One of the latest beta features of the open source Docker v2 Registry is the ability to act as a registry proxy cache for images hosted at Docker Hub. Running a registry cache allows you to store images locally, reducing redundant image pulls across the Internet from Docker Hub. This capability is helpful for users with a large amount of Docker Engines in their environment. Instead of having each Engine pull from the Docker Hub all the time, by following this tutorial you can allow these Engines to pull from the local registry proxy cache to save time and bandwidth.

Here’s how you can get started:

Requirements

• Docker Engine 1.8.3
• Docker Registry v2
• Disk space to store Docker images
• TLS certificate and key

Persistent data

In this example, we will assume that you are storing all of our persistent data on your local filesystem in the directory /data. This will include TLS certificate and key, configuration file, and cached images. We will mount this into the registry container later using a volume.

Securing your registry proxy cache

A registry proxy cache needs a TLS certificate to secure connections between the engines and registry hosting the cache. In this example, we will place our certificate (domain.crt) and key (domain.key) on our host in the /data directory. For additional information on securing a registry using TLS, see the Docker Registry 2.0 documentation.

Create a v2 registry proxy cache configuration

Next you will need to create a configuration file for the registry to act as a registry proxy cache. You can retrieve the default registry configuration file from the registry:2 image by using cat and a file redirection to create the configuration file:

$ docker run -it --rm --entrypoint cat registry:2 \
/etc/docker/registry/config.yml > /data/config.yml

I highly suggest retrieving the default configuration from the Docker image instead of using my example configuration as updates to the default configuration may occur over time.

Example default config.yml:

version: 0.1
log:
   fields
      service: registry
storage:
      cache:
         layerinfo: inmemory
      filesystem:
         rootdirectory: /var/lib/registry
http:
   addr: :5000

Update the ‘http’ section to configure TLS:

http:
      addr: :5000
      tls:
            certificate: /var/lib/registry/domain.crt
            key: /var/lib/registry/domain.key

Add a ‘proxy’ section to your configuration file to enable the cache

Click here for the documentation
proxy:
      remoteurl: https://registry-1.docker.io
      username: [username]
      password: [password]

The ‘username’ and ‘password’ settings are optional. Providing a Docker Hub username and password will allow the registry proxy cache to store any private images hosted on Docker Hub that are accessible from that account. Any images accessible by that user will be accessible through your image cache.

Be sure to fully understand the implications of providing Docker Hub credentials and ensure your mirror is secure and access is restricted! If you are unsure, do not include a username and password and your registry proxy cache will only cache public images.

Start your registry proxy cache container

$ docker run -d --restart=always -p 5000:5000 --name v2-mirror \
-v /data:/var/lib/registry registry:2 /var/lib/registry/config.yml

The above command utilizes a volume to mount /data from our host into the container allowing for persistent storage of cached images, TLS certificate and key, and customized registry configuration.

Verify your registry proxy cache is up and running

$ curl -I https://mycache.example.com:5000/v2/
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Date: Thu, 17 Sep 2015 21:42:02 GMT

Configure your Docker Engines to use the registry proxy cache

Update your Docker daemon arguments to include the --registry-mirror option:

--registry-mirror=https://<my-docker-mirror-host>:<port-number>

For example, if your host is named mycache.example.com and is running on port 5000, you would add the following option to the daemon arguments:

--registry-mirror=https://mycache.example.com:5000

Refer to Configuring and running Docker on various distributions for more info on how to add daemon arguments.

Test your registry proxy cache

Pull an image from Docker Hub you currently do not have stored locally. For example, the busybox:latest image:

$ docker pull busybox:latest

Check the catalog to verify that the busybox image has been cached:

$ curl https://mycache.example.com:5000/v2/_catalog
{"repositories":["library/busybox"]}

You can also verify that the latest tag has been cached:

$ curl https://mycache.example.com:5000/v2/library/busybox/tags/list
{"name":"library/busybox","tags":["latest"]}

Images will now be saved to your registry proxy cache as you pull them. Subsequent image pulls of images that have identical image manifests will be faster and the cache will maintain itself, purging images as they are no longer utilized.

转自:出处

Docker配置私有仓库的更多相关文章

  1. docker 配置私有仓库

    1.使用docker 命令: 1.准备两台虚拟机,这里使用的是centos7,两台使用yum install docker 安装docker; 2.给两台虚拟机设置固定ip: 进入到虚拟机内 敲入命令 ...

  2. Docker 搭建私有仓库

    Docker 搭建私有仓库 环境: docker 版本 :18.09.1 主机地址:192.168.1.79 1.运行并创建私有仓库 docker run -d \ -v /opt/registry: ...

