前言
完成镜像制作之后,需要通过渠道将镜像分发出去
- 公有仓库:除了Docker官方的DockerHub之外,国内也有很多的公有镜像仓库可以用于镜像分发:docker中国官方库、阿里云镜像仓库等等。
- 私有仓库:如果制作的镜像只是在企业内为各个项目组服务,就不可能上传到公有仓库,而是需要企业内部搭建私有仓库。
目前广泛应用的Docker 官方提供的私有仓库是Docker Registry V2,下面我们就来学习一下如何搭建及使用它。
安装 docker
让apt可以支持HTTPS
$ apt install apt-transport-https ca-certificates curl software-properties-common -y
将官方Docker库的GPG公钥添加到系统中
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# 阿里源
$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
将Docker库添加到APT里
# 官方源
$ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
# 阿里源
$ add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable"
# echo "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable" >> /etc/apt/source.list
更新包列表
$ apt update
为了确保修改生效,让新的安装从Docker库里获取,而不是从Ubuntu自己的库里获取,执行:
$ apt-cache policy docker-ce
安装 docker-ce
$ apt install -y docker-ce
配置 docker 阿里源镜像地址
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://nol6uuul.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
踩坑: 我用了阿里云的镜像地址反而无法拉取 kind 的镜像, 此时需要删除阿里源
检查 docker 运行状态
$ systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2024-01-05 16:02:08 CST; 17min ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 241165 (dockerd)
Tasks: 12
Memory: 29.6M
CGroup: /system.slice/docker.service
└─241165 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jan 05 16:02:08 master1 dockerd[241165]: time="2024-01-05T16:02:08.136300388+08:00" level=info msg="Docker daemon" commit=311b9ff graphdriver=overla>
Jan 05 16:02:08 master1 dockerd[241165]: time="2024-01-05T16:02:08.136351488+08:00" level=info msg="Daemon has completed initialization"
Jan 05 16:02:08 master1 dockerd[241165]: time="2024-01-05T16:02:08.254789219+08:00" level=info msg="API listen on /run/docker.sock"
Jan 05 16:02:08 master1 systemd[1]: Started Docker Application Container Engine.
Jan 05 16:02:46 master1 dockerd[241165]: time="2024-01-05T16:02:46.543587374+08:00" level=warning msg="Error persisting manifest" digest="sha256:2fc>
Jan 05 16:03:38 master1 dockerd[241165]: time="2024-01-05T16:03:38.612170892+08:00" level=info msg="ignoring event" container=6d8d34f0066bde04811038>
Jan 05 16:04:50 master1 dockerd[241165]: time="2024-01-05T16:04:50.406175352+08:00" level=info msg="ignoring event" container=504632135d04b87b5ed83f>
Jan 05 16:05:35 master1 dockerd[241165]: time="2024-01-05T16:05:35.656175212+08:00" level=error msg="Error setting up exec command in container 5046>
Jan 05 16:09:52 master1 dockerd[241165]: time="2024-01-05T16:09:52.944844810+08:00" level=info msg="Layer sha256:a87ab3c028db3c73f360b49c9dcd171e236>
Jan 05 16:09:52 master1 dockerd[241165]: time="2024-01-05T16:09:52.946428917+08:00" level=info msg="Layer sha256:82ae998286b2bba64ce571578647adcabef>
lines 1-21/21 (END)
安装 registry:2
$ docker pull registry:2
启动 registry
$ docker run -d -v /opt/registry:/var/lib/registry --restart always -p 5000:5000 --name registry registry:2
# -v 让镜像存在本机, 而非容器
# -p 暴露端口
# --restart 运行失败, 总是尝试重启容器
推送镜像
修改 docker config
由于 docker push 只接受 https 协议, 我们需要修改 docker 配置文件, 使其非安全访问
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://nol6uuul.mirror.aliyuncs.com"],
"insecure-registries": ["11.0.1.157:5000"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
推送 nginx 到 registry
$ docker pull nginx
# 修改 tag为: registry地址/username/projectname:version
$ docker tag nginx 11.0.1.157:5000/mkt/nginx:v1
# 推送镜像
$ docker push 11.0.1.157:5000/mkt/nginx:v1
d874fd2bc83b: Pushed
32ce5f6a5106: Pushed
f1db227348d0: Pushed
b8d6e692a25e: Pushed
e379e8aedd4d: Pushed
2edcec3590a4: Pushed
v1: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570
查看 registry 的所有镜像
$ curl http://11.0.1.157:5000/v2/_catalog
{"repositories":["mkt/nginx"]}