因为生产情况下官方容器还是比较慢的,所以会用到自建docker仓库。docker官方提供完整部署仓库的容器,你只需要提供域名证书,把文件系统挂载到容器,一个用户密码文件就可以使用基本的仓库功能了。数据灾备的话因为使用本地或者第三方存储所以都有很成熟的方案,很方便了。
启动一个registry容器[iyunv@salt-node1distribution-master]# docker run -d -p 0.0.0.0:5000:5000 --name registryregistry:2 9ed2f91a7056f1109d2146122930b12f7d077a5404f621647d12eeeb29725260
提交一个本地的镜像到本地仓库 [iyunv@salt-node1 ~]#docker tag redis localhost:5000/redis [iyunv@salt-node1 ~]#docker push localhost:5000/redis The push refers to arepository [localhost:5000/redis] 4cefd98bbdaf: Pushed 552b670af774: Pushed af287523a42a: Pushed c235d5b4caa3: Pushed 307248831aca: Pushed 387483b2c715: Pushed a2ae92ffcd29: Pushed latest: digest:sha256:b41356be6cc70109a9fb6e53e39e930ece67f89189d4453be920f668e1225a06 size:1783
下面情况是因为你本地仓库如果不进行证书认证只能127.0.0.1访问,所以我们要创建密钥 [iyunv@salt-node1 ~]#docker tag redis 192.168.198.116:5000/redis [iyunv@salt-node1 ~]#docker push 192.168.198.116:5000/redis The push refers to arepository [192.168.198.116:5000/redis]
配置一个域名给余名准备一个加密证书,启动容器 docker run -d -p5000:5000 --restart=always --name registry \ -v /etc/docker/certs:/certs \ -eREGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2
重新提交镜像 [iyunv@salt-node2 ~]#docker tag redis registry.nginxs.net:5000/redis [iyunv@salt-node2 ~]#docker push registry.nginxs.net:5000/redis The push refers to arepository [registry.nginxs.net:5000/redis] 4cefd98bbdaf: Pushed 552b670af774: Pushed af287523a42a: Pushed c235d5b4caa3: Pushed 307248831aca: Pushed 387483b2c715: Pushed a2ae92ffcd29: Pushed latest: digest:sha256:b41356be6cc70109a9fb6e53e39e930ece67f89189d4453be920f668e1225a06 size:1783
给服务添加一个用户验证第一步创建用户密码文件,并修改文件权限 [iyunv@salt-node1docker]# htpasswd -Bbn baishaohua nginxs.net >>/etc/docker/certs/htpasswd [iyunv@salt-node1docker]# chmod 600 /etc/docker/certs/htpasswd 第二步启动容器 dockerrun -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd"\
-e"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-eREGISTRY_AUTH_HTPASSWD_PATH=/certs/htpasswd \
-v /etc/docker/certs:/certs \
-eREGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-eREGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
测试登录 [iyunv@salt-node3 ~]#docker login registry.nginxs.net:5000 Username (testuser):baishaohua Password: Login Succeeded
|