docker仓库

下载registry镜像

[root@foundation20 kiosk]# docker search registry

NAME                                    DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED

registry                                The Docker Registry 2.0 implementation for s…   2262                [OK]    

 

[root@foundation20 kiosk]# docker pull registry

[root@foundation20 kiosk]# docker images registry

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

registry            latest              bca04f698ba8        2 years ago         423MB

 

[root@foundation20 kiosk]# vim /etc/docker/daemon.json 

{

  "registry-mirrors": ["https://w8ujyhgj.mirror.aliyuncs.com"],

  "insecure-registries": ["westos.org:5000"]

}

[root@foundation20 kiosk]# systemctl daemon-reload 

 

vim /etc/hosts

 

172.25.20.250   westos.org

 

生成容器

[root@foundation20 registry]# docker run  -d --name registry1 -p 5000:5000 -v /opt/registry/:/var/lib/registry registry:2.3.1

00c7b2e97a48f21aa302854900a394c8a9be80e8756e914286de6d4a0e0053a0

[root@foundation20 registry]# docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES

00c7b2e97a48        registry:2.3.1      "/bin/registry /etc/…"   4 seconds ago       Up 3 seconds        0.0.0.0:5000->5000/tcp   registry1

 

[root@foundation20 kiosk]# iptables  -nL

 

Chain DOCKER (1 references)

target     prot opt source               destination         

ACCEPT     tcp  --  0.0.0.0/0            172.17.0.2           tcp dpt:5000

 

[root@foundation20 kiosk]# netstat -antlp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

        

tcp6       0      0 :::5000                 :::*                    LISTEN      8055/docker-proxy   

修改镜像的tag，完成后把打了tag的镜像上传到本地镜像

[root@foundation20 registry]# docker tag rhel7:latest westos.org:5000/rhel7

[root@foundation20 registry]# docker push westos.org:5000/rhel7

The push refers to repository [westos.org:5000/rhel7]

18af9eb19b5f: Pushed 

latest: digest: sha256:58cd9120a4194edb0de4377b71bd564953255a1422baa1bbd9cb23d521c6873b size: 528

 

[root@foundation20 registry]# cd /opt/registry/

[root@foundation20 registry]# ls

docker

[root@foundation20 registry]# cd docker/

[root@foundation20 docker]# ls

registry

[root@foundation20 docker]# 

 

删除本地的镜像文件，从仓库拉取测试仓库的搭建

[root@foundation20 registry]# docker rmi westos.org:5000/rhel7:latest 

Untagged: westos.org:5000/rhel7:latest

Untagged: westos.org:5000/rhel7@sha256:58cd9120a4194edb0de4377b71bd564953255a1422baa1bbd9cb23d521c6873b

[root@foundation20 registry]# docker rmi rhel7:latest 

Untagged: rhel7:latest

 

[root@foundation20 registry]# docker pull westos.org:5000/rhel7

Using default tag: latest

latest: Pulling from rhel7

Digest: sha256:58cd9120a4194edb0de4377b71bd564953255a1422baa1bbd9cb23d521c6873b

Status: Downloaded newer image for westos.org:5000/rhel7:latest

 

加ssl证书 
创建证书文件夹

[root@foundation20 docker]# mkdir certs

生成ssl证书

[root@foundation20 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt

Generating a 4096 bit RSA private key

..............................................................................................................................................................++

....++

writing new private key to 'certs/domain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:shaanxi

Locality Name (eg, city) [Default City]:xi'an

Organization Name (eg, company) [Default Company Ltd]:westos

Organizational Unit Name (eg, section) []:linux

Common Name (eg, your name or your server's hostname) []:westos.org

Email Address []:root@westos.org

 

[root@foundation20 docker]# cd /etc/docker/

[root@foundation20 docker]# mkdir certs.d

[root@foundation20 certs.d]# mkdir westos.org

将证书copy到上面创建的证书文件夹下

[root@foundation20 westos.org]# cp /tmp/docker/certs/domain.crt ./ca.crt

[root@foundation20 docker]# cd /tmp/docker/

建立私有仓库并指定证书文件

[root@foundation20 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2.3.1

6a5378a03955f8476e0abc24ddd72236f129b9e7003c5bdc905446d911f5a482

 

[root@foundation20 docker]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES

6a5378a03955        registry:2.3.1      "/bin/registry /etc/…"   5 seconds ago       Up 5 seconds        0.0.0.0:443->443/tcp, 5000/tcp   registry

上传镜像文件到私有仓库

[root@foundation20 docker]# docker push westos.org/game2048

The push refers to repository [westos.org/game2048]

88fca8ae768a: Pushed 

6d7504772167: Pushed 

192e9fad2abc: Pushed 

36e9226e74f8: Pushed 

011b303988d2: Pushed 

latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364

 

给私有仓库加入用户名和密码

[root@foundation20 docker]# cd /etc/pki/

[root@foundation20 pki]# cd ca-trust/

[root@foundation20 ca-trust]# cd source/

[root@foundation20 source]# cd anchors/

[root@foundation20 anchors]# cp /tmp/docker/certs/domain.crt westos.org.crt

[root@foundation20 anchors]# update-ca-trust 

[root@foundation20 anchors]# cd /tmp/docker/

建立auth目录生成用户名和密码

[root@foundation20 docker]# mkdir auth

[root@foundation20 docker]# docker run --entrypoint htpasswd registry:2.3.1 -Bbn admin westos > auth/htpasswd

[root@foundation20 auth]# docker stop registry 

registry

[root@foundation20 auth]# docker container prune 

WARNING! This will remove all stopped containers.

Are you sure you want to continue? [y/N] y

Deleted Containers:

6a5378a03955f8476e0abc24ddd72236f129b9e7003c5bdc905446d911f5a482

 

Total reclaimed space: 0B

启动registry容器

[root@foundation20 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry:2.3.1

558a3bd52f0f09770f259aaa6a1840c09161dac23407b7a2742cad4c3c45186c

 

[root@foundation20 docker]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES

558a3bd52f0f        registry:2.3.1      "/bin/registry /etc/…"   4 seconds ago       Up 4 seconds        0.0.0.0:443->443/tcp, 5000/tcp   registry

上传镜像到仓库，失败，需要登陆

[root@foundation20 docker]# docker tag nginx:latest westos.org/nginx

[root@foundation20 docker]# docker push westos.org/nginx

The push refers to repository [westos.org/nginx]

08d25fa0442e: Preparing 

a8c4aeeaa045: Preparing 

cdb3f9544e4c: Preparing 

no basic auth credentials

输入用户名和密码登陆后上传镜像成功

[root@foundation20 docker]# docker login -u admin -p westos westos.org

WARNING! Using --password via the CLI is insecure. Use --password-stdin.

Login Succeeded

[root@foundation20 docker]# docker push westos.org/nginx

The push refers to repository [westos.org/nginx]

08d25fa0442e: Pushed 

a8c4aeeaa045: Pushed 

cdb3f9544e4c: Pushed 

latest: digest: sha256:4ffd9758ea9ea360fd87d0cee7a2d1cf9dba630bb57ca36b3108dcd3708dc189 size: 948