[docker]搭建私有registry

时间 2019-11-13

原文原文链接

导入导出镜像比较麻烦,共享镜像占了工做中一大部分时间.node

搭建了个本地registry, 不支持用户名密码验证的和支持用户名密码验证的两种.docker

参考:

https://docs.docker.com/registry/#requirements
https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
https://docs.docker.com/registry/deploying/#restricting-accessshell

我须要仓库,我不须要验证

node1(192.168.14.132)-做为docker仓库

docker run -d -p 5000:5000 -v /data/docker/registy:/var/lib/registry  registry:2

node2(192.168.14.133)-做为客户端push镜像到仓库

$ cat /etc/docker/daemon.json 
{
    "insecure-registries" : ["192.168.14.132:5000"]
}

$ systemctl restart docker

$ docker info
...
Experimental: false
Insecure Registries:
 192.168.14.132:5000  #看到这玩意了
 127.0.0.0/8
...

docker tag centos 192.168.14.132:5000/maotai/centos
docker push  192.168.14.132:5000/maotai/centos

[root@node1 repositories]# tree -L 1 ./maotai
./maotai #根据用名来操做
├── busybox
└── centos

打tag有讲究,把对应人的名字打上,容易区分json

查看centos

查看仓库中的镜像：dom

GET /v2/_catalog

查看镜像的 tag：ui

GET /v2/huayong/busybox/tags/list

我须要支持用户名密码验证的仓库

稍微比较麻烦,docker要求验证时候不能明文传输用户名密码.全部只能https了.rest

mkdir /data/registry/auth/{certs,auth} -p
cd /data/registry/auth/certs
openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt -subj "/CN=reg.maotai.com"
cd /data/registry/auth
## 建立testuser/testpassword
docker run \
  --entrypoint htpasswd \
  registry:2 -Bbn testuser testpassword > auth/htpasswd

cd /data/registry
docker run -d \
  -p 5000:5000 \
  --restart=always \
  -v /data/docker/registy:/var/lib/registry \
  -v /etc/localtime:/etc/localtime \
  --name registry \
  -v `pwd`/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  registry:2

客户端一样须要配置daemon.jsoncode