1. Registry
官方私有仓库,优点:简单;缺点:部署无法进行复杂的管理操作
1.1 镜像
docker pull registry:2.7.1
docker pull joxit/docker-registry-ui:latest # 非必须,简单的界面
1.2 配置
mkdir -p /etc/docker/registry
cat > /etc/docker/registry/config.yml <<EOF
version: 0.1
log:
accesslog:
disabled: true
level: debug
formatter: text
fields:
service: registry
environment: staging
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://192.168.80.200']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
http2:
disabled: false
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
EOF
1.3 启动
cat > docker-compose.yaml <<EOF
version: '2.0'
services:
registry:
image: registry:2.7.1
ports:
- 5000:5000
volumes:
- /opt/registry:/var/lib/registry
- /etc/docker/registry/config.yml:/etc/docker/registry/config.yml
ui:
image: joxit/docker-registry-ui:latest
ports:
- 80:80
environment:
- REGISTRY_TITLE=My Private Docker Registry
- REGISTRY_URL=http://192.168.80.200:5000
- SINGLE_REGISTRY=true
depends_on:
- registry
EOF
docker-compose up -d
1.4 镜像推送
$ docker tag nginx 192.168.80.200:5000/nginx:latest
$ docker push 192.168.80.200:5000/nginx:latest
The push refers to repository [192.168.80.200:5000/nginx]
Get "https://192.168.80.200:5000/v2/": http: server gave HTTP response to HTTPS client
# 开启非安全认证
$ vi /etc/docker/daemon.json
{
"insecure-registries" : [ "192.168.80.250:5000" ]
}
$ systemctl restart docker
1.5 登录界面
http://192.168.80.200
1.6 Restful API
参考:https://docs.docker.com/registry/spec/api/#detail
# API Version Check
$ curl 192.168.80.200:5000/v2/
{}
# Listing Repositories
$ curl 192.168.80.200:5000/v2/_catalog
{"repositories":["nginx"]}
# Listing Image Tags
$ curl 192.168.80.200:5000/v2/nginx/tags/list
{"name":"nginx","tags":["latest"]}
# Fetch the manifest by tag
$ curl 192.168.80.200:5000/v2/nginx/manifests/latest
# 获取镜像的digest
$ curl -I 192.168.80.200:5000/v2/nginx/manifests/latest -H 'Accept: application/vnd.docker.distribution.manifest.v2+json'
...
Docker-Content-Digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
# Deleting an Image by digest, not supported by tag (只是删除了相关的tag,但文件实体并未删除)
$ curl -X DELETE 192.168.80.200:5000/v2/nginx/manifests/sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
# 清理磁盘,是否已被删除的 blob 数据
$ docker exec -it docker-registry bin/registry garbage-collect /etc/docker/registry/config.yml