K8S|Docker私有镜像仓库建立之registry


上节演示了,从docker的官方库拉取镜像.在实际的使用过程,出于安全,速度各方面的考虑,我们经常需要建议自己的私有仓库,来存放镜像.今天学习用docker官方提供的镜像库工具来搭建自己的私有仓库

docker run -d \
    --name docker-registry \
    --restart=always \
    -p 5000:5000 \
    -v $PWD/registry:/var/lib/registry \
    registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
486039affc0a: Pull complete
ba51a3b098e6: Pull complete
8bb4c43d6c8e: Pull complete
6f5f453e5f2d: Pull complete
42bc10b72f42: Pull complete
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:latest
dd6e856386b4e460f5c954cb415e13df17c994b55672edb5c2942b05d1b1c697

-d 后台运行
--name 指定容器名字docker ps时方便查看
--restart=always 自动重启
-p 将本机5000端口映射到容器5000
-v 将当前目录的registry文件夹挂到容器的对应目录.指定本地不存在的目录会自动创建
简单来说这样仓库就搭建完了.
演示一下,将上节下载的apline的镜像推到自己新建的仓库里

先查看当前镜像

docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
alpine              latest              a187dde48cd2        3 weeks ago         5.6MB
registry            latest              708bc6af7e5e        2 months ago        25.8MB

通过tag打成新的标记

docker tag alpine 127.0.0.1:5000/alpine

再次查看发现多出了我们新打的镜像

docker image ls
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1:5000/alpine   latest              a187dde48cd2        3 weeks ago         5.6MB
alpine                  latest              a187dde48cd2        3 weeks ago         5.6MB
registry                latest              708bc6af7e5e        2 months ago        25.8MB

将镜像推送到自建仓库

docker push 127.0.0.1:5000/alpine
The push refers to repository [127.0.0.1:5000/alpine]
beee9f30bc1f: Pushed
latest: digest: sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221 size: 528

从仓库拉取镜像

#先查看一次镜像
docker image ls
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
alpine                  latest              a187dde48cd2        3 weeks ago         5.6MB
127.0.0.1:5000/alpine   latest              a187dde48cd2        3 weeks ago         5.6MB
registry                latest              708bc6af7e5e        2 months ago        25.8MB

#删除本地镜像
docker rmi 127.0.0.1:5000/alpine
Untagged: 127.0.0.1:5000/alpine:latest
Untagged: 127.0.0.1:5000/alpine@sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221

#再次查看,发现127.0.0.1:5000/alpine的镜像不见了
docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
alpine              latest              a187dde48cd2        3 weeks ago         5.6MB
registry            latest              708bc6af7e5e        2 months ago        25.8MB

#从私有仓库拉取
docker pull 127.0.0.1:5000/alpine
Using default tag: latest
latest: Pulling from alpine
Digest: sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221
Status: Downloaded newer image for 127.0.0.1:5000/alpine:latest
127.0.0.1:5000/alpine:latest

#再次查看
docker image ls
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1:5000/alpine   latest              a187dde48cd2        3 weeks ago         5.6MB
alpine                  latest              a187dde48cd2        3 weeks ago         5.6MB
registry                latest              708bc6af7e5e        2 months ago        25.8MB

查看仓库中的镜像

curl 127.0.0.1:5000/v2/_catalog
{"repositories":["alpine"]}

常见问题:
推送127.0.0.1:5000可以,推送到本机的内网ip不可以

docker tag alpine 192.168.199.109:5000/alpine
docker push 192.168.199.109:5000/alpine
The push refers to repository [192.168.199.109:5000/alpine]
Get https://192.168.199.109:5000/v2/: http: server gave HTTP response to HTTPS client

这是因为Docker仓库默认只允许https方式推送镜像.跳过这个限制的话,可以在daemon.json里添加insecure-registries配置

vi /etc/docker/daemon.json
{
  "insecure-registries": [
    "192.168.199.109:5000"
  ]
}

Mac下比较简单
任务栏->Prefenerces->Docker Engine

docker push 192.168.199.109:5000/alpine
The push refers to repository [192.168.199.109:5000/alpine]
beee9f30bc1f: Layer already exists
latest: digest: sha256:cb8a924afdf0229ef7515d9e5b3024e23b3eb03ddbba287f4a19c6ac90b8d221 size: 528

再次推送成功.
Windows估计也类似吧.

除了官方的Registry外,还有第三方软件实现了类似功能.比如:Harbor和Sonatype Nexus。
下节一起聊聊Nexus.


相关博文

About rainbird

IOS攻城狮
This entry was posted in K8S and tagged , , , , , , , , , , . Bookmark the permalink.

发表评论