docker官方提供了构建私有镜像仓库的的工具Docker Registry
Docker Registry官方文档
官方介绍 registry使用
创建运行私有仓库
我这使用的registry镜像版本是v2
registr Dockerfile暴露的端口是5000
docker run -d -p 5000:5000 --restart=always -v /opt/data/registry:/var/lib/registry --name registry registry:2
注:存放上传镜像的仓库默认会被创建在容器的 /var/lib/registry 目录。
-v 参数可以将镜像文件存放在本地主机的指定路径。
例如上面的例子将上传的镜像放到本地的 /opt/data/registry 目录。
[root@hw-biz-alpha admin]# docker run -d -p 5000:5000 --restart=always -v /opt/data/registry:/var/lib/registry --name registry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:2
56fd23bc2f52520daec090a4c9081e2ccd621d45d177f9f7ce3d44321096dcca
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
56fd23bc2f52 registry:2 "/entrypoint.sh /etc…" 18 seconds ago Up 17 seconds 0.0.0.0:5000->5000/tcp registry
下面来自 官方例子 演示
- 将本地的ubuntu镜像上传到私有仓库
- 从私有仓库拉取自己上传的ubuntu镜像
- 关闭仓库容器清除仓库数据
上传到私有仓库
下面演示如何将一个本地ubuntu镜像上传到私有仓库
先获取ubuntu镜像
docker pull ubuntu
标记ubuntu镜像指向私有仓库,用docker image tag 命令
格式:docker tag IMAGE[:TAG] [REGISTRY_HOST[:REGISTRY_PORT]/]REPOSITORY[:TAG]。
docker image tag ubuntu 127.0.0.1:5000/myfirstimage
上传到私有仓库
docker push 127.0.0.1:5000/myfirstimage
查看仓库中的镜像,用 curl
curl 127.0.0.1:5000/v2/_catalog
{"repositories":["myfirstimage"]}
从私有仓库拉取镜像
docker pull 127.0.0.1:5000/myfirstimage
完整过程,如下:
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker run -d -p 5000:5000 --restart=always -v /opt/data/registry:/var/lib/registry --name registry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:2
56fd23bc2f52520daec090a4c9081e2ccd621d45d177f9f7ce3d44321096dcca
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
56fd23bc2f52 registry:2 "/entrypoint.sh /etc…" 18 seconds ago Up 17 seconds 0.0.0.0:5000->5000/tcp registry
cadaa5c958da ubuntu "/bin/bash" 40 hours ago Exited (0) 40 hours ago ubuntu_test3
9410b5c45d03 ubuntu "--name ubuntu_test3" 41 hours ago Created reverent_taussig
ccaa403e500f ubuntu "/bin/bash" 41 hours ago Exited (0) 41 hours ago interesting_cray
d56e5d3391de ubuntu "/bin/bash" 42 hours ago Created ubuntu_test
3435344f56bf ubuntu "/bin/bash" 43 hours ago Exited (0) 43 hours ago trusting_boyd
185b6c22453a ubuntu "-i" 43 hours ago Created happy_rosalind
9f6b3cdf7b85 ubuntu "/bin/bash" 44 hours ago Exited (0) 43 hours ago exciting_poincare
3f82741ff5d8 ubuntu "/bin/bash" 44 hours ago Exited (0) 44 hours ago stoic_golick
c4e9e2cc5f6a hello-world "/hello" 46 hours ago Exited (0) 46 hours ago xenodochial_kalam
5e1df23de3ff hello-world "/hello" 47 hours ago Exited (0) 47 hours ago distracted_turing
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
Digest: sha256:1f7fbf0f8628ce63093e8d1f0f6045026327c66f690c04dafd55f9721afa14ad
Status: Image is up to date for ubuntu:latest
docker.io/library/ubuntu:latest
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
Digest: sha256:1f7fbf0f8628ce63093e8d1f0f6045026327c66f690c04dafd55f9721afa14ad
Status: Image is up to date for ubuntu:latest
docker.io/library/ubuntu:latest
[root@hw-biz-alpha admin]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
ubuntu 14.04 2c5e00d77a67 3 months ago 188MB
registry 2 f32a97de94e1 5 months ago 25.8MB
hello-world latest fce289e99eb9 7 months ago 1.84kB
