在 Docker 中,当我们执行 docker pull xxx 的时候,可能会比较好奇,Docker 会去哪儿查找并下载镜像呢?
它实际上是从 https://hub.docker.com 这个地址去查找,这就是Docker公司为我们提供的公共仓库,上面的镜像,大家都可以看到,也可以使用。所以,我们也可以带上仓库地址去拉取镜像,如:docker pull https://hub.docker.com/library/alpine,不过要注意,这种方式下载的镜像的默认名称就会长一些。
如果要在公司中使用 Docker,我们基本不可能把商业项目上传到公共仓库中,那如果要多个机器共享,又能怎么办呢?
正因为这种需要,所以私有仓库也就有用武之地了。
所谓私有仓库,也就是在本地(局域网)搭建的一个类似公共仓库的东西,搭建好之后,我们可以将镜像提交到私有仓库中。这样我们既能使用 Docker 来运行我们的项目镜像,也避免了商业项目暴露出去的风险。
下面我们用官方提供的registry镜像来搭建私有镜像仓库,当然还有其它很多方法。
准备两台(我这里用一台机器模拟服务器端和测试端功能)安装好docker的服务器:
服务端机器 :docker私有仓库服务器,运行registry容器;
测试端机器 :普通的docker服务器,在这台服务器上下载一个测试镜像busybox,然后上传到registry服务器进行测试;
3.1 下载镜像registry
[root@localhost /]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
6a428f9f83b0: Downloading 147.2kB/2.817MB
90cad49de35d: Downloading 84.82kB/299.6kB
b215d0b40846: Downloading 4.766MB/6.824MB
429305b6c15c: Waiting
6f7e10a4e907: Waiting
error pulling image configuration: Get https://registry-1.docker.io/v2/library/registry/blobs/sha256:b2cb11db9d3d60af38d9d6841d3b8b053e5972c0b7e4e6351e9ea4374ed37d8c: net/http: TLS handshake timeout
3.2 查看镜下是否pull下来
3.3 运行registry容器
[root@registry ~]# docker run -itd -v /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest
06a972de6218b1f1c3bf9b53eb9068dc66d147d14e18a89ab51db13e339d3dc9
参数说明
-itd:在容器中打开一个伪终端进行交互操作,并在后台运行;
-v:把宿主机的/data/registry目录绑定 到 容器/var/lib/registry目录(这个目录是registry容器中存放镜像文件的目录),来实现数据的持久化;
-p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了;
--restart=always:这是重启的策略,假如这个容器异常退出会自动重启容器;
--name registry:创建容器命名为registry,你可以随便命名;
registry:latest:这个是刚才pull下来的镜像;
3.4 测试镜像仓库中所有的镜像
[root@registry ~]# curl http://127.0.0.1:5000/v2/_catalog
{"repositories":[]}
或者
[root@localhost ~]# curl http://192.168.110.138:5000/v2/_catalog
{"repositories":[]}
现在是空的,因为才刚运行,里面没有任何镜像内容。
4.1 修改下镜像源并重启docker服务
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [ "https://registry.docker-cn.com"]
}
[root@node ~]# systemctl restart docker
4.1 下载busybox镜像
[root@localhost ~]# docker pull busybox
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest f6e427c148a7 36 hours ago 1.15MB
4.2 为镜像打标签
[root@node ~]# docker tag busybox:latest 192.168.110.138:5000/busybox:v1
格式说明:Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
busybox:lastest 这是源镜像,也是刚才pull下来的镜像文件;
192.168.110.138:5000/busybox:v1:这是目标镜像,也是registry私有镜像服务器的IP地址和端口;
查看一下打好的tag
4.3 上传到镜像服务器
[root@localhost ~]# docker push 192.168.110.138:5000/busybox:v1
The push refers to repository [192.168.110.138:5000/busybox]
Get https://192.168.110.138:5000/v2/: http: server gave HTTP response to HTTPS client
注意了,这是报错了,需要https的方法才能上传,我们可以修改下daemon.json来解决:
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [ "https://registry.docker-cn.com"],
"insecure-registries": [ "192.168.110.138:5000"]
}
添加私有镜像服务器的地址,注意书写格式为json,有严格的书写要求,然后重启docker服务:
[root@localhost ~]# systemctl restart docker
在次上传可以看到没问题 了:
[[root@localhost ~]# docker push 192.168.110.138:5000/busybox:v1
The push refers to repository [192.168.110.138:5000/busybox]
d94c78be1352: Pushed
v1: digest: sha256:34efe68cca33507682b1673c851700ec66839ecf94d19b928176e20d20e02413 size: 527
4.4 测试下载镜像
上传测试没问题了,我们接下来测试一下从服务端服务器上下载刚才上传的busybox镜像,先删除测试端主机上的镜像:
(1)先查看系统中有多少镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.110.138:5000/busybox v1 7138284460ff 7 hours ago 1.24MB
busybox latest 7138284460ff 7 hours ago 1.24MB
nginx latest 04661cdce581 2 days ago 141MB
redis latest 7faaec683238 4 weeks ago 113MB
hello-world latest feb5d9fea6a5 7 weeks ago 13.3kB
registry latest b2cb11db9d3d 2 months ago 26.2MB
(2)删除所有镜像
[root@localhost ~]# docker rmi -f $(docker images -aq)
Untagged: 192.168.110.138:5000/busybox:v1
Untagged: 192.168.110.138:5000/busybox@sha256:34efe68cca33507682b1673c851700ec66839ecf94d19b928176e20d20e02413
Untagged: busybox:latest
Untagged: busybox@sha256:e7157b6d7ebbe2cce5eaa8cfe8aa4fa82d173999b9f90a9ec42e57323546c353
Deleted: sha256:7138284460ffa3bb6ee087344f5b051468b3f8697e2d1427bac1a20c8d168b14
Deleted: sha256:d94c78be13527d00673093f9677f9b43d7e3a02ae6fa0ec74d3d98243b5b40e4
Untagged: nginx:latest
Untagged: nginx@sha256:dfef797ddddfc01645503cef9036369f03ae920cac82d344d58b637ee861fda1
Deleted: sha256:04661cdce5812210bac48a8af672915d0719e745414b4c322719ff48c7da5b83
Deleted: sha256:89fa50132ae2bb56db192e9ab716c00d7af2af7cfd2e53d89d5d2fe5816cdbad
Deleted: sha256:0e18e237ed37ff83d795813dec5318934ea8ee0ad4dc63ed3027c8b690196500
Deleted: sha256:cadf0f41ad2a811bd450c929e3a51afe060fbc0f4c3dd0e98cb73b8023877c12
Deleted: sha256:4cd32ed8e5340b498b9992d324ded5c047cc0e7d631bffeca0d0fa0f8a0def33
Deleted: sha256:d46a23eaf6e327713efe12221a2b77f2ce3eec8f68df165727fc0afde62c4a6b
Untagged: redis:latest
Untagged: redis@sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
Deleted: sha256:7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f
Deleted: sha256:e6deb90762475cda72e21895911f830ed99fd1cc6d920d92873270be91235274
Deleted: sha256:2649acad13241d9c8d81e49357bc66cce459b352ded7f423d70ede7bd3bb7b89
Deleted: sha256:64007bba5fc220df4d3da33cecdc2d55dd6a73528c138b0fa1acd79fd6a9c217
Deleted: sha256:b2cc2f1bf8b1cca8ba7c19e1697f7b73755903ad8f880b83673fd6a697aca935
Deleted: sha256:fbd1283ab782925be4d990bd4bebe9ad5e5cf9a525abfb6fa87465e072da9d31
Deleted: sha256:e8b689711f21f9301c40bf2131ce1a1905c3aa09def1de5ec43cf0adf652576e
Untagged: hello-world:latest
Untagged: hello-world@sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
Error: No such image: 7138284460ff
Error response from daemon: conflict: unable to delete b2cb11db9d3d (cannot be forced) - image is being used by running container 3a476fe02130
查看一下测试端(这里测试端跟服务端公用一台,如果是分为两台,那么下面这个命令下是看不到任何镜像的)主机上的镜像全部删除了:
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b2cb11db9d3d 2 months ago 26.2MB
然后,从服务端服务器上下载busybox镜像:
[root@localhost ~]# docker pull 192.168.110.138:5000/busybox:v1
v1: Pulling from busybox
d070b8ef96fc: Pull complete
Digest: sha256:c7b0a24019b0e6eda714ec0fa137ad42bc44a754d9cea17d14fba3a80ccc1ee4
Status: Downloaded newer image for 192.168.110.138:5000/busybox:v1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.110.138:5000/busybox v1 f6e427c148a7 36 hours ago 1.15MB
列出所有镜像:
[root@localhost ~]# curl http://192.168.110.138:5000/v2/_catalog
{"repositories":["busybox"]}
列出busybox镜像有哪些tag:
[root@localhost ~]# curl http://192.168.110.138:5000/v2/busybox/tags/list
{"name":"busybox","tags":["v1"]}