Docker 私有仓库 --docker-registry

禄光霁
2023-12-01

Docker 私有仓库 --docker-registry

一、私有仓库 --docker-registry 介绍

有时候使用 Docker Hub 这样的公共仓库可能不方便,用户可以创建一个本地仓库供私人使用。

本节介绍如何使用本地仓库。

docker-registry是官方提供的工具,可以用于构建私有的镜像仓库。docker-registry 目前有两个版本 v1.x 和 v2.x,其中v1.x 在功能上面存在缺陷。本文内容基于 docker-registry v2.x版本。

1.1 docker-registry 安装方式

  • yum等包管理器 安装
  • docker 容器化安装
  • 二进制安装

二、yum 安装docker-registry

2.1 rpm 包概要

[root@hw-tester-11-90 ~]# yum search docker
.......
docker-distribution.x86_64 : Docker toolset to pack, ship, store, and deliver content
docker-registry.x86_64 : Registry server for Docker
.......


[root@hw-tester-11-90 ~]# yum info docker-distribution
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: ftp.sjtu.edu.cn
可安装的软件包
名称    :docker-distribution
架构    :x86_64
版本    :2.6.2
发布    :2.git48294d9.el7
大小    :3.5 M
源    :extras/7/x86_64
简介    : Docker toolset to pack, ship, store, and deliver content
网址    :https://github.com/docker/distribution
协议    : ASL 2.0
描述    : Docker toolset to pack, ship, store, and deliver content


[root@hw-tester-11-90 ~]# yum info docker-registry
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile

 * base: mirrors.aliyun.com
 * epel: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: ftp.sjtu.edu.cn
^H可安装的软件包
名称    :docker-registry
架构    :x86_64
版本    :0.9.1
发布    :7.el7
大小    :123 k
源    :extras/7/x86_64
简介    : Registry server for Docker
网址    :https://github.com/docker/docker-registry
协议    : ASL 2.0
描述    : Registry server for Docker (hosting/delivering of repositories and images).

2.2 docker-registry 安装

[root@hw-tester-11-90 ~]# yum install docker-distribution -y

2.3 查看安装内容

[root@hw-tester-11-90 ~]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry

2.4 配置文件

[root@hw-tester-11-90 ~]# cat /etc/docker-distribution/registry/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000

仓库的端口默认为: 5000
docker镜像的存储位置:/var/lib/registry

2.5 服务启动

2.5.1 启动服务 systemctl start docker-distribution.service

[root@hw-tester-11-90 ~]# systemctl start docker-distribution.service

[root@hw-tester-11-90 ~]# systemctl status docker-distribution.service
● docker-distribution.service - v2 Registry server for Docker
   Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; disabled; vendor preset: disabled)
   Active: active (running) since 四 2019-04-11 11:10:22 CST; 4s ago
 Main PID: 39084 (registry)
   CGroup: /system.slice/docker-distribution.service
           └─39084 /usr/bin/registry serve /etc/docker-distribution/registry/config.yml

4月 11 11:10:22 hw-tester-11-90.7dtest.cn systemd[1]: Started v2 Registry server for Docker.
4月 11 11:10:22 hw-tester-11-90.7dtest.cn systemd[1]: Starting v2 Registry server for Docker...
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a sha...
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="redis not configured" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="Starting upload purge in 6m0s" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="using inmemory blob descriptor cache" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
4月 11 11:10:22 hw-tester-11-90.7dtest.cn registry[39084]: time="2019-04-11T11:10:22+08:00" level=info msg="listening on [::]:5000" go.version=go1.9.4 instance.id=2467dc4c-1df8-4cda-9ec9-255f6a9bda1e version="v2.6.2+unknown"
Hint: Some lines were ellipsized, use -l to show in full.

2.5.2 设置开机自启

[root@hw-tester-11-90 ~]# systemctl enable docker-distribution.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.

2.5.3 查看启动端口

[root@hw-tester-11-90 ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:40180           0.0.0.0:*               LISTEN      33873/java          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      979/sshd            
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      1000/zabbix_agentd  
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1305/mysqld         
tcp6       0      0 :::22                   :::*                    LISTEN      979/sshd            
tcp6       0      0 :::10050                :::*                    LISTEN      1000/zabbix_agentd  
tcp6       0      0 :::5000                 :::*                    LISTEN      39084/registry 

三、docker 运行 docker-registry

你可以通过获取官方 registry 镜像来运行。

[root@k8s-node01-11-168 ~]# docker search registry
NAME                                    DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
registry                                The Docker Registry 2.0 implementation for s…   2509                [OK]                
konradkleine/docker-registry-frontend   Browse and modify your Docker registry in a …   221                                     [OK]
hyper/docker-registry-web               Web UI, authentication service and event rec…   164                                     [OK]
atcol/docker-registry-ui                A web UI for easy private/local Docker Regis…   114                                     [OK]
distribution/registry                   WARNING: NOT the registry official image!!! …   57                                      [OK]
marvambass/nginx-registry-proxy         Docker Registry Reverse Proxy with Basic Aut…   44                                      [OK]
jhipster/jhipster-registry              JHipster Registry, based on Netflix Eureka a…   43                                      [OK]
google/docker-registry                  Docker Registry w/ Google Cloud Storage driv…   38                                      
confluentinc/cp-schema-registry         Official Confluent Docker Images for Schema …   33                                      
joxit/docker-registry-ui                Docker registry v2 web User Interface           24                                      [OK]
klausmeyer/docker-registry-browser      Web Interface for the Docker Registry HTTP A…   18                                      [OK]
openshift/origin-docker-registry        The integrated OpenShift V3 registry            13                                      
deis/registry                           Docker image registry for the Deis open sour…   12                                      
landoop/schema-registry-ui              UI for Confluent's Schema Registry              7                                       [OK]
parabuzzle/docker-registry-ui           Docker registry frontend for registry v2        6                                       
quiq/docker-registry-ui                 Docker Registry UI                              6                                       
anoxis/registry-cli                     You can list and delete tags from your priva…   6                                       [OK]
elasticio/docker-registry-ecs           Docker image to run Docker private registry …   4                                       [OK]
allingeek/registry                      A specialization of registry:2 configured fo…   4                                       [OK]
yammer/docker-registry-cache            Simple docker registry cache using squid-pro…   1                                       [OK]
webhippie/registry                      Docker images for Docker Registry               1                                       [OK]
aibaars/docker-registry2-gcs            Docker Registry2 w/ Google Cloud Storage dri…   1                                       
metadata/registry                       Metadata Registry is a tool which helps you …   1                                       [OK]
convox/registry                                                                         0                                       
lorieri/registry-ceph                   Ceph Rados Gateway (and any other S3 compati…   0 

3.1 获取镜像 [官方镜像]

[root@k8s-node01-11-168 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete 
1cc8e0bb44df: Pull complete 
54d33bcb37f5: Pull complete 
e8afc091c171: Pull complete 
b4541f6d3db6: Pull complete 
Digest: sha256:3b00e5438ebd8835bcfa7bf5246445a6b57b9a50473e89c02ecc8e575be3ebb5
Status: Downloaded newer image for registry:latest

[root@k8s-node01-11-168 ~]# docker image ls
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
registry                          latest              f32a97de94e1        4 weeks ago         25.8MB

3.2 运行镜像

docker run -d -p 5000:5000 --restart=always --name registry registry

registry 仓库将镜像保存在/var/lib/registry中,为了保证镜像数据的安全性,我们使用数据卷的方式持久保存。

docker run -d
-p 5000:5000
-v /opt/data/registry:/var/lib/registry
registry

[root@k8s-node01-11-168 ~]# docker run -d \
>     -p 5000:5000 \
>     -v /opt/data/registry:/var/lib/registry \
>     registry
bab6d21e0722ed6253edf7c8c751b5dcfc6e23d1f6b9bcb5b331af49b0b4f853
[root@k8s-node01-11-168 ~]# docker ps
CONTAINER ID        IMAGE                             COMMAND                  CREATED             STATUS              PORTS                    NAMES
bab6d21e0722        registry                          "/entrypoint.sh /etc…"   12 seconds ago      Up 11 seconds       0.0.0.0:5000->5000/tcp   eloquent_raman

[root@k8s-node01-11-168 ~]# netstat -tanlp |grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      74265/docker-proxy 

