When we execute docker pull xxx, docker searches for the image file we need from the address of registry.docker.com by default, and then executes the download operation. This type of mirror warehouse is the default public warehouse of docker, and everyone can directly view or download and use it. However, due to network reasons, the download speed is limited and slower. Therefore, we use dokcer in the company's internal intranet environment, and generally do not upload the image file to the public library on the public network. But internal shared use is a problem, so private warehouses are born from this.
What is a private warehouse?
A private warehouse is a mirrored warehouse built locally (in the internal network environment) that has similar functions to the public network public library. After the establishment, we can submit the packaged image to the private warehouse, so that other users on the intranet can also use the image file.
This article uses the official registry mirroring to build a private mirror warehouse for the enterprise intranet
Environment introduction
Two hosts with docker environment installed
Server: 192.168.3.82 The private warehouse server is in, running the registry container
Client: 192.168.3.83 test client, used to upload and download mirror files
Installation and deployment process
Download the official registry image file
[root@master ~]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
81033e7c1d6a: Pull complete
b235084c2315: Pull complete
c692f3a6894b: Pull complete
ba2177f3a70e: Pull complete
a8d793620947: Pull complete
Digest: sha256:672d519d7fd7bbc7a448d17956ebeefe225d5eb27509d8dc5ce67ecb4a0bce54
Status: Downloaded newer image for docker.io/registry:latest
[root@master ~]# docker images |grep registry
docker.io/registry latest d1fd7d86a825 5 months ago 33.3 MB
Run the registry container
[root@master ~]# mkdir /docker/registry -p
[root@master ~]# docker run -itd -v /docker/registry/:/docker/registry -p 5000:5000 --restart=always --name registry registry:latest
26d0b91a267f684f9da68f01d869b31dbc037ee6e7bf255d8fb435a22b857a0e
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26d0b91a267f registry:latest "/entrypoint.sh /e..." 4 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp registry
参数说明
1)-itd:在容器中打开一个伪终端进行交互操作,并在后台运行;
2)-v:把宿主机的/docker/registry目录绑定到容器/docker/registry目录(这个目录是registry容器中存放镜像文件的目录),来实现数据的持久化;
3)-p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了;
4)--restart=always:这是重启的策略,假如这个容器异常退出会自动重启容器;
5)--name registry:创建容器命名为registry,可自定义任何名称;
6)registry:latest:这个是刚才pull下来的镜像;
View remote warehouse image files
[root@master ~]# curl http://localhost:5000/v2/_catalog
{"repositories":[]}
同样也可以使用浏览器访问http://server-ip:5000/v2/_catalog, 结果相同,都是空的没有任何文件。
Client operation
Modify the downloaded mirror source
[root@slave1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"]
}
[root@slave1 ~]# systemctl restart docker
Download the test image
[root@slave1 ~]# docker pull nginx
Using default tag: latest
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
683abbb4ea60: Pull complete
6ff57cbc007a: Pull complete
162f7aebbf40: Pull complete
Digest: sha256:636dd2749d9a363e5b57557672a9ebc7c6d041c88d9aef184308d7434296feea
Status: Downloaded newer image for docker.io/nginx:latest
Tag the mirror
[root@slave1 ~]# docker tag nginx:latest 192.168.3.82:5000/nginx:v1
[root@slave1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.3.82:5000/nginx v1 649dcb69b782 8 hours ago 109 MB
docker.io/nginx latest 649dcb69b782 8 hours ago 109 MB
Upload image
[root@slave1 ~]# docker push 192.168.3.82:5000/nginx:v1
The push refers to a repository [192.168.3.82:5000/nginx]
Get https://192.168.3.82:5000/v1/_ping: http: server gave HTTP response to HTTPS client
#注意这里出现报错提示,从提示信息可以看出需要使用https的方式才能上传,解决方案如下:
[root@slave1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"],
"insecure-registries":["192.168.3.82:5000"]
}
#添加私有镜像服务器的地址,注意书写格式为json,有严格的书写要求,需要重启docker服务生效配置
[root@slave1 ~]# systemctl restart docker
[root@slave1 ~]# docker push 192.168.3.82:5000/nginx:v1
The push refers to a repository [192.168.3.82:5000/nginx]
6ee5b085558c: Pushed
78f25536dafc: Pushed
9c46f426bcb7: Pushed
v1: digest: sha256:edad5e71815c79108ddbd1d42123ee13ba2d8050ad27cfa72c531986d03ee4e7 size: 948
Review the mirror warehouse
[root@master ~]# curl http://localhost:5000/v2/_catalog
{"repositories":["nginx"]}
[root@master ~]# curl http://localhost:5000/v2/nginx/tags/list
{"name":"nginx","tags":["v1"]}
#查看有哪些版本
Test download
#首先删除客户端主机之前从公共库下载下来的镜像文件
[root@slave1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.3.82:5000/nginx v1 649dcb69b782 10 hours ago 109 MB
docker.io/nginx latest 649dcb69b782 10 hours ago 109 MB
[root@slave1 ~]# docker image rmi -f 649dcb69b782
Untagged: 192.168.3.82:5000/nginx:v1
Untagged: 192.168.3.82:5000/nginx@sha256:edad5e71815c79108ddbd1d42123ee13ba2d8050ad27cfa72c531986d03ee4e7
Untagged: docker.io/nginx:latest
Untagged: docker.io/nginx@sha256:636dd2749d9a363e5b57557672a9ebc7c6d041c88d9aef184308d7434296feea
Deleted: sha256:649dcb69b782d4e281c92ed2918a21fa63322a6605017e295ea75907c84f4d1e
Deleted: sha256:bf7cb208a5a1da265666ad5ab3cf10f0bec1f4bcb0ba8d957e2e485e3ac2b463
Deleted: sha256:55d02c20aa07136ab07ab47f4b20b97be7a0f34e01a88b3e046a728863b5621c
Deleted: sha256:9c46f426bcb704beffafc951290ee7fe05efddbc7406500e7d0a3785538b8735
[root@slave1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
#此时客户端所有的镜像文件全部删除
[root@slave1 ~]# docker pull 192.168.3.82:5000/nginx:v1
Trying to pull repository 192.168.3.82:5000/nginx ...
v1: Pulling from 192.168.3.82:5000/nginx
683abbb4ea60: Pull complete
6ff57cbc007a: Pull complete
162f7aebbf40: Pull complete
Digest: sha256:edad5e71815c79108ddbd1d42123ee13ba2d8050ad27cfa72c531986d03ee4e7
Status: Downloaded newer image for 192.168.3.82:5000/nginx:v1
[root@slave1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.3.82:5000/nginx v1 649dcb69b782 11 hours ago 109 MB
#可以看出,客户端已正常从远端服务器拉取到所需要的镜像文件,其它内网服务器也可以正常共享这台镜像服务器上的镜像文件,不用去公网拉取。
Note: For several resource articles shared before, many resources have been cancelled due to some reasons (link invalidation or copyright reasons), so the migrant worker reorganized one ( including JAVA development, big data, Hadoop, zookeeper, mobile development, System operation and maintenance, database, Python, microservices, architects, Docker containers, K8S and many other video resources), the small partners in need directly visit the following link:
Link: https://pan.baidu.com/s/1VdIPrFcWLNq-8htjniB1Tw Extraction code: w4ry