目录
1、registry私有仓库
2、insecure registry
3、配置镜像加速器
4、仓库加密
5、仓库认证
6、harbor企业级私有仓库
1、registry私有仓库
官网: Registry | Docker Docs
拉取registry镜像
docker pull registry运行registry仓库
docker run -d -p 5000:5000 --restart=always --name registry registry
上传镜像
docker tag nginx:latest localhost:5000/nginx:latest
docker push localhost:5000/nginx
curl localhost:5000/v2/_catalog
docker pull localhost:5000/nginx
2、insecure registry
3、配置镜像加速器
4、仓库加密
yum install -y openssl11-libs-1.1.1k-2.el7.x86_64.rpm openssl11-1.1.1k-2.el7.x86_64.rpm
vim /etc/hosts
mkdir certs
openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out certs/westos.org.crt
docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key registrydocker ps
部署客户端证书,不然会报错
docker tag nginx:latest reg.westos.org/nginx:latest
docker push reg.westos.org/nginx:latest
mkdir -p /etc/docker/certs.d/reg.westos.org/
cp /root/certs/westos.org.crt /etc/docker/certs.d/reg.westos.org/ca.crt
docker push reg.westos.org/nginx:latest
curl -k https://reg.westos.org/v2/_catalog
5、仓库认证
yum install -y httpd-tools
mkdir auth
htpasswd -Bc auth/htpasswd admin
htpasswd -B auth/htpasswd yyl
cat auth/htpasswd
删除registry,重建
docker rm -f registry
docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
docker login reg.westos.org
cat .docker/config.json
验证
docker tag busybox:latest reg.westos.org/busybox:latest
docker push reg.westos.org/busybox:latest
curl -k https://reg.westos.org/v2/_catalog -u admin:westos
server2上移除非安全仓库设置
mv daemon.json /mnt/
systemctl restart docker添加解析拷贝证书
vim /etc/hosts
cd /etc/docker/
scp -r certs.d/ k8s1:/etc/docker/
登录远程仓库
docker login reg.westos.org
docker pull reg.westos.org/busybox
6、harbor企业级私有仓库
删除之前部署的registry,不然会冲突 拷贝证书
docker rm -f registry
tar zxf harbor-offline-installer-v2.5.0.tgz
cd harbor/
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
mkdir /data
cp -r certs /data
部署docker-compose 部署harbor
mv docker-compose-linux-x86_64-v2.22.0 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
cd harbor/
./install.sh
使用浏览器登录仓库 用户名:admin 密码是上面配置文件设置的123456
上传镜像,首先需要执行docker login reg.westos.org
docker login reg.westos.org
docker tag busybox:latest reg.westos.org/library/busybox:latest
docker tag nginx:latest reg.westos.org/library/nginx:latest
docker push reg.westos.org/library/nginx:latest
docker push reg.westos.org/library/busybox:latest
配置默认仓库
vim /etc/docker/daemon.json
systemctl restart docker
docker pull nginx
公共仓库支持匿名拉取
创建私有仓库
新建用户
授权维护私有仓库
私有仓库上传下载都需要认证,并且还要指定仓库域名
docker tag yakexi007/game2048:latest reg.westos.org/westos/game2048:latest
docker push reg.westos.org/westos/game2048:latest
docker login reg.westos.org
docker pull reg.westos.org/westos/game2048:latest
