搭建私有镜像仓库

Docker Hub作为Docker默认官方公共镜像,如果想自己搭建私有镜像仓库,官方也提供registry镜像,使得搭建私有仓库非常简单。

下载registry镜像并启动

[root@docker ~]# docker pull registry

[root@docker ~]# docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry

790e35569960041b5976786ab76babc8213e81e0a2d3b1bf3a9c0b5cc2bd1280

测试查看镜像仓库中所有镜像

[root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog

{"repositories":[]}

私有镜像仓库管理

配置私有仓库可信任

[root@docker ~]# cat /etc/docker/daemon.json

{

    "registry-mirrors":["https://registry.docker-cn.com"],

    "insecure-registries":["192.168.193.128:5000"]

}

[root@docker ~]# systemctl restart docker

打标签

[root@docker ~]# docker tag nginx:1.12 192.168.193.128:5000/nginx:1.12

上传

[root@docker ~]# docker push 192.168.193.128:5000/nginx:1.12

[root@docker ~]# curl http://192.168.193.128:5000/v2/_catalog

{"repositories":["nginx"]}

查看信息

[root@docker ~]# curl http://192.168.193.128:5000/v2/nginx/tags/list

{"name":"nginx","tags":["1.12"]}

下载

[root@docker ~]# docker run -itd --name nginx -p 80:80 192.168.193.128:5000/nginx:1.12

6c13f1122f713237e44aabe58f345652785d21f4b2a1deda05985bbf03b5a1be

企业通常使用Docker Harbor镜像管理工具。

Docker Hub公共镜像仓库使用

注册账号

https://hub.docker.com/

登录Docker Hub

创建仓库





linux端登录

[root@docker ~]# docker login

Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.

Username: yinshoucheng

Password:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning. See

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


[root@docker ~]# docker login --username=yinshoucheng --password=123456

镜像打标签

[root@docker ~]# docker tag nginx:1.12 yinshoucheng/golden:1.12

上传

[root@docker ~]# docker push yinshoucheng/golden:1.12



搜索测试

[root@docker ~]# docker search yinshoucheng

NAME                  DESCRIPTION         STARS               OFFICIAL            AUTOMATED

yinshoucheng/golden                       0

下载

[root@docker ~]# docker pull yinshoucheng/golden:1.12

企业级私有镜像仓库Harbor

Harbor是VMware公司开源的企业级Docker Registry项目,项目地址:https://github.com/vmware/harbor

下载离线安装包



安装docker

[root@docker ~]# docker info

Containers: 26

 Running: 1

 Paused: 0

 Stopped: 25

Images: 16

Server Version: 18.09.6

Storage Driver: overlay2

 Backing Filesystem: xfs

 Supports d_type: true

 Native Overlay Diff: true

Logging Driver: json-file

Cgroup Driver: cgroupfs

Plugins:

 Volume: local

 Network: bridge host macvlan null overlay

 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog

Swarm: inactive

Runtimes: runc

Default Runtime: runc

Init Binary: docker-init

containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84

runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30

init version: fec3683

Security Options:

 seccomp

  Profile: default

Kernel Version: 3.10.0-862.el7.x86_64

Operating System: CentOS Linux 7 (Core)

OSType: linux

Architecture: x86_64

CPUs: 2

Total Memory: 3.697GiB

Name: docker

ID: 3EAH:DXYW:7DXA:76IW:AKHC:TKG5:FC5N:QPRB:SFAY:T6HB:LSCS:CUPK

Docker Root Dir: /var/lib/docker

Debug Mode (client): false

Debug Mode (server): false

Username: yinshoucheng

Registry: https://index.docker.io/v1/

Labels:

Experimental: false

Insecure Registries:

 192.168.193.128:5000

 127.0.0.0/8

Registry Mirrors:

 https://registry.docker-cn.com/

Live Restore Enabled: false

Product License: Community Engine

安装docker-compose

https://github.com/docker/compose/releases/

[root@docker ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0-rc1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

