Docker私有仓库

一、 Registry

Registry镜像文件
文件提取码:ekli

该仓库没有多用户和多项目的概念。

1.启动仓库

docker load -i 镜像名称:版本 加载仓库镜像
docker run -d -p 宿主机端口:容器端口 --name 容器名称 -v 宿主机目录:容器目录 镜像名称:版本 #启动仓库
[root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/docker/registry:/var/lib/registry registry 
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
486039affc0a: Pull complete 
ba51a3b098e6: Pull complete 
8bb4c43d6c8e: Pull complete 
6f5f453e5f2d: Pull complete 
42bc10b72f42: Pull complete 
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:latest
176a6f5ffb02d50946f8712822aef61835a076f43d142af6a0b285b3af3f2a01
[root@docker01 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
176a6f5ffb02        registry            "/entrypoint.sh /etc…"   11 seconds ago      Up 9 seconds        0.0.0.0:5000->5000/tcp   registry

2.修改配置文件信任仓库(首次使用仓库时配置)

配置文件:/etc/docker/daemon.json;重启生效

{

"registry-mirrors" : ["https://registry.docker-cn.com"], #官方仓库加速
"insecure-registries" : ["仓库地址:端口"] #信任私有仓

}

[root@docker02 ~]# cat /etc/docker/daemon.json 
{
    "registry-mirrors" : ["https://registry.docker-cn.com"], 
    "insecure-registries" : ["10.0.0.110:5000"]
}
[root@docker02 ~]# systemctl restart docker

3.上传镜像

上传镜像必须在docker images列表中

docker tag 镜像名称:版本 仓库地址:端口/镜像名称:版本 #为镜像打标签
docker image push 仓库地址:端口/镜像名称:版本 #上传镜像
[root@docker02 ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
alpine              latest              a24bb4013296        13 days ago         5.57
[root@docker02 ~]# docker tag alpine:latest 10.0.0.110:5000/alpine:latest
[root@docker02 ~]# docker images 
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
alpine                   latest              a24bb4013296        13 days ago         5.57MB
10.0.0.110:5000/alpine   latest              a24bb4013296        13 days ago         5.57MB
[root@docker02 ~]# docker push 10.0.0.110:5000/alpine:latest 
The push refers to repository [10.0.0.110:5000/alpine]
50644c29ef5a: Pushed 
latest: digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65 size: 528
# 验证
[root@docker01 ~]# cd /opt/docker/registry/
[root@docker01 /opt/docker/registry]# cd docker/registry/v2/repositories/
[root@docker01 /opt/docker/registry/docker/registry/v2/repositories]# ls
alpine
仓库地址:端口/v2/_catalog 查看镜像列表
仓库地址:端口/v2/镜像名/tag/list 查看镜像版本

4.下载镜像

docker image pull 仓库地址:端口/镜像名称:版本 #下载镜像
[root@docker02 ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@docker02 ~]# docker pull 10.0.0.110:5000/alpine:latest
latest: Pulling from alpine
df20fa9351a1: Pull complete 
Digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Status: Downloaded newer image for 10.0.0.110:5000/alpine:latest
10.0.0.110:5000/alpine:latest
[root@docker02 ~]# docker images 
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
10.0.0.110:5000/alpine   latest              a24bb4013296        13 days ago         5.57MB

二、Harbor

Harbor仓库下载地址

Harbor镜像文件
文件提取码:xho4

本文以离线安装为例

1.获取harbor镜像

tar xf 安装包名称
[root@docker01 ~]# mkdir /opt/package
[root@docker01 ~]# cd /opt/package/
[root@docker01 /opt/package]# ls
harbor-offline-installer-v1.10.3.tgz
[root@docker01 /opt/package]# tar xf harbor-offline-installer-v1.10.3.tgz 
[root@docker01 /opt/package]# rm -f harbor-offline-installer-v1.10.3.tgz 
[root@docker01 /opt/package]# ls
harbor
[root@docker01 /opt/package/harbor]# ls
common.sh  harbor.v1.10.3.tar.gz  harbor.yml  install.sh  LICENSE  prepare