[root@hw-biz-alpha admin]# docker image tag ubuntu 127.0.0.1:5000/myfirstimage
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
127.0.0.1:5000/myfirstimage latest 3556258649b2 3 weeks ago 64.2MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
ubuntu 14.04 2c5e00d77a67 3 months ago 188MB
registry 2 f32a97de94e1 5 months ago 25.8MB
hello-world latest fce289e99eb9 7 months ago 1.84kB
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker push 127.0.0.1:5000/myfirstimage
The push refers to repository [127.0.0.1:5000/myfirstimage]
b079b3fa8d1b: Pushed
a31dbd3063d7: Pushed
c56e09e1bd18: Pushed
543791078bdb: Pushed
latest: digest: sha256:d91842ef309155b85a9e5c59566719308fab816b40d376809c39cf1cf4de3c6a size: 1152
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# curl 127.0.0.1:5000/v2/_catalog
{"repositories":["myfirstimage"]}
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker image rm 127.0.0.1:5000/myfirstimage
Untagged: 127.0.0.1:5000/myfirstimage:latest
Untagged: 127.0.0.1:5000/myfirstimage@sha256:d91842ef309155b85a9e5c59566719308fab816b40d376809c39cf1cf4de3c6a
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker pull 127.0.0.1:5000/myfirstimage
Using default tag: latest
latest: Pulling from myfirstimage
Digest: sha256:d91842ef309155b85a9e5c59566719308fab816b40d376809c39cf1cf4de3c6a
Status: Downloaded newer image for 127.0.0.1:5000/myfirstimage:latest
127.0.0.1:5000/myfirstimage:latest
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]#
[root@hw-biz-alpha admin]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
127.0.0.1:5000/myfirstimage latest 3556258649b2 3 weeks ago 64.2MB
ubuntu 14.04 2c5e00d77a67 3 months ago 188MB
registry 2 f32a97de94e1 5 months ago 25.8MB
hello-world latest fce289e99eb9 7 months ago 1.84kB
[root@hw-biz-alpha admin]#
关闭私有镜像仓库
docker container stop registry
清空私有镜像仓库
docker container rm -v registry
关闭并清空私有仓库
docker container stop registry && docker container rm -v registry
配置docker 支持 http方式的 docker push
注上面例子是本地地址,如果换成内网地址或外网地址的话,上面 推送上传镜像到私有仓库会失败报错 Get https://xxx.x.xxx.xxx:5000/v2/: http: server gave HTTP response to HTTPS client
具体如下:
[root@hw-biz-alpha admin]# docker push xxx.x.xxx.xxx:5000/myhello
The push refers to repository [xxx.x.xxx.xxx:5000/myhello]
Get http://xxx.x.xxx.xxx:5000/v2/: dial tcp xxx.x.xxx.xxx:5000: connect: connection refused
原因:docker 默认不允许http 方式推送镜像。但我们可以通过 docker 的配置选项来取消这个限制
centos7 的docker配置文件 /etc/docker/daemon.json ,如果这个文件不存在就自己创建,其他系统没注意ubuntu16好像也是
解决:
在docker 配置文件中配置insecure-registries 如下:
注: 下面139.9.xxx.xxx 是我这里想要配置的地址,你们需要改成自己想要配置的地址,别照着无脑复制,registry-mirrors 配置的是国内阿里提供的镜像加速地址,不用加速的话访问官网的会很慢。2个配置中间有个逗号 ','别漏了,这个配置是json格式的。
vi /etc/docker/daemon.json
{
"registry-mirrors": [
"https://tnxkcso1.mirror.aliyuncs.com"
],
"insecure-registries": [
"139.9.xxx.xxx:5000"
]
}
注意:配置完了,保存退出后 要重启docker
sudo systemctl restart docker
如果上述配置docker 还是不能http方式 docker push 外网内网ip地址的话,看看5000端口权限是否开放。
跨主机http访问docker私有镜像仓库
每一个要用http方式访问docker私有镜像仓库的主机都要给docker配置 insecure-registries
vi /etc/docker/daemon.json
注:下面ip改自己私有镜像仓库的地址
{
"insecure-registries": [
"139.9.xxx.xxx:5000"
]
}