四、docker私有仓库 docker-registry 的使用

docker 私有仓库和gitlab 一样是一个私有的仓库由于存储docker的image进行使用的。和数据库一样,对于仓库来讲我们操作的方式一般为:增删改查,已经是推送新增镜像,删除镜像,修改镜像(版本),查询镜像。下面我们将我们本地的一个image镜像推送到私有仓库

4.1 准备一个镜像或容器

[root@hw-apptest01-11-172 ~]# docker image ls
REPOSITORY                                              TAG                 IMAGE ID            CREATED             SIZE
jdk1.8testbug4                                          latest              67d7ce25869d        3 weeks ago         867MB
。。。。。。

4.2 配置镜像tag标签

docker tag 本地镜像仓库:本地镜像标签 远程仓库名:远程镜像标签

[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4
The push refers to repository [10.40.11.90:5000/jdk1.8testbug4]
An image does not exist locally with the tag: 10.40.11.90:5000/jdk1.8testbug4

[root@hw-apptest01-11-172 ~]# docker tag jdk1.8testbug4 10.40.11.90:5000/jdk1.8testbug4

[root@hw-apptest01-11-172 ~]# docker image ls
REPOSITORY                                              TAG                 IMAGE ID            CREATED             SIZE
10.40.11.90:5000/jdk1.8testbug4                         latest              67d7ce25869d        3 weeks ago         867MB
jdk1.8testbug4                                          latest              67d7ce25869d        3 weeks ago         867MB

4.3 将镜像推送到私有仓库

[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4
The push refers to repository [10.40.11.90:5000/jdk1.8testbug4]
Get https://10.40.11.90:5000/v2/: http: server gave HTTP response to HTTPS client

push 报错,原来docker 从docker 仓库中推送或获取镜像都是默认走https协议的。解决方案:

  • 方案一: ssl证书 可以用nginx反向代理过去,或使用私有仓库的高级用法
  • 方案二: 修改docker配置文件,关闭证书 “insecure-registries”: [“10.40.11.90:5000”]

4.3.1 修改docker配置文件,忽略私有镜像证书较验

[root@hw-apptest01-11-172 ~]# vim /etc/docker/daemon.json 
[root@hw-apptest01-11-172 ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["10.40.11.90:5000"]
}

[root@hw-apptest01-11-172 ~]# systemctl reload docker

注意,修改完docker配置后需要reload,一定要注意 restart会导致所有正在运行的容器关闭。

4.3.2 push 镜像

[root@hw-apptest01-11-172 ~]# docker push 10.40.11.90:5000/jdk1.8testbug4
The push refers to repository [10.40.11.90:5000/jdk1.8testbug4]
028f3402bc33: Pushed 
29efa81e94c5: Pushed 
0efdc57e9299: Pushed 
f20d820fa2b7: Pushed 
bb0bedfed055: Pushed 
071d8bd76517: Pushed 
latest: digest: sha256:c2ffafa1cbc86f614d0055b5d8fb0511d01a9c48d6520e1a6cfd56bcb25cfbd8 size: 1587

4.4 私有仓库中查询镜像

刚刚我们上传了一个镜像,下面我们查看下进行。docker-registry v2.x 开始提供了api接口可以进行镜像的查询操作。

[root@k8s-node01-11-168 ~]# curl http://10.40.11.90:5000/v2/_catalog
{"repositories":["jdk1.8testbug4"]}

4.5 获取镜像

docker pull 镜像地址/镜像名称/版本

[root@k8s-node01-11-168 ~]# docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@k8s-node01-11-168 ~]# docker pull 10.40.11.90:5000/jdk1.8testbug4
Using default tag: latest
Error response from daemon: Get https://10.40.11.90:5000/v2/: http: server gave HTTP response to HTTPS client
# docker 的push 和pull操作都需要https协议,直接忽略该私有仓库证书校验
[root@k8s-node01-11-168 ~]# vim /etc/docker/daemon.json 
[root@k8s-node01-11-168 ~]# systemctl reload docker

[root@k8s-node01-11-168 ~]# docker pull 10.40.11.90:5000/jdk1.8testbug4
Using default tag: latest
latest: Pulling from jdk1.8testbug4
a02a4930cb5d: Pull complete 
915783117a15: Pull complete 
8674a53df34b: Pull complete 
12f89fef257c: Pull complete 
c41934a5be2d: Pull complete 
2520b3c70a8a: Pull complete 
Digest: sha256:c2ffafa1cbc86f614d0055b5d8fb0511d01a9c48d6520e1a6cfd56bcb25cfbd8
Status: Downloaded newer image for 10.40.11.90:5000/jdk1.8testbug4:latest

[root@k8s-node01-11-168 ~]# docker image ls
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
10.40.11.90:5000/jdk1.8testbug4   latest              67d7ce25869d        3 weeks ago         867MB

镜像获取成功,下面我们进行运行镜像测试

4.6运行镜像

[root@k8s-node01-11-168 ~]# docker run -it -d --name jdk1.8-test 10.40.11.90:5000/jdk1.8testbug4
703c257f4ff2110402fbe159c4026195175e8963cd9646a22927cac482b3508d
[root@k8s-node01-11-168 ~]# 
[root@k8s-node01-11-168 ~]# docker ps
CONTAINER ID        IMAGE                             COMMAND                  CREATED             STATUS              PORTS               NAMES
703c257f4ff2        10.40.11.90:5000/jdk1.8testbug4   "sh -c /bin/whole51/…"   8 seconds ago       Up 7 seconds                            jdk1.8-test


[root@k8s-node01-11-168 ~]# docker exec -it jdk1.8-test /bin/bash
[admin@703c257f4ff2 sz-app-loanrepay-rpc]$ 
[admin@703c257f4ff2 sz-app-loanrepay-rpc]$ jps
35 jar
103 Jps
[admin@703c257f4ff2 sz-app-loanrepay-rpc]$ ps -ef |grep java
admin         1      0  0 06:11 pts/0    00:00:00 /bin/bash /bin/whole51/java-start.sh
admin        33      1  0 06:11 pts/0    00:00:00 /bin/bash /bin/whole51/java-service loanrepay-rpc start dev
admin        35     33  9 06:11 pts/0    00:00:13 /usr/local/jdk1.8.0_144/bin/java -server -Denv=dev -Ddubbo.registry.file=.dubbo/dubbo-registry-zookeeper1.dafy.com.cache -XX:+UseG1GC -Xms128m -Xmx128m -Dsun.net.inetaddr.ttl=600 -XX:MaxMetaspaceSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=heap_dump_2019-04-11_06-11-05.hprof -Xloggc:/data/logs/loanrepay-rpc/2019-04-11_06-11-05.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution -XX:+PrintGCCause -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=20m -Dfile.encoding=UTF-8 -jar loanrepay-rpc-bootstrap-1.1.0-SNAPSHOT.jar
admin       116     85  0 06:13 pts/1    00:00:00 grep --color=auto java

五、总结

docker 是一种容器技术,docker 服务是一种容器引擎可以运行容器。而容器的运行需要通过镜像为模板来创建容器,存储镜像的仓库叫做镜像仓库。和git一样有共有仓库平台 和 私有仓库平台。docker-registry 就是docker 官方提供的私有镜像平台,在不断迭代中目前的版本为v2.x,可以满足基础仓库操作的需要,但依然不是很方便。后面的章节中我们会介绍其他的几款开源的仓库。


六、附: 镜像 — 仓库相关命令

Docker可以像GitHub/gitlab一样进行Push和Pull操作并且十分简单

1.在Docker Hub/阿里云等平台 上注册一个账号,然后创建一个远程仓库
Docker Hub地址: https://hub.docker.com/

2.首先将本地容器打包成本地镜像
docker commit 容器名 镜像仓库:镜像标签
然后只要使用docker images可以查看到你打包到本地镜像就可以了

3.将本地容器打包到远程仓库
docker tag 本地镜像仓库:本地镜像标签 远程仓库名:远程镜像标签

4.push到远程仓库
docker login
docker push 远程仓库名:远程镜像标签
注意 : 这里的远程镜像标签是自己定义的名称,即在Docker Hub上看到的标签名
push之前要先登录

5.从远程pull到本地

总体而言docker镜像push到仓库是需要两个大步骤:

    1. tag 标签
    1. push 仓库

PS:

公有仓库需要 账号登录,push 和 pull 默认都是ssl,私有仓库要加ssl证书或修改docker配置,允许非ssl

 类似资料: