docker: quickly build a private mirror warehouse with registry

Others 2021-03-31 16:15:17 views: null

1. Background

In Docker, when we execute docker pull xxx, we may be curious, where will docker look for and download the image?

It is actually searched from the address of registry.hub.docker.com. This is the public warehouse provided by Docker. Everyone can see and use the above mirror. Therefore, we can also bring the warehouse address to pull the image, such as: docker pull registry.hub.docker.com/library/alpine, but note that the default name of the image downloaded in this way will be longer.
 If we want to use Docker in a company, it is basically impossible for us to upload commercial projects to a public warehouse, so what can we do if we want to share multiple machines?

Because of this need, private warehouses are also useful.

The so-called private warehouse is something similar to a public warehouse built locally (local area network). After building, we can submit the image to the private warehouse. In this way, we can not only use Docker to run our project images, but also avoid the risks exposed by commercial projects.

Below we use the official registry mirror to build a private mirror warehouse, of course, there are many other methods.

2. Environment

Prepare two servers with docker installed:
server machine (host name registry): docker private warehouse server, running registry container;
test machine (host name node): ordinary docker server, download one on this server Test the image busybox and upload it to the registry server for testing;

3. Deployment (server operation)

3.1 Download the mirror registry

[root@registry ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
81033e7c1d6a: Pull complete 
b235084c2315: Pull complete 
c692f3a6894b: Pull complete 
ba2177f3a70e: Pull complete 
a8d793620947: Pull complete 
Digest: sha256:672d519d7fd7bbc7a448d17956ebeefe225d5eb27509d8dc5ce67ecb4a0bce54
Status: Downloaded newer image for registry:latest

3.2 Check whether the pull down under the mirror
Insert picture description here

3.3 Run the registry container

[root@registry ~]# docker run -itd -v /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest 
06a972de6218b1f1c3bf9b53eb9068dc66d147d14e18a89ab51db13e339d3dc9

Parameter Description

-itd: Open a pseudo terminal in the container for interactive operations, and run in the background;
-v: Bind the host's /data/registry directory to the container /var/lib/registry directory (this directory is stored in the registry container The directory of the image file) to achieve data persistence;
-p: mapping port; access to the host's 5000 port to access the service of the registry container;
--restart=always: this is the restart strategy, if the container exits abnormally The container will be restarted automatically;
--name registry: create a container and name it registry, you can name it whatever you want;
registry:latest: this is the image pulled down just now;

3.4 Test all the mirrors in the mirror warehouse

在这里插入代码片[root@registry ~]# curl http://127.0.0.1:5000/v2/_catalog
{
    
    "repositories":[]}

It is empty now, because it has just run and there is no image content in it.

4. Test the mirror warehouse (operation on the test side)

4.1 Modify the mirror source and restart the docker service

[root@node ~]# vim /etc/docker/daemon.json
{
    
    
  "registry-mirrors": [ "https://registry.docker-cn.com"]
}

[root@node ~]# systemctl restart docker

4.1 Download busybox image

[root@node ~]# docker pull busybox
[root@node ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
busybox             latest              f6e427c148a7        36 hours ago        1.15MB

4.2 Tag the image

[root@node ~]# docker tag busybox:latest  172.18.18.90:5000/busybox:v1

Format description: Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

busybox: lastest This is the source mirror, and also the mirror file
that was pulled down just now; 172.18.18.90:500/busybox:v1: This is the target mirror, which is also the IP address and port of the registry private mirror server;

Check the tag:
Insert picture description here
4.3 Upload to the mirror server

[root@node ~]# docker push 172.18.18.90:5000/busybox:v1 
The push refers to repository [172.18.18.90:5000/busybox]
Get https://172.18.18.90:5000/v2/: http: server gave HTTP response to HTTPS client

Attention, this is an error. The https method is required to upload. We can modify daemon.json to solve it:

[root@node ~]# vim /etc/docker/daemon.json 
{
    
    
  "registry-mirrors": [ "https://registry.docker-cn.com"],
  "insecure-registries": [ "172.18.18.90:5000"]
}

Add the address of the private mirror server, note that the writing format is json, there are strict writing requirements, and then restart the docker service:

[root@node ~]# systemctl  restart docker

You can see that there is no problem in this upload:

[root@node ~]# docker push 172.18.18.90:5000/busybox:v1 
The push refers to repository [172.18.18.90:5000/busybox]
c5183829c43c: Pushed 
v1: digest: sha256:c7b0a24019b0e6eda714ec0fa137ad42bc44a754d9cea17d14fba3a80ccc1ee4 size: 527

4.4 Test download image

The upload test is no problem, let's test download the busybox image just uploaded from the registry server, first delete the image on the node host:

[root@node ~]# docker rmi -f $(docker images -aq)
Untagged: 172.18.18.90:5000/busybox:v1
Untagged: 172.18.18.90:5000/busybox@sha256:c7b0a24019b0e6eda714ec0fa137ad42bc44a754d9cea17d14fba3a80ccc1ee4
Untagged: busybox:latest
Untagged: busybox@sha256:2107a35b58593c58ec5f4e8f2c4a70d195321078aebfadfbfb223a2ff4a4ed21
Deleted: sha256:f6e427c148a766d2d6c117d67359a0aa7d133b5bc05830a7ff6e8b64ff6b1d1d
Deleted: sha256:c5183829c43c4698634093dc38f9bee26d1b931dedeba71dbee984f42fe1270d

查看一下node主机上的镜像全部删除了:
[root@node ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

Then, download the busybox image from the registry server:

[root@node ~]# docker pull 172.18.18.90:5000/busybox:v1
v1: Pulling from busybox
d070b8ef96fc: Pull complete 
Digest: sha256:c7b0a24019b0e6eda714ec0fa137ad42bc44a754d9cea17d14fba3a80ccc1ee4
Status: Downloaded newer image for 172.18.18.90:5000/busybox:v1
[root@node ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
172.18.18.90:5000/busybox   v1                  f6e427c148a7        36 hours ago        1.15MB

List all mirrors:

[root@node ~]# curl  http://172.18.18.90:5000/v2/_catalog
{
    
    "repositories":["busybox"]}

List what tags the busybox image has:

[root@node ~]# curl  http://172.18.18.90:5000/v2/busybox/tags/list
{
    
    "name":"busybox","tags":["v1"]}

Guess you like

Origin blog.csdn.net/ichen820/article/details/115209392
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com