锐客网

  1. 首页 > 生活百科 > it技术 > >

docker仓库

dockerIT知识仓库

曾无好事来相访,赖尔高文一起予。这篇文章主要讲述docker仓库相关的知识,希望能为你提供帮助。
?本地镜像上传至官方docker仓库?????
docker仓库:??https://hub.docker.com/??

#登陆
docker login https://hub.docker.com/
cat .docker/config.json

docker images
docker tag镜像Iddocker.io/taowenwu/centos-nginx
docker push docker.io/taowenwu/centos-nginx

?docker-分布式harbor(https)安装?
安装参考:??https://blog.51cto.com/u_14814545/5052617??
harbor是一个用于存储和分发docker镜像的企业级registry(注册)服务器,由vmware开源
作为一个企业级私有registry服务器
harbor支持安装在多个registry节点的镜像资源复制。

官网地址:??https://vmware.github.io/harbor/cn/??
官方github :??https://github.com/vmware/harbor??
#功能:
1.基于角色的访问控制: 用户与docker镜像仓库通过"项目"进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限
2.镜像复制:镜像可以在多个registry实例中复制(同步)
3.图形化用户界面
4.ad/ldap:harbor可以集成企业内部已有的ad/ldap,用于鉴权认证管理
5.审计管理:所有针对镜像仓库的操作都可以被记录追溯
6.国际化
7.restful api:提供给管理员对于harbor更多的操控,使得与其他管理软件集成变得更容易部署简单

?单机docker registry?
docker registry作为docker的核心组件之一,负责镜像内容的存储与分发,
docker pull 以及push命令都是将直接与registry进行交互
docker1.6版本开始支持registry2.0
docker1.8发布,docker hub 正式启用2.1版本registry
docker1.5和之前的版本无法读取2.0的镜像
registry2.4版本之后支持回收站机制,也就是可以删除镜像

【docker仓库】基于官方registry搭建本地私有仓库
?直接启动容器?
#1.拉取镜像
docker pull registry:2


#2.启动容器
docker run -d -p 5000:5000 --restart=always --name registry1\\
-v /usr/local/registry:/var/lib/registryregistry:2


#3.测试上传
root@ubuntu:/docker# docker push 192.168.47.105:5000/hello-world
-----------------------------------------------------------------------------
Using default tag: latest
The push refers to repository [192.168.47.105:5000/hello-world]
e07ee1baac5f: Pushed
latest: digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4 size: 525

root@ubuntu:/docker# ll /usr/local/registry/docker/registry/v2/repositories/
total 12
drwxr-xr-x 3 root root 4096 Jan 26 16:42 ./
drwxr-xr-x 4 root root 4096 Jan 26 16:42 ../
drwxr-xr-x 5 root root 4096 Jan 26 16:42 hello-world/

root@ubuntu:~# docker exec -it7deea1692bb4 sh
/ # ls /var/lib/registry/docker/registry/v2/
blobs/repositories/
/ # ls /var/lib/registry/docker/registry/v2/repositories/
hello-world


#4.测试下载
root@ubuntu:~# docker pull 192.168.47.105:5000/hello-world
Using default tag: latest
latest: Pulling from hello-world
2db29710123e: Pull complete
Digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4
Status: Downloaded newer image for 192.168.47.105:5000/hello-world:latest
192.168.47.105:5000/hello-world:latest


#5.其他机器上测试下载
vim /lib/systemd/system/docker.service
---------------------------------------------
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.47.105:5000
---------------------------------------------
root@ubuntu:~# docker pull 192.168.47.105:5000/hello-world
Using default tag: latest
latest: Pulling from hello-world
2db29710123e: Pull complete
Digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4
Status: Downloaded newer image for 192.168.47.105:5000/hello-world:latest
192.168.47.105:5000/hello-world:latest

?设置有登录名及密码?
参考:??https://blog.csdn.net/weixin_46380571/article/details/108771308??
#1.创建登录用户及密码
mkdir /docker/auth -p
cd /docker
docker run --entrypoint htpasswd registry:2.6.2 -Bbn admin password > auth/htpasswd#注意这里,高版本的有问题,会出现下面问题1的情况

问题1:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "htpasswd": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled
-----------------------


#2.启动docker registry
docker run -d -p 5000:5000 --restart=always --name registry1\\
-v /docker/auth:/auth \\
-e "REGISTRY_AUTH=htpasswd" \\
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \\
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2.6.2


#3.测试登录
root@ubuntu:/docker# docker login 192.168.47.105:5000
Username: testuser
Password:
Error response from daemon: Get "https://192.168.47.105:5000/v2/": http: server gave HTTP response to HTTPS client
出现这问题的原因是:Docker自从1.3.X之后docker registry交互默认使用的是HTTPS,但是搭建私有镜像默认使用的是HTTP服务,所以与私有镜像交时出现以上错误

vim /lib/systemd/system/docker.service
---------------------------------------------
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.47.105:5000
---------------------------------------------

vim/etc/docker/daemon.json
"insecure-registries":["192.168.47.105:5000"]

root@ubuntu:/docker# systemctl daemon-reload & & systemctl restart docker

登录成功
root@ubuntu:/docker# docker login 192.168.47.105:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


#4.测试上传与下载
#4.1测试上传
docker tag hello-world 192.168.47.105:5000/hello-world
docker push 192.168.47.105:5000/hello-world

#4.2另一台下载
vim /lib/systemd/system/docker.service
---------------------------------------------
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.47.105:5000
---------------------------------------------
docker login 192.168.47.105:5000
docker pull 192.168.47.105:5000/hello-world

?设置有登录名及密码和证书?
参考:??https://blog.csdn.net/weixin_46380571/article/details/108771308??
vim /etc/hosts
----------------------------------
192.168.47.105myrepo.com
----------------------------------

#1.配置证书
mkdir -p /opt/docker/certs
cd /opt/docker/certs

root@ubuntu:/opt/docker/certs# openssl req -newkey rsa:4096 -nodes -sha256 -keyoutmyrepo.key -x509 -days 365 -out myrepo.crt
Generating a 4096 bit RSA private key
...............................................................................................................................++++
..............................................................................++++
writing new private key to myrepo.key
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ., the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:BJ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:myrepo.com
Email Address []:

root@ubuntu:/opt/docker/certs# ls
myrepo.crtmyrepo.key


#2.生成鉴权密码文件
root@ubuntu:/opt/docker

    推荐阅读


    上一篇:windows系统基础

    下一篇:docker-网络