搭建私有镜像仓库

Docker Hub作为Docker默认官方公共镜像,如果想自己搭建私有镜像仓库,官方也提供registry镜像,使得搭建私有仓库非常简单。

下载registry镜像并启动

[root@docker ~]# docker pull registry

[root@docker ~]# docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry

790e35569960041b5976786ab76babc8213e81e0a2d3b1bf3a9c0b5cc2bd1280

测试查看镜像仓库中所有镜像

[root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog

{"repositories":[]}

私有镜像仓库管理

配置私有仓库可信任

[root@docker ~]# cat /etc/docker/daemon.json

{

    "registry-mirrors":["https://registry.docker-cn.com"],

    "insecure-registries":["192.168.193.128:5000"]

}

[root@docker ~]# systemctl restart docker

打标签

[root@docker ~]# docker tag nginx:1.12 192.168.193.128:5000/nginx:1.12

上传

[root@docker ~]# docker push 192.168.193.128:5000/nginx:1.12

[root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog

{"repositories":["nginx"]}

查看信息

[root@docker ~]# curl http://192.168.193.128:5000/v2/nginx/tags/list

{"name":"nginx","tags":["1.12"]}

下载

[root@docker ~]# docker run -itd --name nginx -p 80:80 192.168.193.128:5000/nginx:1.12

6c13f1122f713237e44aabe58f345652785d21f4b2a1deda05985bbf03b5a1be

企业通常使用Docker Harbor镜像管理工具。

Docker Hub公共镜像仓库使用

注册账号

https://hub.docker.com/

登录Docker Hub

创建仓库





linux端登录

[root@docker ~]# docker login

Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.

Username: yinshoucheng

Password:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning. See

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


[root@docker ~]# docker login --username=yinshoucheng --password=123456

镜像打标签

[root@docker ~]# docker tag nginx:1.12 yinshoucheng/golden:1.12

上传

[root@docker ~]# docker push yinshoucheng/golden:1.12



搜索测试

[root@docker ~]# docker search yinshoucheng

NAME                  DESCRIPTION         STARS               OFFICIAL            AUTOMATED

yinshoucheng/golden                       0

下载

[root@docker ~]# docker pull yinshoucheng/golden:1.12

企业级私有镜像仓库Harbor

Harbor是VMware公司开源的企业级Docker Registry项目,项目地址:https://github.com/vmware/harbor

下载离线安装包



安装docker

[root@docker ~]# docker info

Containers: 26

 Running: 1

 Paused: 0

 Stopped: 25

Images: 16

Server Version: 18.09.6

Storage Driver: overlay2

 Backing Filesystem: xfs

 Supports d_type: true

 Native Overlay Diff: true

Logging Driver: json-file

Cgroup Driver: cgroupfs

Plugins:

 Volume: local

 Network: bridge host macvlan null overlay

 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog

Swarm: inactive

Runtimes: runc

Default Runtime: runc

Init Binary: docker-init

containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84

runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30

init version: fec3683

Security Options:

 seccomp

  Profile: default

Kernel Version: 3.10.0-862.el7.x86_64

Operating System: CentOS Linux 7 (Core)

OSType: linux

Architecture: x86_64

CPUs: 2

Total Memory: 3.697GiB

Name: docker

ID: 3EAH:DXYW:7DXA:76IW:AKHC:TKG5:FC5N:QPRB:SFAY:T6HB:LSCS:CUPK

Docker Root Dir: /var/lib/docker

Debug Mode (client): false

Debug Mode (server): false

Username: yinshoucheng

Registry: https://index.docker.io/v1/

Labels:

Experimental: false

Insecure Registries:

 192.168.193.128:5000

 127.0.0.0/8

Registry Mirrors:

 https://registry.docker-cn.com/

Live Restore Enabled: false

Product License: Community Engine

安装docker-compose

https://github.com/docker/compose/releases/

[root@docker ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0-rc1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

