1.安装podman
Guide:
https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md
软件下载(拉到最下方,选msi文件下载):
Releases · containers/podman · GitHub
2.启动|关闭虚拟机
2.1.如果安装过wsl最好先卸载
查看当前系统下安装的wsl子系统版本:
wslconfig \l
注销需要删除的子系统:
wslconfig \u Ubuntu-18.04 #Ubuntu-18.04是上面查出来的
稍等片刻,等待注销完成,再输入wslconfig \l检查一下,确认注销成功
2.2.初始化虚拟机
podman machine init
2.3.启动虚拟机(start|stop|ls|ssh|rm)
podman machine start
2.4.进入wsl子进程(退出到父进程:ctl+d)
wsl -d podman-machine-default
3.使用ssh工具连接虚拟机
3.1.获得虚拟机开放的ssh的ip和端口号
podman machine ssh
3.2.确认已经生成密匙文件
C:\Users\[username]\.ssh\podman-machine-default
3.3.如图,指定密匙文件(我用的会自动转化为ppk文件)
image.png
4.搭建仓库(准备工作)
4.1.生成目录
/registry/auth
/registry/data
/registry/certs (不搭https的话不需要这个目录)
4.2.使用htpasswd创建基本的认证用户
安装htpasswd
yum -y install httpd-tools
生成认证用户
cd /registry/auth
htpasswd -bc registry.password username password
在当前目录(auth)下面会生成一个文件registry.password文件
4.3.生成密匙和自签证书 (不搭https的话不需要)
cd /registry/certs
yum install openssl openssl-devel
sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key -out registry.crt
录入证书信息:
CN
Province
City
Company
UnitName
CommonName
Email
openssl x509 -inform PEM -in registry.crt -out registry.cert
4.4.拉取registry镜像(用这个镜像来搭建仓库)
去docker hub申请一个账号:(当然你可以挑战一下不申请账号)
匿名下载会因为流量限制发生Error
toomanyrequests: You have reached your pull rate limit.
登录docker hub后拉取registry镜像
docker login
docker pull registry
5.搭建仓库(启动registry http)
直接启动可能会出现以下问题:
http: server gave HTTP response to HTTPS client
connect: no route to host
解决方法为修改配置文件:
/etc/containers/registries.conf
unqualified-search-registries = ["localhost:5000"]
[[registry]]
location = "localhost:5000"
insecure = true
# If true, unencrypted HTTP as well as TLS connections with untrusted
# certificates are allowed.
block = false
启动registry
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password \
-v "$(pwd)"/data:/data \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data \
registry
docker run 参数详解
-d后台运行
-p指定端口
-v把镜像路径映射到本机的
验证:
docker ps -a
查看registry已经被启动,不看也没关系。
curl -s -k -u username:password http://localhost:5000/v2/_catalog
如果返回{"repositories":[]}则表示我们搭建成功
#push测试
docker tag docker.io/library/registry localhost:5000/library/registry:1.0.0
docker login -u username -p password localhost:5000
docker push localhost:5000/library/registry:1.0.0
curl -s -k -u username:password http://localhost:5000/v2/_catalog
{"repositories":["library/registry"]}
curl -s -k -u username:password http://localhost:5000/v2/library/registry/tags/list
{"name":"library/registry","tags":["1.0.0"]}
#pull测试
docker pull localhost:5000/library/registry:1.0.0
其他相关命令:
docker stop registry
docker rm registry
docker run xxx
docker stop registry
6.搭建仓库(启动registry https)
配置密匙,证书:
mkdir /etc/containers/certs.d/localhost:5000
cp -r /registry/certs/* /etc/containers/certs.d/localhost:5000
cat /registry/certs/registry.crt >> /etc/pki/tls/certs/ca-bundle.crt
修改配置文件:
/etc/containers/registries.conf
unqualified-search-registries = ["localhost:5000"]
[[registry]]
location = "localhost:5000"
#insecure = true
# If true, unencrypted HTTP as well as TLS connections with untrusted
# certificates are allowed.
block = false
启动registry(https)
docker run -d \
--privileged=true \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password \
-v "$(pwd)"/data:/data \
-v "$(pwd)"/certs:/certs:z \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/registry.key \
-p 5000:5000 \
registry
验证:
因为使用的是自签证书,所以客户段需要主动认可,有些麻烦,
使用正式机构发布的证书就不会有这个问题了,
这里使用--tls-verify=false来跳过tls验证。
其他部分与http基本相同,参考http部分即可。
docker login --tls-verify=false --username username --password password localhost:5000
网友评论