文章目录
一、Docker–私有仓库
1.1 本地私有仓库
docker服务器: 192.168.100.141
[root@localhost ~]# systemctl stop firewalld #关闭防火墙
[root@localhost ~]# setenforce 0 #关闭selinux
[root@localhost ~]# docker pull registry #下载 registry 镜像
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@localhost ~]# vim /etc/docker/daemon.json #在daemon.json文件中添加私有镜像仓库的地址并重启
{
"insecure-registries": ["192.168.237.141:5000"],
"registry-mirrors": ["https://d4r5l929.mirror.aliyuncs.com"]
}
:wq
[root@localhost ~]# systemctl restart docker #重启docker服务
[root@localhost ~]# docker run -itd -v /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest #运行registry容器
16db2a0f26de8b5bd92ccb4902d3cd2bc8a177602bb7fcae0f2eba9e667cff06
------------------------------------------------------------------------------------------------------------
-itd:在容器中打开一个伪终端进行交互操作,并在后台运行
-v:把宿主机的/data/registry目录绑定到容器/var/lib/registry目录(这个目录是registry容器中存放镜像文件的目录),来实现数据的持久化;
-p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了
--restart=always: 这是重启的策略,在容器退出时总是重启容器
--name registry: 创建容器命名为registry
registry:latest:这个是刚才pull下来的镜像.
------------------------------------------------------------------------------------------------------------
Docker容器的重启策略如下:
no:默认策略,在容器退出时不重启容器
on- failure:在容器非正常退出时(退出状态非0),才会重启容器
on- failure:3 :在容器非正常退出时重启容器,最多重启3次
always:在容器退出时总是重启容器
unless-stopped:在容器退出时总是重启容器,但是不考虑在Docker守护进程启动时就已经停止了的容器
------------------------------------------------------------------------------------------------------------
[root@localhost ~]# docker pull centos:7 #下载镜像
7: Pulling from library/centos
Digest: sha256:9d4bcbbb213dfd745b58be38b13b996ebb5ac315fe75711bd618426a630e0987
Status: Image is up to date for centos:7
docker.io/library/centos:7
[root@localhost ~]# docker tag centos:7 192.168.100.141:5000/centos:v1 #重新打标签
[root@localhost ~]# docker images #查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
....
192.168.100.141:5000/centos v1 eeb6ee3f44bd 9 months ago 204MB
....
[root@localhost ~]# docker push 192.168.100.141:5000/centos:v1 #上传镜像
The push refers to repository [192.168.100.141:5000/centos]
174f56854903: Pushed
v1: digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f size: 529
#列出私有仓库的所有镜像
[root@localhost ~]# curl http://192.168.100.141:5000/v2/_catalog
{"repositories":["centos"]}
[root@localhost ~]# curl http://192.168.100.141:5000/v2/centos/tags/list
{"name":"centos","tags":["v1"]}
[root@localhost ~]# docker rmi -f eeb6ee3f44bd #删除原先的下载
Untagged: 192.168.100.141:5000/centos:v1
Untagged: 192.168.237.141:5000/centos@sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Untagged: centos:7
Untagged: centos@sha256:9d4bcbbb213dfd745b58be38b13b996ebb5ac315fe75711bd618426a630e0987
Deleted: sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
[root@localhost ~]# docker pull 192.168.100.141:5000/centos:v1 #从私有镜像重新拉取
v1: Pulling from centos
2d473b07cdd5: Already exists
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Downloaded newer image for 192.168.100.141:5000/centos:v1
192.168.100.141:5000/centos:v1
[root@localhost ~]# docker images #查看验证
REPOSITORY TAG IMAGE ID CREATED SIZE
.....
192.168.100.141:5000/centos v1 eeb6ee3f44bd 9 months ago 204MB
.....
1.2 Harbor私有仓库
Harbor是VWware公司开源的企业级Docker Reqistry 项目,其目标是帮助用户迅速搭建一个企业级的 Docker Registry服务
Harbor以Docker公司开源的Registry为基础,提供了图形管理UI、基于角色的访问控制(Role Based AccessControl)、AD/LDAP集成、以及审计日志(Auditlogging)等企业用户需求的功能,同时还原生支持中文
Harbor的每个组件都是以Docker容器的形式构建的,使用docker-compose 来对它进行部署。用于部署Harbor 的docker-compose。模板位于harbor / docker-compose.ym
Harbor的特性
(1)基于角色控制:用户和仓库都是基于项目进行组织的,而用户在项目中可以拥有不同的权限