1、再创建一台虚拟机10.0.0.106用来当docker仓库,先安装docker,然后
docker pull registry
2、创建一个文件夹用来放密码然后生成密码
mkdir auth
docker run --entrypoint htpasswd registry:latest -Bbn wangxiaoyu 123456 >/root/auth/htpasswd
[root@registry-106 ~]# cat /root/auth/htpasswd
wangxiaoyu:$2y$05$DwX8VjTfB8i0VJAsbb8PKuudvKJRghsRAk30pzr2Wajd/Fqa/8cK.
3、Registry服务默认会将上传的镜像保存在容器的/var/lib/registry,我们将主机的/opt/registry目录挂载到该目录,即可实现将镜像保存到主机的/opt/registry目录了。
mkdir /opt/registry
4、将主机的/root/auth目录挂载到镜像的/auth目录下,然后指定这个目录下的htpasswd文件来进行认证。
docker run -d \
-v /opt/registry:/var/lib/registry \
-v /root/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-p 5000:5000 --restart=always --name registry registry:latest
5、登录仓库进行测试
[root@registry-106 ~]# docker login 127.0.0.1:5000
Username: wangxiaoyu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
6、下载一个hello-world镜像,然后标记,再上传,docker tag 用于给镜像打标签,打完标签后会生成新的镜像。
将本地的hello-world:latest镜像打标签,并选择registry私有镜像服务器的IP地址和端口以便识别,新的标签为v1
docker pull hello-world
docker tag hello-world:latest 127.0.0.1:5000/hello-world:v1
docker push 127.0.0.1:5000/hello-world:v1
7、可以看到有刚才上传的镜像
[root@registry-106 ~]# ls /opt/registry/docker/registry/v2/repositories/
hello-world lnmp
[root@registry-106 ~]# curl -u wangxiaoyu:123456 127.0.0.1:5000/v2/_catalog
{"repositories":["hello-world","lnmp/mysql","lnmp/nginx","lnmp/php"]}
8、把主机上的镜像删除,然后从仓库下载
docker pull 127.0.0.1:5000/hello-world:v1
9、在K8s集群上每个节点都把私有仓库设为安全可信任的,
vim /etc/docker/daemon.json
[root@k8s-master-101 volume]# cat /etc/docker/daemon.json
{ "insecure-registries":["10.0.0.106:5000"] }
[root@k8s-master-101 volume]# systemctl daemon-reload
[root@k8s-master-101 volume]# systemctl restart docker.service
否则会出现错误Error response from daemon: Get https://10.0.0.106:5000/v2/: http: server gave HTTP response to HTTPS client
10、在master上输入账号密码登录测试,我之前登录过了所以不用密码了
[root@k8s-master-101 volume]# docker login 10.0.0.106:5000
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded