Back
Featured image of post 使用 docker 搭建搭建私有仓库 ~ Registry

使用 docker 搭建搭建私有仓库 ~ Registry

【摘要】 完成镜像制作之后,需要通过渠道将镜像分发出去 公有仓库:除了Docker官方的DockerHub之外,国内也有很多的公有镜像仓库可以用于镜像分发:docker中国官方库、阿里云镜像仓库等等。

前言

完成镜像制作之后,需要通过渠道将镜像分发出去

  • 公有仓库:除了Docker官方的DockerHub之外,国内也有很多的公有镜像仓库可以用于镜像分发:docker中国官方库、阿里云镜像仓库等等。
  • 私有仓库:如果制作的镜像只是在企业内为各个项目组服务,就不可能上传到公有仓库,而是需要企业内部搭建私有仓库。

目前广泛应用的Docker 官方提供的私有仓库是Docker Registry V2,下面我们就来学习一下如何搭建及使用它。

安装 docker

让apt可以支持HTTPS

$ apt install apt-transport-https ca-certificates curl software-properties-common -y

将官方Docker库的GPG公钥添加到系统中

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 

# 阿里源
$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

将Docker库添加到APT里

# 官方源
$ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"

# 阿里源
$ add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable"
# echo "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable" >> /etc/apt/source.list

更新包列表

$ apt update 

为了确保修改生效,让新的安装从Docker库里获取,而不是从Ubuntu自己的库里获取,执行:

$ apt-cache policy docker-ce

安装 docker-ce

$ apt install -y docker-ce

配置 docker 阿里源镜像地址

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
	"registry-mirrors": ["https://nol6uuul.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

踩坑: 我用了阿里云的镜像地址反而无法拉取 kind 的镜像, 此时需要删除阿里源

检查 docker 运行状态

$ systemctl status docker 
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-01-05 16:02:08 CST; 17min ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 241165 (dockerd)
      Tasks: 12
     Memory: 29.6M
     CGroup: /system.slice/docker.service
             └─241165 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Jan 05 16:02:08 master1 dockerd[241165]: time="2024-01-05T16:02:08.136300388+08:00" level=info msg="Docker daemon" commit=311b9ff graphdriver=overla>
Jan 05 16:02:08 master1 dockerd[241165]: time="2024-01-05T16:02:08.136351488+08:00" level=info msg="Daemon has completed initialization"
Jan 05 16:02:08 master1 dockerd[241165]: time="2024-01-05T16:02:08.254789219+08:00" level=info msg="API listen on /run/docker.sock"
Jan 05 16:02:08 master1 systemd[1]: Started Docker Application Container Engine.
Jan 05 16:02:46 master1 dockerd[241165]: time="2024-01-05T16:02:46.543587374+08:00" level=warning msg="Error persisting manifest" digest="sha256:2fc>
Jan 05 16:03:38 master1 dockerd[241165]: time="2024-01-05T16:03:38.612170892+08:00" level=info msg="ignoring event" container=6d8d34f0066bde04811038>
Jan 05 16:04:50 master1 dockerd[241165]: time="2024-01-05T16:04:50.406175352+08:00" level=info msg="ignoring event" container=504632135d04b87b5ed83f>
Jan 05 16:05:35 master1 dockerd[241165]: time="2024-01-05T16:05:35.656175212+08:00" level=error msg="Error setting up exec command in container 5046>
Jan 05 16:09:52 master1 dockerd[241165]: time="2024-01-05T16:09:52.944844810+08:00" level=info msg="Layer sha256:a87ab3c028db3c73f360b49c9dcd171e236>
Jan 05 16:09:52 master1 dockerd[241165]: time="2024-01-05T16:09:52.946428917+08:00" level=info msg="Layer sha256:82ae998286b2bba64ce571578647adcabef>
lines 1-21/21 (END)

安装 registry:2

$ docker pull registry:2

启动 registry

$ docker run -d -v /opt/registry:/var/lib/registry --restart always -p 5000:5000 --name registry registry:2
# -v  让镜像存在本机, 而非容器
# -p  暴露端口
# --restart  运行失败, 总是尝试重启容器

推送镜像

修改 docker config

由于 docker push 只接受 https 协议, 我们需要修改 docker 配置文件, 使其非安全访问

sudo tee /etc/docker/daemon.json <<-'EOF'
{
	"registry-mirrors": ["https://nol6uuul.mirror.aliyuncs.com"],
	"insecure-registries": ["11.0.1.157:5000"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

推送 nginx 到 registry

$ docker pull nginx

# 修改 tag为: registry地址/username/projectname:version
$ docker tag nginx 11.0.1.157:5000/mkt/nginx:v1

# 推送镜像
$ docker push 11.0.1.157:5000/mkt/nginx:v1
d874fd2bc83b: Pushed
32ce5f6a5106: Pushed
f1db227348d0: Pushed
b8d6e692a25e: Pushed
e379e8aedd4d: Pushed
2edcec3590a4: Pushed
v1: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570

查看 registry 的所有镜像

$ curl http://11.0.1.157:5000/v2/_catalog
{"repositories":["mkt/nginx"]}