[root@docker ~]# chmod +x /usr/local/bin/docker-compose

[root@docker ~]# docker-compose --version

docker-compose version 1.25.0-rc1, build 8552e8e2

自签TLS证书

https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

解压

[root@docker ~]# tar -zxf harbor-offline-installer-v1.8.1.tgz

[root@docker ~]#

[root@docker ~]# cd harbor

创建存放ssl的目录

[root@docker harbor]# mkdir ssl

生成ca根证书

[root@docker harbor]# mkdir ssl

[root@docker harbor]# cd ssl

[root@docker ssl]# openssl req \

> -newkey rsa:4096 -nodes -sha256 -keyout ca.key \

> -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key

........................................................................................................................................................................++

...............................................++

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:goldenyin

Email Address []:

[root@docker ssl]# ls

ca.crt  ca.key

[root@docker ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.goldenyin.com.key -out reg.goldenyin.com.csr

Generating a 4096 bit RSA private key

.................................................................................................................................................................................................++

........++

writing new private key to 'reg.goldenyin.com.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:reg.goldenyin.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@docker ssl]# ls

ca.crt  ca.key  reg.goldenyin.com.csr  reg.goldenyin.com.key

[root@docker ssl]# openssl x509 -req -days 365 -in reg.goldenyin.com.csr -CA ca.crt -CAkey ca.key -CA.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.goldenyin.com.crt

Signature ok

subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.goldenyin.com

Getting CA Private Key

[root@docker ssl]# ls

ca.crt  ca.srl                 reg.goldenyin.com.csr

ca.key  reg.goldenyin.com.crt  reg.goldenyin.com.key

Harbor安装与配置

[root@docker ssl]# cd ..

[root@docker harbor]# ls

harbor.v1.8.1.tar.gz  harbor.yml  install.sh  LICENSE  prepare  ssl

配置harbor.cfg(新版已经改成harbor.yml)

修改配置,协议,证书,管理员密码 

示例:

hostname = reg.goldenyin.com

将http:和port:80注释(新版本)

ui_url_protocol = https(新版无此项)

ssl_cert = ./ssl/reg.lvusyy.com.crt(新版本certificate: ./ssl/reg.goldenyin.com.crt)

ssl_cert_key = ./ssl/reg.lvusyy.com.key(新版本private_key: ./ssl/reg.goldenyin.com.key)

harbor_admin_password = harbor12345

[root@docker harbor]#  ./prepare (读取配置文件,新版本无需此步骤操作)

将https:和port:443注释取消(新版本)

external_url: https://reg.goldenyin.com:8433(新版本)

[root@docker harbor]# ./install.sh

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://reg.goldenyin.com.

For more details, please visit https://github.com/goharbor/harbor .

windows主机配置hosts(C:\Windows\System32\drivers\etc\hosts)

192.168.193.128 reg.goldenyin.com

http://reg.goldenyin.com/

https://reg.goldenyin.com/(未配置)

docker主机访问Harbor

[root@docker harbor]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.193.128 reg.goldenyin.com

[root@docker harbor]# docker login reg.goldenyin.com

创建证书保存目录

[root@docker harbor]# mkdir -p /etc/docker/certs.d/reg.goldenyin.com

拷贝证书

[root@docker reg.goldenyin.com]# ls

reg.goldenyin.com.crt

重新登录

[root@docker harbor]# docker login reg.goldenyin.com

docker tag SOURCE_IMAGE[:TAG] reg.goldenyin.com/test/IMAGE[:TAG]

docker push reg.goldenyin.com/test/IMAGE[:TAG]

docker镜像仓库的更多相关文章

  1. docker 镜像仓库 Harbor 部署 以及 跨数据复制

    docker 镜像仓库 Harbor 部署 跨数据复制 Harbor 是 Vmwar 公司开源的 企业级的 Docker Registry 管理项目 它主要 提供 Dcoker Registry 管理 ...

  2. 离线手动部署docker镜像仓库——harbor仓库(HTTPS)

    实验环境: harbor服务器系统:CentOS Linux release 7.5.1804 (Core)harbor服务器IP:10.1.12.114harbor版本:v1.5.0docker版本 ...