[root@docker ~]# chmod +x /usr/local/bin/docker-compose

[root@docker ~]# docker-compose --version

docker-compose version 1.25.0-rc1, build 8552e8e2

自签TLS证书

https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

解压

[root@docker ~]# tar -zxf harbor-offline-installer-v1.8.1.tgz

[root@docker ~]#

[root@docker ~]# cd harbor

创建存放ssl的目录

[root@docker harbor]# mkdir ssl

生成ca根证书

[root@docker harbor]# mkdir ssl

[root@docker harbor]# cd ssl

[root@docker ssl]# openssl req \

> -newkey rsa:4096 -nodes -sha256 -keyout ca.key \

> -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key

........................................................................................................................................................................++

...............................................++

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:goldenyin

Email Address []:

[root@docker ssl]# ls

ca.crt  ca.key

[root@docker ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.goldenyin.com.key -out reg.goldenyin.com.csr

Generating a 4096 bit RSA private key

.................................................................................................................................................................................................++

........++

writing new private key to 'reg.goldenyin.com.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:reg.goldenyin.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@docker ssl]# ls

ca.crt  ca.key  reg.goldenyin.com.csr  reg.goldenyin.com.key

[root@docker ssl]# openssl x509 -req -days 365 -in reg.goldenyin.com.csr -CA ca.crt -CAkey ca.key -CA.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.goldenyin.com.crt

Signature ok

subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.goldenyin.com

Getting CA Private Key

[root@docker ssl]# ls

ca.crt  ca.srl                 reg.goldenyin.com.csr

ca.key  reg.goldenyin.com.crt  reg.goldenyin.com.key

Harbor安装与配置

[root@docker ssl]# cd ..

[root@docker harbor]# ls

harbor.v1.8.1.tar.gz  harbor.yml  install.sh  LICENSE  prepare  ssl

配置harbor.cfg(新版已经改成harbor.yml)

修改配置,协议,证书,管理员密码 

示例:

hostname = reg.goldenyin.com

将http:和port:80注释(新版本)

ui_url_protocol = https(新版无此项)

ssl_cert = ./ssl/reg.lvusyy.com.crt(新版本certificate: ./ssl/reg.goldenyin.com.crt)

ssl_cert_key = ./ssl/reg.lvusyy.com.key(新版本private_key: ./ssl/reg.goldenyin.com.key)

harbor_admin_password = harbor12345

[root@docker harbor]#  ./prepare (读取配置文件,新版本无需此步骤操作)

将https:和port:443注释取消(新版本)

external_url: https://reg.goldenyin.com:8433(新版本)

[root@docker harbor]# ./install.sh

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://reg.goldenyin.com.

For more details, please visit https://github.com/goharbor/harbor .

windows主机配置hosts(C:\Windows\System32\drivers\etc\hosts)

192.168.193.128 reg.goldenyin.com

http://reg.goldenyin.com/

https://reg.goldenyin.com/(未配置)

docker主机访问Harbor

[root@docker harbor]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.193.128 reg.goldenyin.com

[root@docker harbor]# docker login reg.goldenyin.com

创建证书保存目录

[root@docker harbor]# mkdir -p /etc/docker/certs.d/reg.goldenyin.com

拷贝证书

[root@docker reg.goldenyin.com]# ls

reg.goldenyin.com.crt

重新登录

[root@docker harbor]# docker login reg.goldenyin.com

docker tag SOURCE_IMAGE[:TAG] reg.goldenyin.com/test/IMAGE[:TAG]

docker push reg.goldenyin.com/test/IMAGE[:TAG]

docker镜像仓库的更多相关文章

  1. docker 镜像仓库 Harbor 部署 以及 跨数据复制

    docker 镜像仓库 Harbor 部署 跨数据复制 Harbor 是 Vmwar 公司开源的 企业级的 Docker Registry 管理项目 它主要 提供 Dcoker Registry 管理 ...

  2. 离线手动部署docker镜像仓库——harbor仓库(HTTPS)

    实验环境: harbor服务器系统:CentOS Linux release 7.5.1804 (Core)harbor服务器IP:10.1.12.114harbor版本:v1.5.0docker版本 ...

  3. 你必须知道的Docker镜像仓库的搭建

    近期工作中发现用到的容器镜像越来越多(不多的时候没考虑过镜像仓库的问题),同一个容器镜像也存在多个版本,那么镜像仓库的搭建需求就涌现出来,本文就目前的几个常用镜像仓库的搭建进行介绍,我们可以根据需要选 ...

  4. 019.nexus搭建docker镜像仓库/maven仓库

    一.安装docker CE 参考docker doc https://docs.docker.com/install/linux/docker-ce/centos/ 二.docker启动nexus3 ...

  5. Docker镜像仓库的搭建--> Harbor篇

    简介 Harbor是VMware公司开源的一个企业级Docker Registry项目,项目地址:https://github.com/goharbor/harbor Harbor作为一个企业级私有R ...

  6. Docker笔记2:Docker 镜像仓库

    Docker 镜像的官方仓库位于国外服务器上,在国内下载时比较慢,但是可以使用国内镜像市场的加速器(比如阿里云加速器)以提高拉取速度. Docker 官方的镜像市场,可以和 Gitlab 或 GitH ...

  7. 部署docker镜像仓库及高可用

      下载地址: https://github.com/goharbor/harbor/releases   安装harbor服务器: 安装harbor root@harbor-vm1:/usr/loc ...

  8. 搭建docker镜像仓库(二):使用harbor搭建本地镜像仓库

    目录 一.系统环境 二.前言 三.Harbor 四.使用harbor搭建私有镜像仓库 4.1 环境介绍 4.2 k8smaster节点安装配置harbor 4.2.1 安装harbor离线包 4.2. ...

  9. Docker镜像仓库Harbor之Swagger REST API整合配置

    转载自:https://cloud.tencent.com/developer/article/1010618 1.Swagger 介绍 Swagger 是一个规范和完整的框架,用于生成.描述.调用和 ...

  10. Docker镜像仓库清理的探索之路

    用友云开发者中心是基于Docker容器进行微服务架构应用的落地与管理.相信各位同学在使用的过程中,会发现随着Docker镜像的增多,占用磁盘空间也约来越多.这时我们需要清理私有镜像仓库中不需要的镜像. ...

随机推荐

  1. 微信小程序(15)--上传图片公用组件(2)

    接下来开始写写上传图片的公用组件,可以自定义上传几张图片. chooseImage文件夹里面的index.wxml和index.js,涉及图片上传,删除,预览. <view class=&quo ...

  2. centos7系统之telnet命令rpm包安装

    centos7系统之telnet命令rpm包安装 1. 下载安装包 rpm包下载位置:http://vault.centos.org/6.3/os/x86_64/Packages/ [root@ywb ...

  3. Vue--事件处理(逐个学习事件修饰符)

    .capture .self .once 主要学习这三个事件修饰符的用法先来看看capture capture即是给元素添加一个监听器,当元素发生冒泡时,先触发带有该修饰符的元素.若有多个该修饰符,则 ...

  4. jquery 小知识

    $("p:eq(0)") :表p标签的第一个元素 $("p:eq(1)") :表p标签的第二个元素

  5. fastjson 1.1.1填坑

    java封装Echart数据模型 xAxis  yAxis 属性  转json赋值失败..换名即可 解决办法:升级1.2.2后即可

  6. windows命令行运行mysql

    在cmd中输入时一定要保证英文环境. 1. windows命令行运行mysql: 我是将MYSQL安装在C:\Program Files\MySQL所以 C:\Program Files\MySQL\ ...

  7. vue 全局 js 方法

    1.新增 getCurrentDataType.js 文件 import cookieUtils from '@/config/cookieUtils' function getCurrentData ...

  8. leetcode-15双周赛-1287-有序数组中出现次数超过25%的元素

    题目描述: 方法一:二分法 class Solution: def findSpecialInteger(self, arr: List[int]) -> int: span = len(arr ...

  9. SSH框架整合-myeclipse

    项目结构   1.mysql数据库 stuinfo /* SQLyog 企业版 - MySQL GUI v8.14 MySQL - 5.5.40 : Database - stuinfo ****** ...

  10. SSM项目用ajax来显示数据

    <script type="text/javascript"> //1:页面加载完成后,直接去发送ajax请求,要到分页的数据 $(function(){ $.ajax ...