Docker仓库

目录

1、registry私有仓库

2、insecure registry

3、配置镜像加速器

4、仓库加密

5、仓库认证

6、harbor企业级私有仓库

---

1、registry私有仓库

官网： Registry | Docker Docs

拉取registry镜像

docker pull registry

运行registry仓库

docker run -d -p 5000:5000 --restart=always --name registry registry

上传镜像

docker tag nginx:latest localhost:5000/nginx:latest
docker push localhost:5000/nginx
curl  localhost:5000/v2/_catalog
docker pull localhost:5000/nginx

2、insecure registry

3、配置镜像加速器

4、仓库加密

yum install -y openssl11-libs-1.1.1k-2.el7.x86_64.rpm openssl11-1.1.1k-2.el7.x86_64.rpm
vim /etc/hosts

mkdir certs
openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out certs/westos.org.crt

docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registry

docker ps

部署客户端证书，不然会报错

docker tag nginx:latest reg.westos.org/nginx:latest
docker push reg.westos.org/nginx:latest
mkdir -p /etc/docker/certs.d/reg.westos.org/
cp /root/certs/westos.org.crt /etc/docker/certs.d/reg.westos.org/ca.crt
docker push reg.westos.org/nginx:latest
curl -k https://reg.westos.org/v2/_catalog

5、仓库认证

yum install -y httpd-tools
mkdir auth
htpasswd -Bc auth/htpasswd admin
htpasswd -B auth/htpasswd yyl
cat auth/htpasswd

删除registry，重建

docker rm -f registry
docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
docker login reg.westos.org
cat .docker/config.json

验证

docker tag busybox:latest reg.westos.org/busybox:latest
docker push reg.westos.org/busybox:latest
curl -k https://reg.westos.org/v2/_catalog  -u admin:westos

server2上移除非安全仓库设置

mv daemon.json  /mnt/
systemctl  restart docker

添加解析拷贝证书

vim /etc/hosts
cd /etc/docker/
scp -r certs.d/ k8s1:/etc/docker/

登录远程仓库

docker login reg.westos.org
docker pull reg.westos.org/busybox

6、harbor企业级私有仓库

删除之前部署的registry，不然会冲突     拷贝证书

docker rm -f registry
tar zxf harbor-offline-installer-v2.5.0.tgz
cd harbor/
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
mkdir /data
cp -r certs /data

部署docker-compose  部署harbor

mv docker-compose-linux-x86_64-v2.22.0 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
cd harbor/
./install.sh

使用浏览器登录仓库 用户名：admin 密码是上面配置文件设置的123456

上传镜像，首先需要执行docker login reg.westos.org

docker login reg.westos.org
docker tag busybox:latest reg.westos.org/library/busybox:latest
docker tag nginx:latest reg.westos.org/library/nginx:latest
docker push reg.westos.org/library/nginx:latest
docker push reg.westos.org/library/busybox:latest

 

配置默认仓库

vim /etc/docker/daemon.json
systemctl  restart docker
docker pull nginx

公共仓库支持匿名拉取

创建私有仓库

新建用户

 

授权维护私有仓库

私有仓库上传下载都需要认证，并且还要指定仓库域名

docker tag yakexi007/game2048:latest reg.westos.org/westos/game2048:latest
docker push reg.westos.org/westos/game2048:latest
docker login reg.westos.org
docker pull reg.westos.org/westos/game2048:latest