docker
中拉取的镜像都是在docker hub
在线存储库中获取的,这个在线存储库里的docker镜像可以由任何用户发布和使用,显然这在某些场景下是不适用的,比如某些互金的隐私项目,或者是公司完全处于内网状态不能访问外网,再或者你想个性化定制某些配置等等等,所以这就需要用到私有存储库了,今天我们就基于registry镜像
搭建属于我们自己的私有仓库。
[root@localhost ~]# docker pull registry Using default tag: latest latest: Pulling from library/registry 79e9f2f55bf5: Pull complete 0d96da54f60b: Pull complete 5b27040df4a2: Pull complete e2ead8259a04: Pull complete 3790aef225b9: Pull complete Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest b8604a3fe854 4 months ago 26.2MB
配置私有仓库地址
[root@localhost ~]# vim /etc/docker/daemon.json { "registry-mirrors": ["https://j5wsgox9.mirror.aliyuncs.com"] } { "insecure-registries": ["192.168.0.110:5000"] }
[root@localhost ~]# systemctl restart docker [root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# docker run -d -p 5000:5000 --restart always --name registry docker.io/registry 2f73dcf7fc4d53cd18b993f4af80bcf205950b6bba24332869a5bad863713a59 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f73dcf7fc4d registry "/entrypoint.sh /etc…" 5 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp registry
192.168.0.110:5000/v2/_catalog
这里【】里没有上传有镜像,所以是空的
如果访问不到,尝试关闭防火墙:
systemctl stop firewalld systemctl disable firewalld iptables -F iptables -X iptables -Z iptables-save
如果还是访问不不到,可以重启一下docker
sudo systemctl restart docker
然后重新运行一下容器。
使用HelloWorld
镜像进行测试
[root@localhost ~]# docker pull hello-world Using default tag: latest latest: Pulling from library/hello-world 2db29710123e: Pull complete Digest: sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f Status: Downloaded newer image for hello-world:latest docker.io/library/hello-world:latest [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest b8604a3fe854 4 months ago 26.2MB hello-world latest feb5d9fea6a5 6 months ago 13.3kB
接下来我们使用 push 指令将镜像推送到刚刚搭建的registry中
先给这个镜像打一个新的标签,用于区别。使用docker tag 命令
[root@localhost ~]# docker tag hello-world 192.168.0.110:5000/hello-world:latest [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest b8604a3fe854 4 months ago 26.2MB 192.168.0.110:5000/hello-world latest feb5d9fea6a5 6 months ago 13.3kB hello-world latest feb5d9fea6a5 6 months ago 13.3kB
如果push遇到这个问题,去修改 vim /usr/lib/systemd/system/docker.service配置文件,在12行位置左右,
在Execstart后面添加 --insecure-registry ip:5000,然后重启docker服务,和配置文件。
[root@localhost ~]# vim /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target docker.socket firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.0.110:5000 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity "/usr/lib/systemd/system/docker.service" 47L, 1748C written
如果出现扯个报错,在/etc/docker/daemon.json下添加私有仓库镜像就好了,然后重启docker,和配置文件
[root@localhost ~]# docker push 192.168.0.110:5000/hello-world:latest The push refers to repository [192.168.0.110:5000/hello-world] Get "http://192.168.0.110:5000/v2/": dial tcp 192.168.0.110:5000: connect: connection refused [root@localhost ~]# systemctl restart docker [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f73dcf7fc4d registry "/entrypoint.sh /etc…" 34 minutes ago Exited (2) 14 minutes ago registry [root@localhost ~]# docker start 2f73dcf7fc4d 2f73dcf7fc4d
[root@localhost ~]# docker push 192.168.0.110:5000/hello-world:latest The push refers to repository [192.168.0.110:5000/hello-world] e07ee1baac5f: Pushed latest: digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4 size: 525
可以看到hello-world推送完成