docker registry2 仓库搭建与使用

docker registry2 仓库搭建与使用

docker pull registry-1.docker.io/distribution/registry:2.1

1) 以TLS证书认证启动docker registry2
产生证书

mkdir -p certs && openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt
Generating a 4096 bit RSA private key
.........................................................................................................................++
......++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:XW
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:onecloud
Organizational Unit Name (eg, section) []:gz
Common Name (eg, your name or your server's hostname) []:host102.gzoc.xww
Email Address []:xiongww@onecloud.cn

TLS证书认证启动docker registry2

docker run -d -p 5001:5000 --restart=always --name registrywithcerts --privileged=true -v /root/data:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2

2)非证书认证启动

docker run -d -p 5000:5000 --restart=always --privileged=true --name registry   -v /root/data:/var/lib/registry   registry:2

访问非证书认证启动docker registry2

1)内部访问
直接使用命令push和pull docker镜像

docker tag f753707788c5 localhost:5001/ubuntu
docker push localhost:5001/ubuntu

2)外部访问
配置use an insecure registry

Open the /etc/default/docker file or /etc/sysconfig/docker for editing.

$vi /etc/default/docker

Depending on your operating system, your Engine daemon start options.
Edit (or add) the DOCKER_OPTS line and add the –insecure-registry flag.
This flag takes the URL of your registry, for example.

DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000"
ADD_REGISTRY='--add-registry 192.168.153.102:5000'

Close and save the configuration file.
Restart your Docker daemon
The command you use to restart the daemon depends on your operating system. For example, on Ubuntu, this is usually the service docker stop and service docker start command.
Repeat this configuration on every Engine host that wants to access your registry.

sudo service docker stop
sudo service docker start

操作上成功

配置证书访问
官网上说
Instruct every docker daemon to trust that certificate.This is done by copying the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt.

$cp domain.crt \ /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt

domain.crt是运行registry使用的证书
Don’t forget to restart the Engine daemon.
但是操作却未成功

参考
https://docs.docker.com/registry/insecure/
https://docs.docker.com/registry/deploying/#get-a-certificate
https://docs.docker.com/registry/introduction/

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值