官方方式部署的私有仓库如下:
镜像仓库
1、搭建私有镜像仓库并测试
docker pull registry
docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry
curl http://ip:5000/v2/_catalog
2、配置私有仓库可信任,上传下载测试、列出镜像标签
cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://t3xbrfwz.mirror.aliyuncs.com"],"insecure-registries":["192.168.16.34:5000"]
}
systemctl daemon-reload && systemctl restart docker
docker tag ssh:latest 192.168.16.34:5000/ssh:v1
docker push 192.168.16.34:5000/ssh
docker pull 192.168.16.34:5000/ssh:v1
curl http://192.168.16.34:5000/v2/ssh/tags/list
3、带用户验证私有镜像仓库搭建
1>下载registry镜像
docker pull registry
2>生成用户名密码 访问密钥 (这里设置用户名是duan 密码是duan@1994)
设置配置config.yml文件,启用删除镜像功能(也可以不启用,看业务需要,修改 storage - delete - enable 为 false 即可
mkdir -p /opt/registry-var/auth/
docker run --entrypoint htpasswd registry -Bbn duan duan@1994 >> /opt/registry-var/auth/htpasswd
mkdir -p /opt/registry-var/config
vim /opt/registry-var/config/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
3>启动服务(这里将镜像路径映射到宿主机的 /opt/registry-var/ 文件夹下,可以根据需要修改)
docker run -d -p 5000:5000 --restart=always --name=registry \
-v /opt/registry-var/config/:/etc/docker/registry/ \
-v /opt/registry-var/auth/:/auth/ \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /opt/registry-var/:/var/lib/registry/ \
registry
4>配置私有仓库可信任,登陆、登出、上传下载测试、列出镜像标签
cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://t3xbrfwz.mirror.aliyuncs.com"],"insecure-registries":["192.168.16.34:5000"]
}
systemctl daemon-reload && systemctl restart docker
docker login 192.168.16.34:5000
docker tag registry:latest 192.168.16.34:5000/registry:latest
docker push 192.168.16.34:5000/registry:latest
curl -u duan:duan@1994 http://192.168.16.34:5000/v2/_catalog
curl -u duan:duan@1994 http://192.168.16.34:5000/v2/registry/tags/list
docker logout 192.168.16.34:5000
5>删除镜像仓库镜像
a-1:首先拿到digest_hash 参数
curl -u duan:duan@1994 --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -X GET http://192.168.16.34:5000/v2/registry/manifests/latest
a-2:删除镜像清单
curl -u duan:duan@1994 -I -X DELETE http://192.168.16.34:5000/v2/registry/manifests/sha256:003a106b827ab7f5bd7140d08020b16c87cd6bcac024b01fe6247f87632f2978
a-3: 清理文件系统
docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
b、删除某镜像所有版本
docker exec registry rm -rf /var/lib/registry/docker/registry/v2/repositories/ubuntu
docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
c、删除后需要重启registry容器、尽量不要删除镜像,以免损坏Layer,更新镜像直接上传覆盖即可