Docker Registry
1. 概述
公开的docker镜像仓库有很多,资源也很丰富,例如dockerhub。
但是,基于各种需求,我们可能需要搭建自己的私有镜像仓库,可能是为了镜像文件的安全,也可能是为了节省集群对外的网络带宽。
本文简单介绍docker私有仓库的搭建步骤,入门学习而已,高级玩法还需要深入研究。
Docker
2. 通过docker启动registry
2.1. 创建htpasswd文件
$ mkdir docker-repo
$ cd docker-repo
$ sudo apt install apache2-utils
$ htpasswd -Bbn testuser testpassword > htpasswd
- 参考:
https://docs.docker.com/registry/deploying/#native-basic-auth
https://docs.docker.com/registry/configuration/#htpasswd
2.2. 两种启动方式
- docker run a container
$ docker pull registry:2.7
$ docker run -d \
-p 5000:5000 \
--restart=always \
--name registry:2.7 \
-v /mnt/registry:/var/lib/registry \
-v "$(pwd)"/htpasswd:/auth/htpasswd \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
registry:2
- docker compose
$ docker pull registry:2.7
$ cat docker-compose.yml
version: '2.3'
services:
docker-repo:
image: 'registry:2.7'
restart: always
volumes:
- ./registry:/var/lib/registry
- ./htpasswd:/auth/htpasswd
environment:
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
ports:
- 5000:5000
$ docker-compose up -d
3. 测试
3.1. login private registry
- 设置hostname,以及docker daemon config
$ cat /etc/hosts
127.0.0.1 test-vm1
$ cat /etc/docker/daemon.json
{
"insecure-registries": ["test-vm1:5000"]
}
- 也可以不设置hostname,直接通过Registry Host IP访问
$ cat /etc/docker/daemon.json
{
"insecure-registries": ["127.0.0.1:5000"]
}
- login
$ docker login test-vm1:5000
Username: testuser
Password:
Login Succeeded
3.2. push images to private registry
- pull两个dockerhub的images
$ docker pull ubuntu:20.04
$ docker pull redis:5.0
- push到本地的private registry
$ docker tag ubuntu:20.04 test-vm1:5000/ubuntu:20.04
$ docker tag redis:5.0 test-vm1:5000/redis:5.0
$ docker push test-vm1:5000/ubuntu:20.04
$ docker push test-vm1:5000/redis:5.0
3.3. docker pull from private registry
- docker pull from another host
$ docker pull test-vm1:5000/ubuntu:20.04
$ docker pull test-vm1:5000/redis:5.0
- 查看registry目录,可以看到全部images
$ tree registry/ -L 5
registry/
└── docker
└── registry
└── v2
├── blobs
│ └── sha256
└── repositories
├── redis
└── ubuntu
- 通过API查看仓库
$ curl -u 'testuser:testpassword' localhost:5000/v2/_catalog
{"repositories":["redis","ubuntu"]}
$ curl -u 'testuser:testpassword' localhost:5000/v2/redis/tags/list
{"name":"redis","tags":["5.0"]}
4. References
- docker registry image
https://hub.docker.com/_/registry/ - Docker Registry
https://docs.docker.com/registry/ - Configuring a registry
https://docs.docker.com/registry/configuration/ - Docker私有仓库
https://www.cnblogs.com/battor/p/docker_private_registry.html
网友评论