的配置方法:
- 编辑各docker 服务器/etc/sysconfig/docker,配置 INSECURE_REGISTRY:
[root@docker-server1 ~]# vim /etc/sysconfig/docker 4 OPTIONS='--selinux-enabled --log-driver=journald' 9 ADD_REGISTRY='--add-registry 192.168.10.205:5000' 10 INSECURE_REGISTRY='--insecure-registry 192.168.10.205:5000'
- 重启 Docker:
systemctl restart docker
修改 docker.service 文件:
启动命令后添加 --insecure-registry 选项,允许登录自己搭建的 Docker Registry;
root@ubuntu:~# vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.1.101:5000
重启 Docker:
root@ubuntu:/docker# systemctl daemon-reload
root@ubuntu:/docker# systemctl restart docker
登录
root@ubuntu:/docker# docker login 192.168.1.101:5000
Username: yqc
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
5.1.5:测试 Docker Registry
推送镜像
为镜像打 Tag:
Tag 格式为:
Docker-Registry-IP:PORT/用户名/镜像名:Tag
root@ubuntu:~# docker tag alpine-init:3.12 192.168.1.101:5000/yqc/alpine-init:3.12
推送镜像:
root@ubuntu:~# docker push 192.168.1.101:5000/yqc/alpine-init:3.12
The push refers to repository [192.168.1.101:5000/yqc/alpine-init]
d24d9495663a: Pushed
4046b84ff5f4: Pushed
c04d1437198b: Pushed
3.12: digest: sha256:a7fc15e7fa01edfb1960429f3709fb156285aa733e79cad873b5d298adaeda8d size: 947
拉取镜像
登录 Docker Registry:
root@ubuntu:~# docker login 192.168.1.101:5000
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
拉取镜像:
root@ubuntu:~# docker pull 192.168.1.101:5000/yqc/alpine-init:3.12
3.12: Pulling from yqc/alpine-init
Digest: sha256:a7fc15e7fa01edfb1960429f3709fb156285aa733e79cad873b5d298adaeda8d
Status: Image is up to date for 192.168.1.101:5000/yqc/alpine-init:3.12