1、安装 docker 环境参考https://blog.csdn.net/Kingairy/article/details/1613793572、准备 registry 镜像机器有外网访问权限直接 docker pull registry通过 docker images 查看本地镜像3、启动 registrydocker run -d -p 5000:5000 --restartalways --name registry registry:latestdocker ps -a 查看 registry 启动成功最简单的 Registry# 运行基础 registry docker run -d \ -p 5000:5000 \ --name registry \ registry:2 # 测试推送镜像 docker pull nginx:alpine docker tag nginx:alpine localhost:5000/nginx:alpine docker push localhost:5000/nginx:alpine查看镜像列表# 查看仓库中的镜像 curl http://localhost:5000/v2/_catalog # 查看镜像标签 curl http://localhost:5000/v2/nginx/tags/list带持久化存储的 Registry使用本地存储# 创建数据目录 mkdir -p /data/registry # 运行带持久化的 registry docker run -d \ -p 5000:5000 \ --name registry \ -v /data/registry:/var/lib/registry \ registry:2使用 Docker Composeversion: 3 services: registry: image: registry:2 container_name: registry restart: always ports: - 5000:5000 volumes: - ./data:/var/lib/registry - ./config:/etc/docker/registry environment: - REGISTRY_STORAGE_DELETE_ENABLEDtrue配置 HTTPS 安全连接生成自签名证书# 创建证书目录 mkdir -p /data/certs cd /data/certs # 生成自签名证书 openssl req \ -newkey rsa:4096 -nodes -sha256 \ -keyout domain.key \ -x509 -days 365 \ -out domain.crt \ -subj /CNregistry.example.com运行 HTTPS Registrydocker run -d \ -p 443:443 \ --name registry \ -v /data/certs:/certs \ -v /data/registry:/var/lib/registry \ -e REGISTRY_HTTP_ADDR0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY/certs/domain.key \ registry:24、添加配置项HTTP 基本认证# 安装 htpasswd 工具 apt-get install apache2-utils -y # Ubuntu/Debian yum install httpd-tools -y # CentOS/RHEL # 创建认证文件 mkdir /data/auth htpasswd -Bbn admin password123 /data/auth/htpasswd/etc/sysconfig/docker 添加 --insecure-registry 127.0.0.1:5000或 /etc/docker/daemon 里加 {insecure-registries:[127.0.0.1:5000]}可以通过http的方式连接docker-registry然后重启docker curl http://127.0.0.1:5000/v2/_catalog 测试下服务是否 OK运行带认证的 Registrydocker run -d \ -p 5000:5000 \ --name registry \ -v /data/auth:/auth \ -v /data/registry:/var/lib/registry \ -e REGISTRY_AUTHhtpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALMRegistry Realm \ -e REGISTRY_AUTH_HTPASSWD_PATH/auth/htpasswd \ registry:2 # 登录 registry docker login localhost:5000 -u admin -p password1235、登录进 registry配置 Docker 守护进程Linux(/etc/docker/daemon.json):{ insecure-registries: [registry.example.com:5000], registry-mirrors: [https://registry.example.com] }重启 Docker:sudo systemctl restart docker客户端使用# 登录 docker login registry.example.com -u admin -p password123 # 推送镜像 docker tag myapp:latest registry.example.com/myapp:latest docker push registry.example.com/myapp:latest # 拉取镜像 docker pull registry.example.com/myapp:latest未配置加密选项可任意账号密码登录docker login 127.0.0.1:5000拉取已有 image下来然后导入到刚刚run起来的docker-registry里6、上传镜像根据docker file 创建镜像https://blog.csdn.net/Kingairy/article/details/161380228本地上传到仓库docker push 127.0.0.1:5050/image/test:v1 docker tag 127.0.0.1:5050/image/test:v1 127.0.0.1:5050/image/test:1.0.07. 管理和维护垃圾回收# 进入容器执行垃圾回收 docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml # 或使用 API docker exec registry bin/registry garbage-collect --delete-untagged /etc/docker/registry/config.yml备份脚本#!/bin/bash # backup-registry.sh BACKUP_DIR/backup/registry DATE$(date %Y%m%d_%H%M%S) REGISTRY_DATA/data/registry # 创建备份 tar -czf $BACKUP_DIR/registry_backup_$DATE.tar.gz $REGISTRY_DATA # 删除7天前的备份 find $BACKUP_DIR -name registry_backup_* -mtime 7 -delete echo Backup completed: registry_backup_$DATE.tar.gz监控脚本#!/bin/bash # monitor-registry.sh # 检查 registry 健康状态 curl -k https://localhost:5000/v2/ # 统计镜像数量 curl -s https://localhost:5000/v2/_catalog | python -m json.tool # 获取磁盘使用 docker exec registry du -sh /var/lib/registry # 查看日志 docker logs --tail 50 registry8. Kubernetes 部署apiVersion: apps/v1 kind: Deployment metadata: name: registry spec: replicas: 1 selector: matchLabels: app: registry template: metadata: labels: app: registry spec: containers: - name: registry image: registry:2 ports: - containerPort: 5000 volumeMounts: - name: registry-data mountPath: /var/lib/registry - name: registry-config mountPath: /etc/docker/registry env: - name: REGISTRY_STORAGE_DELETE_ENABLED value: true volumes: - name: registry-data persistentVolumeClaim: claimName: registry-pvc - name: registry-config configMap: name: registry-config --- apiVersion: v1 kind: Service metadata: name: registry spec: type: NodePort ports: - port: 5000 targetPort: 5000 nodePort: 30500 selector: app: registry