  3. 你必须知道的Docker镜像仓库的搭建

    近期工作中发现用到的容器镜像越来越多(不多的时候没考虑过镜像仓库的问题),同一个容器镜像也存在多个版本,那么镜像仓库的搭建需求就涌现出来,本文就目前的几个常用镜像仓库的搭建进行介绍,我们可以根据需要选 ...

  4. 019.nexus搭建docker镜像仓库/maven仓库

    一.安装docker CE 参考docker doc https://docs.docker.com/install/linux/docker-ce/centos/ 二.docker启动nexus3 ...

  5. Docker镜像仓库的搭建--> Harbor篇

    简介 Harbor是VMware公司开源的一个企业级Docker Registry项目,项目地址:https://github.com/goharbor/harbor Harbor作为一个企业级私有R ...

  6. Docker笔记2:Docker 镜像仓库

    Docker 镜像的官方仓库位于国外服务器上,在国内下载时比较慢,但是可以使用国内镜像市场的加速器(比如阿里云加速器)以提高拉取速度. Docker 官方的镜像市场,可以和 Gitlab 或 GitH ...

  7. 部署docker镜像仓库及高可用

      下载地址: https://github.com/goharbor/harbor/releases   安装harbor服务器: 安装harbor root@harbor-vm1:/usr/loc ...

  8. 搭建docker镜像仓库(二):使用harbor搭建本地镜像仓库

    目录 一.系统环境 二.前言 三.Harbor 四.使用harbor搭建私有镜像仓库 4.1 环境介绍 4.2 k8smaster节点安装配置harbor 4.2.1 安装harbor离线包 4.2. ...

  9. Docker镜像仓库Harbor之Swagger REST API整合配置

    转载自:https://cloud.tencent.com/developer/article/1010618 1.Swagger 介绍 Swagger 是一个规范和完整的框架,用于生成.描述.调用和 ...

  10. Docker镜像仓库清理的探索之路

    用友云开发者中心是基于Docker容器进行微服务架构应用的落地与管理.相信各位同学在使用的过程中,会发现随着Docker镜像的增多,占用磁盘空间也约来越多.这时我们需要清理私有镜像仓库中不需要的镜像. ...

随机推荐

  1. python常用函数 E

    endswith(str/tuple) 末尾元素匹配,可以传入tuple. 例子: enumerate(iterable) 可以跟踪集合元素索引,适用于迭代器. 例子: eval(str) 可以字符串 ...

  2. 牛客小白月赛16 D 小阳买水果 (思维题)

    链接:https://ac.nowcoder.com/acm/contest/949/D来源:牛客网 时间限制:C/C++ 1秒,其他语言2秒 空间限制:C/C++ 262144K,其他语言52428 ...

  3. Kotlin 的 Array 转 List

    Kotlin 的 Array 转 List array.toList() as List<T> 1 Kotlin 的 Array 转 ArrayList array.toList() as ...

  4. 几种IO机制区别

    IO的方式通常分为几种,同步阻塞的BIO.同步非阻塞的NIO.异步非阻塞的AIO. 一.BIO 在JDK1.4出来之前,我们建立网络连接的时候采用BIO模式,需要先在服务端启动一个ServerSock ...

  5. 关于嵌入式linux下的串口通讯问题---需增加回车/换行才能接收

    问题:在Linux应用层,直接从/dev/tty***使用read()函数读数据,无法读到,只有在数据末尾加上0a/0d才可以读到数据(这里是发送十六进制的数据,ASCLL码同理,增加回车才可以读到数 ...

  6. javascript 设置cookie和取得cookie

    代吗实例: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF ...

  7. hive基础知识or基本操作命令

    MySQL的密码是:123456 1.hive创建标准表(以后均可以按照这样创建): create [external] table [if not exists] records (year STR ...

  8. Python中的"Special Method"

    The first thing to know about special methods is that they are meant to be called by the Python inte ...

  9. boost location-dependent times

    1. local_date_time #include <boost/date_time/local_time/local_time.hpp> #include <iostream& ...

  10. python3运行报错:TypeError: Object of type 'type' is not JSON serializable解决方法(详细)

    返回结果先转成str 字符创