一般情况下我们获取(pull)和推送(push)镜像都是在docker hub上进行的,非常的快捷方便。但是某些时候,因为外网不方便访问和速度的问题,我们更愿意在公司的内部搭建本地的registry。接下来就是告诉大家如何搭建内部docker registry。
整体的思路是参照docker的官方文档介绍的,官方文档的地址如下:
http://docs-stage.docker.com/registry/deploying/
registry也是一个应用服务,用来管理我们的镜像,广义的讲docker hub就是一个需要注册和登录的公共registry。而且官方非常慷慨的开放了该镜像以及其源码。
可以通过docker search查看registry:
root@zhangchi-ThinkPad-T450s:~# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry Containerized docker registry 1179 [OK]
konradkleine/docker-registry-frontend Browse and modify your Docker registry in ... 121 [OK]
atcol/docker-registry-ui A web UI for easy private/local Docker Reg... 85 [OK]
hyper/docker-registry-web Web UI, authentication service and event r... 55 [OK]
distribution/registry WARNING: NOT the registry official image!!... 42 [OK]
marvambass/nginx-registry-proxy Docker Registry Reverse Proxy with Basic A... 31 [OK]
h3nrik/registry-ldap-auth LDAP and Active Directory authentication p... 15 [OK]
jhipster/jhipster-registry JHipster Registry, based on Netflix Eureka... 9 [OK]
pallet/registry-swift Add swift storage support to the official ... 4 [OK]
allingeek/registry A specialization of registry:2 configured ... 4 [OK]
devsli/cifs-registry Docker Registry on CIFS (Samba) 1 [OK]
bhuisgen/alpine-registry alpine-registry 1 [OK]
metadata/registry Metadata Registry is a tool which helps yo... 1 [OK]
silintl/registry-proxy A reverse proxy for the Docker Registry 2.0 1 [OK]
centos/registry Docker registry v2 / AKA Distribution 0 [OK]
kampka/registry A docker registry image based on kampka/ar... 0 [OK]
terranodo/registry Harvard Hypermap Registry 0 [OK]
h0tbird/registry Containerized Docker registry service 0 [OK]
openshift/simple-authenticated-registry A simple authenticated Docker registry tha... 0 [OK]
webhippie/registry Docker images for registry 0 [OK]
qnib/registry Alpine image of QNIBTerminal w/ docker-reg... 0 [OK]
crowleyio/registry-grsec Containerized docker registry for grsecuri... 0 [OK]
nouchka/registry Docker registry with auto-generation of ht... 0 [OK]
katch/schema-registry Confluent IO Katch Schema Registry 0 [OK]
davidcollom/docker-registry-frontend Browse and modify your Docker registry in ... 0 [OK]
标有OFFICIAL的就是我们的官方镜像。
可以通过docker run命令直接下载该镜像并且启动容器:
docker run -d -p 5000:5000 --restart=always --name registry registry:2
查看启动的容器:
root@zhangchi-ThinkPad-T450s:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6844fa4d808f registry:2 "/entrypoint.sh /etc/" 23 hours ago Up 3 minutes 0.0.0.0:5000->5000/tcp registry
这个容器运行着我们的registry服务。下面可以通过在docker hub上下载需要的镜像,把该镜像push到搭建的registry服务。这样即使是在网络环境不好的情况或者不与外网通信的情况下也可以从搭建的registry上pull镜像。
1.从docker hub上拉取一个镜像:
(1)搜索一个httpd镜像:
root@zhangchi-ThinkPad-T450s:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6844fa4d808f registry:2 "/entrypoint.sh /etc/" 23 hours ago Up 3 minutes 0.0.0.0:5000->5000/tcp registry
(2)拉取整个镜像:
root@zhangchi-ThinkPad-T450s:~# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
386a066cd84a: Already exists
a11d6b8e2fac: Pull complete
c1fdc7beec37: Pull complete
bd14a67deca2: Pull complete
92b34ad02810: Pull complete
Digest: sha256:5b4a3c85b4b874e84174ee7e78a59920818aa39903f6a28a47b9278f576b4a4d
Status: Downloaded newer image for httpd:latest
(3)在搭建的registry上注册该镜像:
root@zhangchi-ThinkPad-T450s:~# docker tag httpd localhost:5000/httpd
(4)将该镜像push到registry上:
root@zhangchi-ThinkPad-T450s:~# docker push localhost:5000/httpd
The push refers to a repository [localhost:5000/httpd]
b0eab5d635d7: Layer already exists
c856fa0775de: Layer already exists
2b9fc9190df9: Layer already exists
6b50c55a105a: Layer already exists
fe4c16cbf7a4: Layer already exists
latest: digest: sha256:5b4a3c85b4b874e84174ee7e78a59920818aa39903f6a28a47b9278f576b4a4d size: 1366
(5)这样就可以指定在该registry上下载该镜像:
oot@zhangchi-ThinkPad-T450s:~# docker pull localhost:5000/httpd
Using default tag: latest
latest: Pulling from httpd
Digest: sha256:5b4a3c85b4b874e84174ee7e78a59920818aa39903f6a28a47b9278f576b4a4d
Status: Image is up to date for localhost:5000/httpd:latest
(6)查看pull的镜像是否存在于镜像列表中:
root@zhangchi-ThinkPad-T450s:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zhangchiwd371/centos_vsftpd latest 8055ae6f1b21 8 days ago 228.3 MB
zhangchiwd371/centos_httpd latest 52d55d6a2d92 8 days ago 247.9 MB
jenkins latest 7e7d1b9dc0c8 9 days ago 714.1 MB
httpd latest 50f10ef90911 9 days ago 193.3 MB
localhost:5000/httpd latest 50f10ef90911 9 days ago 193.3 MB
zhangchiwd371/static_web latest 46da60b77b45 10 days ago 228.3 MB
konstruktoid/ubuntu latest 42ec6b22c6b8 11 days ago 82.78 MB
centos latest 0584b3d2cf6d 2 weeks ago 196.5 MB
registry 2 c9bd19d022f6 4 weeks ago 33.3 MB
ubuntu latest f753707788c5 5 weeks ago 127.2 MB
localhost:5000/ubuntu latest f753707788c5 5 weeks ago 127.2 MB
kalilinux/kali-linux-docker latest b0d9d7dfbd0a 10 weeks ago 1.021 GB
jlinoff/centos-6.5-x86_64-base latest 3d6541b04d52 2 years ago 178.3 MB
这里介绍了最简单的registry搭建方法,当然在此基础上我们还可以进一步完善,设置指定数据卷,以及CA认证等措施。希望大家可以搭建属于自己的registry。