Docker私有仓库如何实现Registry部署

小编这次要给大家分享的是Docker私有仓库如何实现Registry部署,文章内容丰富,感兴趣的小伙伴可以来了解一下,希望大家阅读完这篇文章之后能够有所收获。

十余年的黑山网站建设经验,针对设计、前端、开发、售后、文案、推广等六对一服务,响应快,48小时及时工作处理。成都全网营销的优势是能够根据用户设备显示端的尺寸不同,自动调整黑山建站的显示方式,使网站能够适用不同显示终端,在浏览器中调整网站的宽度,无论在任何一种浏览器上浏览网站,都能展现优雅布局与设计,从而大程度地提升浏览体验。创新互联从事“黑山网站设计”,“黑山网站推广”以来,每个客户项目都认真落实执行。

随着docker使用的镜像越来越多,就需要有一个保存镜像的地方,这就是仓库。目前常用的两种仓库:公共仓库和私有仓库。最方便的就是使用公共仓库上传和下载,下载公共仓库的镜像是不需要注册的,但是上传时,是需要注册的。

私有仓库最常用的就是Registry、Harbor两种,那接下来详细介绍如何搭建registry私有仓库,Harbor将在下一篇博文部署。

一、部署Registry私有仓库

案例描述

两台CentOS7.4,一台为Docker私有仓库;另一台为Docker客户端,测试使用;

两台服务器都需要安装Docker服务,请参考博文:安装Docker.v19版本

1、配置registry私有仓库

[root@centos01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf  
    
[root@centos01 ~]# sysctl -p  
net.ipv4.ip_forward = 1
[root@centos01 ~]# vim /etc/docker/daemon.json  
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]}  
[root@centos01 ~]# systemctl reload docker 
[root@centos01 ~]# docker search registry 

[root@centos01 ~]# docker run -d -p 5000:5000 --name registry --restart=always -v /opt/registry:/var/lib/registry registry
 
 
[root@centos01 ~]# docker ps  
CONTAINER ID    IMAGE        COMMAND         CREATED       STATUS       PORTS          NAMES
a7773d77b8a3    registry      "/entrypoint.sh /etc…"  50 seconds ago   Up 46 seconds    0.0.0.0:5000->5000/tcp  registry
[root@centos01 ~]# docker images  
REPOSITORY          TAG         IMAGE ID      CREATED       SIZE
registry           latest       708bc6af7e5e    3 months ago    25.8MB
tomcat            latest       1b6b1fe7261e    5 days ago     647MB
hub.c.163.com/public/centos  6.7-tools      b2ab0ed558bb    3 years ago     602MB
[root@centos01 ~]# vim /etc/docker/daemon.json 
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"]  
}
[root@centos01 ~]# systemctl reload docker  

2、上传镜像到registry私有仓库

[root@centos01 ~]# docker tag hub.c.163.com/public/centos:6.7-tools 192.168.100.10:5000/image/centos:6.7  
    
[root@centos01 ~]# docker push 192.168.100.10:5000/image/centos:6.7 

二、配置Docker客户端访问私有仓库


[root@centos02 ~]# vim /etc/docker/daemon.json  
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"],
"insecure-registries":["192.168.100.10:5000"]  
}
[root@centos02 ~]# systemctl restart docker  
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/centos:6.7 
         
[root@centos02 ~]# docker images 
REPOSITORY             TAG         IMAGE ID      CREATED       SIZE
192.168.100.10:5000/image/centos  6.7         b2ab0ed558bb    3 years ago     602MB

至此registry私有仓库已经搭建完成,但是现在存在一个问题,如果这也部署的话企业内部所有人员皆可访问我们的私有仓库,为了安全起见,接下来为registry添加一个身份验证,只有通过了身份验证才可以上传或者下载私有仓库中的镜像。

三、配置registry加载身份验证

[root@centos01 ~]# yum -y install httpd-tools  
[root@centos01 ~]# mkdir /opt/registry-auth 
[root@centos01 ~]# htpasswd -Bbn bob pwd@123 > /opt/registry-auth/htpasswd
 



[root@centos01 ~]# docker run -d -p 5000:5000 --restart=always \
-v /opt/registry-auth/:/auth/ \
-v /opt/registry:/var/lib/registry --name registry-auth -e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry 
 
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:5000/image/tomcat:1.0 
    
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0 

no basic auth credentials

[root@centos01 ~]# docker login 192.168.100.10:5000 
    
Username: bob   
Password:    
……………… 
Login Succeeded     
[root@centos01 ~]# docker push 192.168.100.10:5000/image/tomcat:1.0 
The push refers to repository [192.168.100.10:5000/image/tomcat]
b0ac242ce8d3: Pushed
5e71d8e4cd3d: Pushed
eb4497d7dab7: Pushed
bfbfe00b44fc: Pushed
d39111fb2602: Pushed
155d997ed77c: Pushed
88cfc2fcd059: Pushed
760e8d95cf58: Pushed
7cc1c2d7e744: Pushed
8c02234b8605: Pushed
1.0: digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c size: 2421
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0 
 
Error response from daemon: Get http://192.168.100.10:5000/v2/image/tomcat/manifests/1.0: no basic auth credentials
[root@centos02 ~]# docker login 192.168.100.10:5000 
    
Username: bob  
Password:     
Login Succeeded   
[root@centos02 ~]# docker pull 192.168.100.10:5000/image/tomcat:1.0 
1.0: Pulling from image/tomcat
376057ac6fa1: Pull complete
5a63a0a859d8: Pull complete
496548a8c952: Pull complete
2adae3950d4d: Pull complete
0a297eafb9ac: Pull complete
09a4142c5c9d: Pull complete
9e78d9befa39: Pull complete
18f492f90b9c: Pull complete
7834493ec6cd: Pull complete
216b2be21722: Pull complete
Digest: sha256:55b41e0290d32d6888aee2e9a15f03cc88d2f49d5ad68892c54b9527d0ed181c
Status: Downloaded newer image for 192.168.100.10:5000/image/tomcat:1.0
192.168.100.10:5000/image/tomcat:1.0
[root@centos02 ~]# docker images  
REPOSITORY             TAG         IMAGE ID      CREATED       SIZE
192.168.100.10:5000/image/tomcat  1.0         1b6b1fe7261e    5 days ago     647MB
192.168.100.10:5000/image/centos  6.7         b2ab0ed558bb    3 years ago     602MB

看完这篇关于Docker私有仓库如何实现Registry部署的文章,如果觉得文章内容写得不错的话,可以把它分享出去给更多人看到。


名称栏目:Docker私有仓库如何实现Registry部署
标题来源:http://hbruida.cn/article/igjpoh.html