docker私有仓库简介:
(1)registry用于保存docker镜像,包括镜像的层次结构和元数据。
(2)用户可自建registry,也可使用官方的docker hub
docker registry分类:
(1)sponsor registry:第三方的registry,供客户和docker社区版使用
(2)mirror registry:第三方的registry,只让客户使用
(3)vendor registry:由发布docker镜像的供应商提供的registry
(4)private registry:通过没有防火墙和额外的安全层的私有实体提供的registry
docker-distribution的私仓搭建。
node2 | node3 |
---|---|
docker | docker(docker-distribution) |
10.5.100.208 | 10.5.100.183 |
[root@node3 docker]# yum install docker-distribution -y
[root@node3 docker]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry
[root@node3 docker]# cd /etc/docker-distribution/registry/
[root@node3 registry]# ls
config.yml
[root@node3 registry]# vim config.yml
version: 0.1
log:
fields:
service: registry 服务为registry
storage:
cache:
layerinfo: inmemory 缓存在内存中
filesystem:
rootdirectory: /var/lib/registry 存储的目录
http:
addr: :5000 表示监听本机所有的地址5000端口
[root@node3 registry]# systemctl start docker-distribution
[root@node3 registry]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::5000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node3 registry]#
二:当我们把自己的私有仓库建好之后,就可以将镜像推送到自己的仓库中。
[root@node2 docker]# docker image ls -a 查看node2这台主机的镜像文件
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> dcc1f2e2de28 6 hours ago 16MB
tinyh6 latest ca91727fde19 6 hours ago 16MB
<none> <none> 11fccbc7a094 6 hours ago 16MB
tinyh5 latest ede064a8dd00 6 hours ago 16MB
<none> <none> afbf9c836cba 6 hours ago 16MB
<none> <none> d89058d0a8d2 6 hours ago 16MB
<none> <none> e355b52e51c3 6 hours ago 16MB
<none> <none> 82ee621fddc0 6 hours ago 16MB
tinyhttpd3 latest d8511dad36d5 6 hours ago 16MB
tinyhttpd2 latest 617f7b096967 3 days ago 16MB
[root@node2 docker]# docker tag tinyh6 node3:5000/tinyh6 为其中一个镜像打个标签,以tiny6镜像为列,将这个镜像推送到node3主机上以5000端口进行连入,仓库名称tinyh6前面没有用户名表示这是个顶级仓库。
[root@node2 docker]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> dcc1f2e2de28 6 hours ago 16MB
tinyh6 latest ca91727fde19 6 hours ago 16MB
node3:5000/tinyh6 latest ca91727fde19 6 hours ago 16MB
<none> <none> afbf9c836cba 6 hours ago 16MB
tinyh5 latest ede064a8dd00 6 hours ago 16MB
<none> <none> d89058d0a8d2 6 hours ago 16MB
<none> <none> 11fccbc7a094 6 hours ago 16MB
<none> <none> 82ee621fddc0 6 hours ago 16MB
<none> <none> e355b52e51c3 6 hours ago 16MB
[root@node2 docker]# docker push node3:5000/tinyh6 向node3推送镜像时报错,原因:因为docker push这个动作是
基于https工作的而服务端node3以http协议接受的所以推送时报错。
The push refers to repository [node3:5000/tinyh6]
Get https://node3:5000/v2/: dial tcp: lookup node3 on 10.5.11.5:53: server misbehaving
[root@node2 docker]#
[root@node2 ~]# vim /etc/docker/daemon.json 修改daemon.json文件
{
"bip": "172.17.0.2/16",
"registry-mirrors": [
"https://a73cc22x.mirror.aliyuncs.com",
"https://registry.docker-cn.com"
],
"insecure-registries": ["node3:5000"] 添加这项表示这个registries是不安全的,所以能以http推送,注意:中括号中必须是以docker仓库引用的一样。
}
[root@node2 ~]# systemctl restart docker
[root@node2 ~]# docker push node3:5000/tinyh6 重启docker后,再次推送。
[root@node2 ~]# docker push node3:5000/tinyh6
The push refers to repository [node3:5000/tinyh6]
260d471e47c5: Pushed
840e99192670: Pushed
076c58d2644f: Pushed
b2cbae4b8c15: Pushed
5ac9a5170bf2: Pushed
a464c54f93a9: Pushed
latest: digest: sha256:2362b2e0360a87eb976358f48334b38261c387595490844caea50d4d23dabfe0 size: 1567
[root@node2 ~]#
进入node3主机中,验证仓库的推送.
[root@node3 harbor]# cd /var/lib/registry/
[root@node3 registry]# ls
docker
[root@node3 registry]# cd docker/
[root@node3 docker]# ls
registry
[root@node3 docker]# cd registry/
[root@node3 registry]# ls
v2
[root@node3 registry]# cd v2
[root@node3 v2]# ls
blobs repositories
[root@node3 v2]# cd repositories/
[root@node3 repositories]# ls
tinyh6
[root@node3 repositories]# cd tinyh6/
[root@node3 tinyh6]# ls
_layers _manifests _uploads
[root@node3 tinyh6]#
repository
(1)由某特定的docker镜像所有迭代版本组成的镜像仓库
(2)一个registry中可以在多个repository,repository可分为顶层仓库,和用户仓库,用户仓库名称格式为用户名/仓库名
(3)每个仓库可以包含多个tag,每个标签对应一个镜像。