部署docker-registry私有仓库

部署docker-registry私有仓库

创建文件夹

  sudo mkdir -p /var/docker-data/{registry,certs,auth}
​
sudo openssl req -subj '/C=CN/ST=GD/L=GZ/CN=192.192.49.87'\
  -newkey rsa:4096 -nodes -sha256 -keyout /var/docker-data/certs/domain.key \
  -x509 -days 365 -out /var/docker-data/certs/domain.crt
  
sudo mkdir -p /etc/docker/certs.d/192.192.49.87
sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
​
#可能需要OS级信任
sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
sudo update-ca-trust
​
docker container stop registry && docker container rm -v registry

启动

  docker run -d \
  --restart=always \
  --name registry \
  -v /var/docker-data/certs:/certs \
  -v /var/docker-data/auth:/auth \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -e REGISTRY_STORAGE_DELETE_ENABLED="true" \
  -p 443:443 \
 registry:2

查看镜像

  curl -X GET --insecure  https://192.192.49.87/v2/_catalog

客户端配置

  sudo mkdir -p /etc/docker/certs.d/192.192.49.87
sudo cp /var/docker-data/certs/domain.crt /etc/docker/certs.d/192.192.49.87/ca.crt
​
#可能需要OS级信任
sudo cp /etc/dockercerts/domain.crt /etc/pki/ca-trust/source/anchors/192.192.49.87.crt
sudo update-ca-trust
​
#测试
sudo docker pull busybox
sudo docker tag busybox 192.192.49.87/busybox
sudo docker push 192.192.49.87/busybox
​

删除仓库镜像

  #先查找镜像的Docker-Content-Digest
curl -v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-X GET https://192.192.49.87/v2/busybox/manifests/latest 2>&1 | \
grep 'Docker-Content-Digest'| awk '{print ($3)}'
​
#再删除元数据
#允许删除 -e REGISTRY_STORAGE_DELETE_ENABLED="true"
curl-v -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \-X DELETE https://192.192.49.87/v2/busybox/manifests/<Docker-Content-Digest的值>
​
#容器内执行garbage-collect垃圾回收，清磁盘
docker exec -it registry /bin/registry \
garbage-collect /etc/docker/registry/config.yml

接入认证

  #用户admin，密码niot1234
docker run --entrypoint htpasswd registry:2 -Bbn admin niot1234 > /var/docker-data/auth/htpasswd
​
docker container stop registry
docker rm registry
​
#重启容器
docker run -d \
  --restart=always \
  --name registry \
  -v /var/docker-data/certs:/certs \
  -v /var/docker-data/auth:/auth \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -e REGISTRY_STORAGE_DELETE_ENABLED="true" \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -p 443:443 \
 registry:2

docker-compose 配置

安装

  sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
​
sudo chmod +x /usr/local/bin/docker-compose
​
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version

创建docker-registry-compose.yml

  registry:
  restart: always
 image: registry:2
 ports:
   - 443:443
 environment:
   REGISTRY_HTTP_ADDR: 0.0.0.0:443
   REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
   REGISTRY_HTTP_TLS_KEY: /certs/domain.key
#   REGISTRY_AUTH: htpasswd
#   REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
#   REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
 volumes:
   - /var/docker-data/registry:/var/lib/registry
   - /var/docker-data/certs:/certs
   - /var/docker-data/auth:/auth

启动

  sudo docker-compose -f docker-registry-compose.yml up -d

END