  3. Docker registry 私有仓库镜像查询、删除、上传、下载 shell

    #Docker官方私有仓库registry #官方只提供了API接口,不方便使用,就写了个shell #docker-registry安装配置http://www.cnblogs.com/elvi/p ...

  4. 菜鸟系列docker——搭建私有仓库harbor(6)

    docker 搭建私有仓库harbor 1. 准备条件 安装docker sudo yum update sudo yum install -y yum-utils device-mapper-per ...

  5. [Docker]docker搭建私有仓库(ssl、身份认证)

    docker搭建私有仓库(ssl.身份认证) 环境:CentOS 7.Docker 1.13.1 CentOS 7相关: https://www.cnblogs.com/ttkl/p/11041124 ...

  6. 部署Nexus作为docker的私有仓库

    目录 Docker搭建Nexus私有仓库... 1 一.安装部署... 1 1.安装... 2 2.访问网页端... 2 二.配置使用... 2 1.创建本地仓库... 2 2.docker配置... ...

  7. Docker Harbor私有仓库部署与管理 (超详细配图)

    Docker Harbor私有仓库部署与管理 1.Harbor 介绍 2.Harbor部署 3.Harbor管理 1.Harbor 介绍: 什么是 Harbor ? Harbor 是 VMware 公 ...

  8. Python Docker 查看私有仓库镜像【转】

    文章来源:python Docker 查看私有仓库镜像 pip 安装: # 首先安装epel扩展源: yum -y install epel-release # 更新完成之后,就可安装pip: yum ...

  9. Docker本地私有仓库实战

    Docker仓库主要用于存放Docker镜像,Docker仓库分为公共仓库和私有仓库,基于registry可以搭建本地私有仓库,使用私有仓库的优点如下: 1)节省网络带宽,针对于每个镜像不用去Dock ...

随机推荐

  1. 描述ARP协议的工作原理,怎么实施ARP攻击和防御ARP攻击

    什么是ARP协议?ARP,即地址解析协议,实现通过IP地址得知其物理地址.在TCP/IP网络环境下,每个主机都分配了一个32位的IP地址,这种互联网地址是在网际范围标识主机的一种逻辑地址.为了让报文在 ...

  2. WEB中会话跟踪

    一.     什么叫会话跟踪 记录用户一段时间内的逻辑上相关联的不同访问请求个过程叫“会话跟踪”.通过用户在每次对服务请求时的唯一标识,可以跟踪会话. 二.     会话跟踪产生的原因 我们都知道In ...

  3. RV32FD指令集

    Risc-V架构定义了可选的单精度浮点指令(F扩展指令集)和双精度浮点指令(D扩展指令集). Risc-V架构规定:处理器可以选择只实现F扩展指令子集而不支持D扩展指令子集:但是如果支持了D扩展指令子 ...

  4. Jquery怎么获取select选中项 自定义属性的值

    Jquery如何获取select选中项 自定义属性的值?HTML code <select id="ddl" onchange="ddl_change(this)& ...

  5. 快速教你成为C#高手教程

    C#是微软公司发布的一种面向对象的.运行于.NET Framework之上的高级程序设计语言. C#看起来与Java有着惊人的相似:它包括了诸如单一继承.接口.与Java几乎同样的语法 和编译成中间代 ...

  6. java Field 二三事

    java在反射时候经常用到了 Field 类. 我认为代码是最好的解释,直接上代码. 首先,用到了一个bean类,源代码如下: package com.ncs;      public class P ...

  7. 在Linux下锁住键盘和鼠标而不锁屏

    假如在你正看着屏幕上的某些重要的事情时,你不想让你的小猫或者小狗在你的键盘上行走,或者让你的孩子在键盘上瞎搞一气,那我建议你试试 xtrlock 这个工具. 假如在你正看着屏幕上的某些重要的事情时,你 ...

  8. [Algorithm] Search element in a circular sorted array

    function findInCircularlySortedAry (ary = [], target) { ) { ; } ) { ] === target ? : -; } let , high ...

  9. Android通用框架设计与完整电商APP开发系列文章

    作者|傅猿猿 责编|Javen205 有福利 有福利 有福利 鸣谢 感谢@傅猿猿 邀请写此系列文章 Android通用框架设计与完整电商APP开发 课程介绍 [导学视频] [课程详细介绍] 以下是部分 ...

  10. [海蜘蛛] 海蜘蛛 V8 全线无限试用版 免费发布破解教程

    http://bbs.p52.cn/forum.php?mod=viewthread&tid=3499&extra=page%3D1&page=1&_dsign=79c ...