仓库(Repository)是集中存放镜像的地方,又分为公有仓库和私有仓库。
Docker Hub是Docker官方提供的最大的公共镜像仓库。
国内不少云服务商都提供了第三方镜像市场,如:腾讯云、网易云、阿里云等。
接下来讲的是用Docker部署私有仓库registry。
————————————————————————————————
实验环境:
系统版本:centos7.4.1708
Docker版本:19.03.8
实验主机:
docker01:192.168.1.3
docker02:192.168.1.4(作为仓库)
使用Docker启动私有仓库registry:(docker02)
# docker run -d -p 5000:5000 \
> --restart=always \
> -v /opt/myregistry:/var/lib/registry \
> --name registry \
> registry
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fcd85446d866 registry "/entrypoint.sh /etc…" 10 seconds ago Up 9 seconds 0.0.0.0:5000->5000/tcp registry
#以上各项参数说明:
-d:后台运行
-p 5000:5000:映射本地5000端口到容器的5000端口
--restart=always:docker重启时容器自动重启
-v /opt/myregistry:/var/lib/registry:挂在本地目录到容器目录
--name registry:设置容器别名
修改docker配置文件:(docker01)
# vim /etc/docker/daemon.json
# cat /etc/docker/daemon.json
{
"registry-mirrors":["https://655dds7u.mirror.aliyuncs.com"],
"insecure-registries":["192.168.1.4:5000"]
}
# systemctl restart docker
上传镜像测试:
# docker tag nginx:latest 192.168.1.4:5000/nginx:latest
# docker push 192.168.1.4:5000/nginx:latest
The push refers to repository [192.168.1.4:5000/nginx]
b3003aac411c: Pushed
216cf33c0a28: Pushed
c2adabaecedb: Pushed
latest: digest: sha256:cccef6d6bdea671c394956e24b0d0c44cd82dbe83f543a47fdc790fadea48422 size: 948
给私有仓库做加密认证:(docker02)
# yum -y install httpd-tools
# mkdir -p /opt/registry-var/auth
# htpasswd -Bbn yyang 123123 >>/opt/registry-var/auth/htpasswd
删除之前的仓库:(docker02)
# docker stop 2d4fc1d56733
# docker rm 2d4fc1d56733
重新启动一个新容器:(docker02)
# docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -v /opt/myregistry:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd --name registry registry
上传镜像测试:(docker01)
# docker push 192.168.1.4:5000/nginx:latest
The push refers to repository [192.168.1.4:5000/nginx]
b3003aac411c: Preparing
216cf33c0a28: Preparing
c2adabaecedb: Preparing
no basic auth credentials
# docker login http://192.168.1.4:5000
Username: yyang
Password:
# docker push 192.168.1.4:5000/ubuntu:latest
The push refers to repository [192.168.1.4:5000/ubuntu]
8891751e0a17: Pushed
2a19bd70fcd4: Pushed
9e53fd489559: Pushed
7789f1a3d4e9: Pushed
latest: digest: sha256:5747316366b8cc9e3021cd7286f42b2d6d81e3d743e2ab571f55bcd5df788cc8 size: 1152
发现需要先登录仓库才能上传镜像,下载方式相同。
此实验到此为结束。