在Docker中,当我们执行 docker pull xxx 的时候 ,它实际上是从 hub.docker.com 这个地址去查找,这就是 Docker 公司为我们提供的公共仓库。在工作中,我们不可能把企业项目 push 到公有仓库进行管理。所以为了更好的管理镜像,Docker 不仅提供了一个中央仓库,同时也允许我们搭建本地私有仓库。
docker容器镜像仓库分类:
公网仓库:docker hub
私网仓库: registry、harbor
registry镜像仓库搭建
搭建步骤
拉取 registry 容器镜像 创建 registry 仓库容器 测试容器应用
搭建过程 拉取registry容器镜像
创建registry仓库容器
1、创建持久化存储,将容器镜像存储目录/var/lib/registry挂载到本地/opt/myregistry下:
2、创建 registry 容器:
1 docker run -d -p 5000:5000 -v /opt/myregistry:/var/lib/registry --restart=always registry:latest
3、查看容器是否运行
1 2 3 4 docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6b20b55fe6f8 registry:latest "/entrypoint.sh /etc…" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp busy_mclean
测试容器应用
1 2 curl http://192.168.1.150:5000/v2/_catalog {"repositories" :[]}
显示仓库中没有任何镜像
registry仓库应用-上传镜像
上传镜像步骤
设置docker仓库为registry本地仓库 给需要存储的镜像打tag 上传镜像到registry仓库
演示案例
将baishuming2020/centos_nginx:latest上传到仓库
查看当前本地镜像
1 2 3 4 5 6 docker images REPOSITORY TAG IMAGE ID CREATED SIZE baishuming2020/centos_nginx latest bcd9f28f6126 33 minutes ago 447MB baishuming2020/centos_8_base latest 3e9f682f8459 47 minutes ago 200MB centos latest 0f3e07c0138f 6 weeks ago 220MB registry latest f32a97de94e1 8 months ago 25.8MB
设置docker仓库为registry本地仓库
1 2 3 4 5 6 7 8 9 10 11 12 13 14 sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service cat /etc/docker/daemon.json{ "insecure-registries" : ["http://192.168.1.150:5000" ] } insecure-registries 指定非安全的仓库地址,多个用逗号隔开 systemctl daemon-reload systemctl restart docker
给需要存储的镜像打tag
1 2 3 4 5 6 7 8 9 docker tag baishuming2020/centos_nginx:latest 192.168.1.150:5000/centos_nginx:v1 docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.98.240:5000/centos_nginx v1 bcd9f28f6126 45 minutes ago 447MB baishuming2020/centos_nginx latest bcd9f28f6126 45 minutes ago 447MB baishuming2020/centos_8_base latest 3e9f682f8459 59 minutes ago 200MB centos latest 0f3e07c0138f 6 weeks ago 220MB registry latest f32a97de94e1 8 months ago 25.8MB
上传镜像到registry仓库
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 docker push 192.168.98.240:5000/centos_nginx:v1 The push refers to repository [192.168.98.240:5000/centos_nginx] 1da799aaf1ec: Pushed f598357997c6: Pushed 630012d2d35b: Pushed 4dcde7ab808a: Pushed 64dc1b92ebb6: Pushed 7db2133dafb9: Pushed fd05189e6e81: Pushed ee645629aa71: Pushed v1: digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b size: 1996 curl http://192.168.98.240:5000/v2/_catalog {"repositories" :["centos_nginx" ]} ls /opt/docker_repos/docker/registry/v2/repositories/centos_nginx/_layers _manifests _uploads
registry仓库应用-客户端下载镜像
设置客户端docker仓库为registry仓库 拉取镜像到本地
演示案例
要求192.168.98.241[hostname:mnqz_node1]机器的容器可以下载registry仓库中的镜像
设置192.168.1.151[hostname:mnqz_node1]机器的docker仓库为registry仓库
1 2 3 4 5 6 7 8 sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service cat /etc/docker/daemon.json{ "insecure-registries" : ["http://192.168.1.150:5000" ] }
192.168.1.151[hostname:mnqz_node1]机器上的docker可以拉取registry仓库中的192.168.1.150:5000/centos_nginx:v1容器镜像
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 docker pull 192.168.1.150:5000/centos_nginx:v1 v1: Pulling from centos_nginx dcd04d454f16: Pull complete 5cb2e05aa6e1: Pull complete 870634eb98b4: Pull complete 0fae9697ee4b: Pull complete 18ad57cfcecb: Pull complete 64dd6f0d85c1: Pull complete 7178b0b4388e: Pull complete 34de8795cd41: Pull complete Digest: sha256:507a5ad9dd5771cdf461a6fa24c3fff6ea9eabd6945abf03e9264d3130fe816b Status: Downloaded newer image for 192.168.98.240:5000/centos_nginx:v1 192.168.98.240:5000/centos_nginx:v1 docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.1.150:5000/centos_nginx v1 bcd9f28f6126 4 hours ago 447MB
registry带basic认证的仓库
实现步骤
安装需要认证的包 创建存放认证信息的文件 创建认证信息 创建带认证的registry容器 指定仓库地址 登录认证
实现过程
1 yum -y install httpd-tools
1 mkdir -p /opt/registry-var/auth
1 htpasswd -Bbn mnqz 123456 >> /opt/registry-var/auth/htpasswd
1 2 3 4 5 6 7 docker run -d -p 10000:5000 --restart=always --name registry \ -v /opt/registry-var/auth:/auth \ -v /opt/myregistry:/var/lib/registry \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ registry:latest
1 2 3 4 cat /etc/docker/daemon.json{ "insecure-registries" : ["http://192.168.1.150:5000" ,"http://192.168.1.150:10000" ] }
1 2 3 docker login 192.168.1.150:10000 Username:mnqz Password:123456