普拉多VX

人生一路,不问来时,不知归期

0%

构建docker私有Registry

Registry分类

  • Sponsor Registry: 第三方registry,供客户和社区使用
  • Mirror Registry: 第三方registry,只让用户使用
  • Vendor Registry: 由发布镜像的供应商提供的registry
  • Private Registry: 通过设有防火期和额外安全层(ssl)的私有registry

为什么需要私有Registry

一般部署在本地自建(使用内网),如果使用阿里云直接使用阿里的registry就可以。

  • 托管镜像
  • 占用带宽低
  • 下载速度快
  • 快速部署

安装docker-registry

ubuntu 16.04 安装registry 使用apt-get install docker-registry即可.安装完镜像存储目录为。/var/lib/docker-registry

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# apt-get install docker-registry
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libopts25 python-meld3 python-pkg-resources
Use 'apt autoremove' to remove them.
The following NEW packages will be installed:
docker-registry
0 upgraded, 1 newly installed, 0 to remove and 205 not upgraded.
Need to get 2,694 kB of archives.
After this operation, 12.6 MB of additional disk space will be used.
Get:1 http://mirrors.cloud.aliyuncs.com/ubuntu xenial/universe amd64 docker-registry amd64 2.3.0~ds1-1 [2,694 kB]
Fetched 2,694 kB in 0s (8,438 kB/s)
Selecting previously unselected package docker-registry.
(Reading database ... 103689 files and directories currently installed.)
Preparing to unpack .../docker-registry_2.3.0~ds1-1_amd64.deb ...
Unpacking docker-registry (2.3.0~ds1-1) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up docker-registry (2.3.0~ds1-1) ...
Adding system user `docker-registry' (UID 113) ...
Adding new group `docker-registry' (GID 122) ...
Adding new user `docker-registry' (UID 113) with group `docker-registry' ...
Not creating home directory `/var/lib/docker-registry'.
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...

检查启动端口 5000

1
2
3
4
5
6
7
8
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 27873/nginx -g daem
tcp 0 0 127.0.0.1:8222 0.0.0.0:* LISTEN 8466/python3
tcp6 0 0 :::5000 :::* LISTEN 32026/docker-regist
tcp6 0 0 :::8335 :::* LISTEN 17406/docker-proxy
tcp6 0 0 :::8336 :::* LISTEN 17989/docker-proxy

修改客户端镜像tag

1
2
3
4
5
6
luodi@roddydeMacBook-Pro:~$ docker tag nginxtest 120.27.0.222:5000/nginxtest:1.0.0
luodi@roddydeMacBook-Pro:~$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 5b5cf5c2be8f 23 hours ago 249MB
120.27.0.222:5000/nginxtest 1.0.0 1c26cc9ad467 24 hours ago 249MB
nginxtest latest 1c26cc9ad467 24 hours ago 249MB

推送镜像

无法推送到私有registry,提示我们需要https,不过可以修改docker 配置文件加上insecure-registries

1
2
3
4
5

luodi@roddydeMacBook-Pro:~$ docker push 120.27.0.222:5000/nginxtest:1.0.0
The push refers to repository [120.27.0.222:5000/nginxtest]
Get https://120.27.0.222:5000/v2/: http: server gave HTTP response to HTTPS client
luodi@roddydeMacBook-Pro:~$

配置参考:

1
2
3
4
5
6
7
8
9
{
"experimental": false,
"debug": true,
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"insecure-registries":["120.27.0.222:5000"]
}

修改后重启客户端docker

1
2
3
4
luodi@roddydeMacBook-Pro:~/dockerfile_build/httpd$ docker push 120.27.0.222:5000/nginxtest:1.0.0
The push refers to repository [120.27.0.222:5000/nginxtest]
291f6e44771a: Pushed
1.0.0: digest: sha256:fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71 size: 529

上传成功后看目录结构,会存放到v2目录下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
/var/lib/docker-registry/
└── docker
└── registry
└── v2
├── blobs
│   └── sha256
│   ├── 0d
│   │   └── 0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
│   │   └── data
│   ├── 3c
│   │   └── 3c72a8ed68140139e483fe7368ae4d9651422749e91483557cbd5ecf99a96110
│   │   └── data
│   └── fc
│   └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
│   └── data
└── repositories
└── nginxtest
├── _layers
│   └── sha256
│   ├── 0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
│   │   └── link
│   └── 3c72a8ed68140139e483fe7368ae4d9651422749e91483557cbd5ecf99a96110
│   └── link
├── _manifests
│   ├── revisions
│   │   └── sha256
│   │   └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
│   │   └── link
│   └── tags
│   └── 1.0.0
│   ├── current
│   │   └── link
│   └── index
│   └── sha256
│   └── fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71
│   └── link
└── _uploads

使用容器安装

因registry本身就是一个容器,默认情况下,会将私有仓库存放于容器内的/var/lib/registry目录下,这样如果容器被删除,则存放于容器中的镜像也会丢失。

下载registry镜像

1
2
3
4
5
6
7
8
9
10
11
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker pull registry       
Using default tag: latest
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest

启动registry容器

1
2
3
4
5
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker run -dit -p 5000:5000 --restart=always --name Myregistry -v /root/registry:/var/lib/registry registry 
d65c75db0954348d5d06a896c04c5e935606e023a1a260b62959600e0165d146
droot@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d65c75db0954 registry "/entrypoint.sh /etc…" 3 seconds ago Up 2 seconds 0.0.0.0:5000->5000/tcp Myregistry

推送镜像

1
2
3
4
luodi@roddydeMacBook-Pro:~/dockerfile_build/httpd$ docker push 120.27.0.222:5000/nginxtest:1.0.0
The push refers to repository [120.27.0.222:5000/nginxtest]
291f6e44771a: Pushed
1.0.0: digest: sha256:fc4a234b91cc4b542bac8a6ad23b2ddcee60ae68fc4dbd4a52efb5f1b0baad71 size: 529