因为生产情况下官方容器还是比较慢的,所以会用到自建docker仓库。docker官方提供完整部署仓库的容器,你只需要提供域名证书,把文件系统挂载到容器,一个用户密码文件就可以使用基本的仓库功能了。数据灾备的话因为使用本地或者第三方存储所以都有很成熟的方案,很方便了。

运维之我的docker-部署私有仓库Registry_第1张图片

 

启动一个registry容器

[root@salt-node1 distribution-master]# docker run -d -p 0.0.0.0:5000:5000 --name registry registry:2

9ed2f91a7056f1109d2146122930b12f7d077a5404f621647d12eeeb29725260

 

提交一个本地的镜像到本地仓库

[root@salt-node1 ~]# docker tag redis localhost:5000/redis

[root@salt-node1 ~]# docker push localhost:5000/redis

The push refers to a repository [localhost:5000/redis]

4cefd98bbdaf: Pushed

552b670af774: Pushed

af287523a42a: Pushed

c235d5b4caa3: Pushed

307248831aca: Pushed

387483b2c715: Pushed

a2ae92ffcd29: Pushed

latest: digest: sha256:b41356be6cc70109a9fb6e53e39e930ece67f89189d4453be920f668e1225a06 size: 1783

 

下面情况是因为你本地仓库如果不进行证书认证只能127.0.0.1访问,所以我们要创建密钥

[root@salt-node1 ~]# docker tag redis 192.168.198.116:5000/redis

[root@salt-node1 ~]# docker push 192.168.198.116:5000/redis

The push refers to a repository [192.168.198.116:5000/redis]

Get https://192.168.198.116:5000/v1/_ping: http: server gave HTTP response to HTTPS client

 

 

配置一个域名

给余名准备一个加密证书,启动容器

docker run -d -p 5000:5000 --restart=always --name registry \

  -v /etc/docker/certs:/certs \

  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

  registry:2

 

 

重新提交镜像

[root@salt-node2 ~]# docker tag redis registry.nginxs.net:5000/redis

[root@salt-node2 ~]# docker push registry.nginxs.net:5000/redis

The push refers to a repository [registry.nginxs.net:5000/redis]

4cefd98bbdaf: Pushed

552b670af774: Pushed

af287523a42a: Pushed

c235d5b4caa3: Pushed

307248831aca: Pushed

387483b2c715: Pushed

a2ae92ffcd29: Pushed

latest: digest: sha256:b41356be6cc70109a9fb6e53e39e930ece67f89189d4453be920f668e1225a06 size: 1783

 

给服务添加一个用户验证

第一步创建用户密码文件,并修改文件权限

[root@salt-node1 docker]# htpasswd -Bbn baishaohua nginxs.net >>/etc/docker/certs/htpasswd

[root@salt-node1 docker]# chmod 600 /etc/docker/certs/htpasswd

第二步启动容器

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/certs/htpasswd \
  -v
 /etc/docker/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  registry:2

 

测试登录

[root@salt-node3 ~]# docker login registry.nginxs.net:5000

Username (testuser): baishaohua

Password:

Login Succeeded