Docker registry 搭建
1、安装 docker 环境参考https://blog.csdn.net/Kingairy/article/details/1613793572、准备 registry 镜像机器有外网访问权限直接 docker pull registry通过 docker images 查看本地镜像3、启动 registrydocker run -d -p 5000:5000 --restartalways --name registry registry:latestdocker ps -a 查看 registry 启动成功最简单的 Registry# 运行基础 registry docker run -d \ -p 5000:5000 \ --name registry \ registry:2 # 测试推送镜像 docker pull nginx:alpine docker tag nginx:alpine localhost:5000/nginx:alpine docker push localhost:5000/nginx:alpine查看镜像列表# 查看仓库中的镜像 curl http://localhost:5000/v2/_catalog # 查看镜像标签 curl http://localhost:5000/v2/nginx/tags/list带持久化存储的 Registry使用本地存储# 创建数据目录 mkdir -p /data/registry # 运行带持久化的 registry docker run -d \ -p 5000:5000 \ --name registry \ -v /data/registry:/var/lib/registry \ registry:2使用 Docker Composeversion: 3 services: registry: image: registry:2 container_name: registry restart: always ports: - 5000:5000 volumes: - ./data:/var/lib/registry - ./config:/etc/docker/registry environment: - REGISTRY_STORAGE_DELETE_ENABLEDtrue配置 HTTPS 安全连接生成自签名证书# 创建证书目录 mkdir -p /data/certs cd /data/certs # 生成自签名证书 openssl req \ -newkey rsa:4096 -nodes -sha256 \ -keyout domain.key \ -x509 -days 365 \ -out domain.crt \ -subj /CNregistry.example.com运行 HTTPS Registrydocker run -d \ -p 443:443 \ --name registry \ -v /data/certs:/certs \ -v /data/registry:/var/lib/registry \ -e REGISTRY_HTTP_ADDR0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY/certs/domain.key \ registry:24、添加配置项HTTP 基本认证# 安装 htpasswd 工具 apt-get install apache2-utils -y # Ubuntu/Debian yum install httpd-tools -y # CentOS/RHEL # 创建认证文件 mkdir /data/auth htpasswd -Bbn admin password123 /data/auth/htpasswd/etc/sysconfig/docker 添加 --insecure-registry 127.0.0.1:5000或 /etc/docker/daemon 里加 {insecure-registries:[127.0.0.1:5000]}可以通过http的方式连接docker-registry然后重启docker curl http://127.0.0.1:5000/v2/_catalog 测试下服务是否 OK运行带认证的 Registrydocker run -d \ -p 5000:5000 \ --name registry \ -v /data/auth:/auth \ -v /data/registry:/var/lib/registry \ -e REGISTRY_AUTHhtpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALMRegistry Realm \ -e REGISTRY_AUTH_HTPASSWD_PATH/auth/htpasswd \ registry:2 # 登录 registry docker login localhost:5000 -u admin -p password1235、登录进 registry配置 Docker 守护进程Linux(/etc/docker/daemon.json):{ insecure-registries: [registry.example.com:5000], registry-mirrors: [https://registry.example.com] }重启 Docker:sudo systemctl restart docker客户端使用# 登录 docker login registry.example.com -u admin -p password123 # 推送镜像 docker tag myapp:latest registry.example.com/myapp:latest docker push registry.example.com/myapp:latest # 拉取镜像 docker pull registry.example.com/myapp:latest未配置加密选项可任意账号密码登录docker login 127.0.0.1:5000拉取已有 image下来然后导入到刚刚run起来的docker-registry里6、上传镜像根据docker file 创建镜像https://blog.csdn.net/Kingairy/article/details/161380228本地上传到仓库docker push 127.0.0.1:5050/image/test:v1 docker tag 127.0.0.1:5050/image/test:v1 127.0.0.1:5050/image/test:1.0.07. 管理和维护垃圾回收# 进入容器执行垃圾回收 docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml # 或使用 API docker exec registry bin/registry garbage-collect --delete-untagged /etc/docker/registry/config.yml备份脚本#!/bin/bash # backup-registry.sh BACKUP_DIR/backup/registry DATE$(date %Y%m%d_%H%M%S) REGISTRY_DATA/data/registry # 创建备份 tar -czf $BACKUP_DIR/registry_backup_$DATE.tar.gz $REGISTRY_DATA # 删除7天前的备份 find $BACKUP_DIR -name registry_backup_* -mtime 7 -delete echo Backup completed: registry_backup_$DATE.tar.gz监控脚本#!/bin/bash # monitor-registry.sh # 检查 registry 健康状态 curl -k https://localhost:5000/v2/ # 统计镜像数量 curl -s https://localhost:5000/v2/_catalog | python -m json.tool # 获取磁盘使用 docker exec registry du -sh /var/lib/registry # 查看日志 docker logs --tail 50 registry8. Kubernetes 部署apiVersion: apps/v1 kind: Deployment metadata: name: registry spec: replicas: 1 selector: matchLabels: app: registry template: metadata: labels: app: registry spec: containers: - name: registry image: registry:2 ports: - containerPort: 5000 volumeMounts: - name: registry-data mountPath: /var/lib/registry - name: registry-config mountPath: /etc/docker/registry env: - name: REGISTRY_STORAGE_DELETE_ENABLED value: true volumes: - name: registry-data persistentVolumeClaim: claimName: registry-pvc - name: registry-config configMap: name: registry-config --- apiVersion: v1 kind: Service metadata: name: registry spec: type: NodePort ports: - port: 5000 targetPort: 5000 nodePort: 30500 selector: app: registry
