Skip to content

Instantly share code, notes, and snippets.

@fire9

fire9/搭建Docker Registry私有仓库和Web界面管理服务.md

Last active February 2, 2024 14:54
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save fire9/67533c051e61ec9511c09fa1dfcfb726 to your computer and use it in GitHub Desktop.
Save fire9/67533c051e61ec9511c09fa1dfcfb726 to your computer and use it in GitHub Desktop.
Download ZIP
搭建Docker Registry私有仓库和Web界面管理服务
Raw
搭建Docker Registry私有仓库和Web界面管理服务.md

搭建Docker Registry私有仓库和Web界面管理服务

为啥要搭私有的仓库?

安全,节省带宽,速度快.

什么是Docker Registry?

Docker Registry由三个部分组成:index,registry,registry client 可以把Index认为是负责登录、负责认证、负责存储镜像信息和负责对外显示的外部实现, 而registry则是负责存储镜像的内部实现,而Registry Client则是docker客户端。

安装Docker Registry

** Docker版本需要1.6以上,先确认docker的版本 **

$ docker --version
Docker version 18.09.2, build 6247962

打标签

# docker tag centos:6 192.168.1.120:5000/centos:6
# docker push 192.168.1.120:5000/centos:6

配置私有仓库可信任

修改/etc/docker/daemon.json, 如果没有就创建这个文件

{
    "registry-mirror": ["https://registry.docker.com"],
    "insecure-registries": ["10.0.0.10:5000"]
}

在本地运行registry(Docker宿主机的IP)

$ docker run -d -v /home/devops/docker-registry:/var/lib/registry -p 5000:5000 \
  --restart=always --name registry registry:2

docker volume create registry

docker run -p 5000:5000 -v /tmp/registry:/tmp/registry registry

docker run \
         -e SETTINGS_FLAVOR=s3 \
         -e AWS_BUCKET=mybucket \
         -e STORAGE_PATH=/registry \
         -e AWS_KEY=myawskey \
         -e AWS_SECRET=myawssecret \
         -e SEARCH_BACKEND=sqlalchemy \
         -p 5000:5000 \
         registry

运行一个私有仓库

$ docker run -d -v /home/devops/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:2

挂载卷运行一个仓库

$ docker volume create registry
$ docker run -d -v registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:2

挂载 S3 存储运行一个仓库

docker run \
 -e SETTINGS_FLAVOR=s3 \
 -e AWS_BUCKET=mybucket \
 -e STORAGE_PATH=/registry \
 -e AWS_KEY=myawskey \
 -e AWS_SECRET=myawssecret \
 -e SEARCH_BACKEND=sqlalchemy \
 -p 5000:5000 \
 registry

运行一个带证书的私有仓库

docker run -d -p 443:5000 --restart=always --name registry \
-v /home/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ssl.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/ssl.key \
registry:2

下载

# docker pull 192.168.1.120:5000/centos:7

访问私有仓库

$ curl 127.0.0.1:5000/v2/_catalog
{"repositories":[]}

列出镜像标签

# curl http://192.168.1.120:5000/v2/centos/tags/list

安装 Docker Web UI --- protainer

$ docker volume create portainer_data
$ docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock \
  -v portainer_data:/data portainer/portainer

docker service create \
--name portainer \
--publish 9000:9000 \
--constraint 'node.role == manager' \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer \
-H unix:///var/run/docker.sock

docker run -d -p 443:5000 --restart=always --name registry \
-v /home/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ssl.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/ssl.key \
registry:2

通过服务创建一个 portainer UI

docker service create \
--name portainer \
--publish 9000:9000 \
--constraint 'node.role == manager' \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer \
-H unix:///var/run/docker.sock

### 参考

[portainer](https://www.portainer.io/)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment