Docker私有仓库Registry部署的实现
随着docker使用的镜像越来越多,就需要有一个保存镜像的地方,这就是仓库。目前常用的两种仓库:公共仓库和私有仓库。最方便的就是使用公共仓库上传和下载,下载公共仓库的镜像是不需要注册的,但是上传时,是需要注册的。
私有仓库最常用的就是Registry、Harbor两种,那接下来详细介绍如何搭建registry私有仓库,Harbor将在下一篇博文部署。
一、部署Registry私有仓库
案例描述
两台CentOS7.4,一台为Docker私有仓库;另一台为Docker客户端,测试使用;
两台服务器都需要安装Docker服务,请参考博文:安装Docker.v19版本
1、配置registry私有仓库
[root@centos01~]#echo"net.ipv4.ip_forward=1">>/etc/sysctl.conf [root@centos01~]#sysctl-p net.ipv4.ip_forward=1 [root@centos01~]#vim/etc/docker/daemon.json {"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]} [root@centos01~]#systemctlreloaddocker [root@centos01~]#dockersearchregistry [root@centos01~]#dockerrun-d-p5000:5000--nameregistry--restart=always-v/opt/registry:/var/lib/registryregistry [root@centos01~]#dockerps CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES a7773d77b8a3registry"/entrypoint.sh/etc…"50secondsagoUp46seconds0.0.0.0:5000->5000/tcpregistry [root@centos01~]#dockerimages REPOSITORYTAGIMAGEIDCREATEDSIZE registrylatest708bc6af7e5e3monthsago25.8MB tomcatlatest1b6b1fe7261e5daysago647MB hub.c.163.com/public/centos6.7-toolsb2ab0ed558bb3yearsago602MB [root@centos01~]#vim/etc/docker/daemon.json {"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"], "insecure-registries":["192.168.100.10:5000"] } [root@centos01~]#systemctlreloaddocker
2、上传镜像到registry私有仓库
[root@centos01~]#dockertaghub.c.163.com/public/centos:6.7-tools192.168.100.10:5000/image/centos:6.7 [root@centos01~]#dockerpush192.168.100.10:5000/image/centos:6.7
二、配置Docker客户端访问私有仓库
[root@centos02~]#vim/etc/docker/daemon.json {"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"], "insecure-registries":["192.168.100.10:5000"] } [root@centos02~]#systemctlrestartdocker [root@centos02~]#dockerpull192.168.100.10:5000/image/centos:6.7 [root@centos02~]#dockerimages REPOSITORYTAGIMAGEIDCREATEDSIZE 192.168.100.10:5000/image/centos6.7b2ab0ed558bb3yearsago602MB
至此registry私有仓库已经搭建完成,但是现在存在一个问题,如果这也部署的话企业内部所有人员皆可访问我们的私有仓库,为了安全起见,接下来为registry添加一个身份验证,只有通过了身份验证才可以上传或者下载私有仓库中的镜像。
三、配置registry加载身份验证
[root@centos01~]#yum-yinstallhttpd-tools [root@centos01~]#mkdir/opt/registry-auth [root@centos01~]#htpasswd-Bbnbobpwd@123>/opt/registry-auth/htpasswd [root@centos01~]#dockerrun-d-p5000:5000--restart=always\ -v/opt/registry-auth/:/auth/\ -v/opt/registry:/var/lib/registry--nameregistry-auth-e"REGISTRY_AUTH=htpasswd"\ -e"REGISTRY_AUTH_HTPASSWD_REALM=RegistryRealm"\ -e"REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"registry [root@centos01~]#dockertagtomcat:latest192.168.100.10:5000/image/tomcat:1.0 [root@centos01~]#dockerpush192.168.100.10:5000/image/tomcat:1.0 nobasicauthcredentials [root@centos01~]#dockerlogin192.168.100.10:5000 Username:bob Password: ……………… LoginSucceeded [root@centos01~]#dockerpush192.168.100.10:5000/image/tomcat:1.0 Thepushreferstorepository[192.168.100.10:5000/image/tomcat] b0ac242ce8d3:Pushed 5e71d8e4cd3d:Pushed eb4497d7dab7:Pushed bfbfe00b44fc:Pushed d39111fb2602:Pushed 155d997ed77c:Pushed 88cfc2fcd059:Pushed 760e8d95cf58:Pushed 7cc1c2d7e744:Pushed 8c02234b8605:Pushed 1.0:digest:sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181csize:2421 [root@centos02~]#dockerpull192.168.100.10:5000/image/tomcat:1.0 Errorresponsefromdaemon:Gethttp://192.168.100.10:5000/v2/image/tomcat/manifests/1.0:nobasicauthcredentials [root@centos02~]#dockerlogin192.168.100.10:5000 Username:bob Password: LoginSucceeded [root@centos02~]#dockerpull192.168.100.10:5000/image/tomcat:1.0 1.0:Pullingfromimage/tomcat 376057ac6fa1:Pullcomplete 5a63a0a859d8:Pullcomplete 496548a8c952:Pullcomplete 2adae3950d4d:Pullcomplete 0a297eafb9ac:Pullcomplete 09a4142c5c9d:Pullcomplete 9e78d9befa39:Pullcomplete 18f492f90b9c:Pullcomplete 7834493ec6cd:Pullcomplete 216b2be21722:Pullcomplete Digest:sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c Status:Downloadednewerimagefor192.168.100.10:5000/image/tomcat:1.0 192.168.100.10:5000/image/tomcat:1.0 [root@centos02~]#dockerimages REPOSITORYTAGIMAGEIDCREATEDSIZE 192.168.100.10:5000/image/tomcat1.01b6b1fe7261e5daysago647MB 192.168.100.10:5000/image/centos6.7b2ab0ed558bb3yearsago602MB
到此这篇关于Docker私有仓库Registry部署的实现的文章就介绍到这了,更多相关Docker私有仓库Registry内容请搜索毛票票以前的文章或继续浏览下面的相关文章希望大家以后多多支持毛票票!