2.配置harbor.yml文件

hostname: 域名 #指定Harbor域名或IP地址
http: #指定使用Http协议

port: 端口 #指定端口

harbor_admin_password: 密码 #指定Harbor初始管理员密码

[root@docker01 /opt/package/harbor]# grep -Ev '^$|#' harbor.yml |head -4 
hostname: 10.0.0.110
http:
  port: 80
harbor_admin_password: 123456

3.安装harbor

./install.sh #执行安装脚本
[root@docker01 /opt/package/harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.8

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0
......
Creating harbor-jobservice ... 
Creating nginx ... 
✔ ----Harbor has been installed and started successfully.----

4.修改配置文件信任仓库

配置文件:/etc/docker/daemon.json;重启生效

{

"insecure-registries" : ["仓库地址:端口"] #信任私有仓库

}

[root@docker02 ~]# cat /etc/docker/daemon.json
{
    "insecure-registries" : ["10.0.0.110:5000","10.0.0.110"]
}
[root@docker02 ~]# systemctl restart docker

5.登录仓库

不指定登录地址,默认登录官方仓库

登录信息默认保存在~/.docker/config.json文件中
docker login 仓库地址
[root@docker02 ~]# docker login 10.0.0.110
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
}[root@docker02 ~]# cat /root/.docker/config.json 
{
    "auths": {
        "10.0.0.110": {
            "auth": "YWRtaW46MTIzNDU2"                  #Base64解密
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/19.03.8 (linux)"
    }

6.上传镜像

上传镜像必须在docker images列表中

docker tag 镜像名称:版本 仓库地址:端口/项目名称/镜像名称:版本 #为镜像打标签
docker image push 仓库地址:端口/项目名称/镜像名称:版本 #上传镜像
[root@docker02 ~]# docker tag 10.0.0.110:5000/alpine:latest 10.0.0.110/aspenhan/alpine:latest
[root@docker02 ~]# docker push 10.0.0.110/aspenhan/alpine:latest 
The push refers to repository [10.0.0.110/aspenhan/alpine]
50644c29ef5a: Pushed 
latest: digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65 size: 528

7.下载镜像

docker image pull 仓库地址:端口/项目名称/镜像名称:版本 #下载镜像
[root@docker02 ~]# docker pull 10.0.0.110/aspenhan/alpine:latest
latest: Pulling from aspenhan/alpine
Digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Status: Image is up to date for 10.0.0.110/aspenhan/alpine:latest
10.0.0.110/aspenhan/alpine:latest


8.Harbor实现HTTPS访问

# 准备证书
[root@docker01 ~]# mkdir /opt/package/harbor/cert
[root@docker01 ~]# cd /opt/package/harbor/cert
[root@docker01 /opt/package/harbor/cert]# rz -E
rz waiting to receive.
[root@docker01 /opt/package/harbor/cert]# ls
3106863_aspenhan.com_nginx.zip
[root@docker01 /opt/package/harbor/cert]# unzip 3106863_aspenhan.com_nginx.zip 
Archive:  3106863_aspenhan.com_nginx.zip
Aliyun Certificate Download
  inflating: 3106863_aspenhan.com.pem  
  inflating: 3106863_aspenhan.com.key  
[root@docker01 /opt/package/harbor/cert]# rm -f *.zip
[root@docker01 /opt/package/harbor/cert]# ls
3106863_aspenhan.com.key  3106863_aspenhan.com.pem
修改harbor.yml文件
hostname: 域名 #指定Harbor域名
https:

port: 端口
certificate: 证书路径 #指定证书
private_key: 私钥路径 #指定私钥路径

harbor_admin_password: 密码

重装harbor
./install.sh

[root@docker01 /opt/package/harbor]# grep -Ev '^$|#' harbor.yml |head -6
hostname: aspenhan.com
https:
  port: 443
  certificate: /opt/package/harbor/cert/3106863_aspenhan.com.pem
  private_key: /opt/package/harbor/cert/3106863_aspenhan.com.key
harbor_admin_password: 123456
[root@docker01 /opt/package/harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.8

[Step 1]: checking docker-compose is installed ...
......
✔ ----Harbor has been installed and started successfully.----

# 验证测试
[root@docker01 /opt/package/harbor]# docker login aspenhan.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker01 /opt/package/harbor]# docker pull aspenhan.com/aspenhan/alpine:latest
latest: Pulling from aspenhan/alpine
df20fa9351a1: Pull complete 
Digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Status: Downloaded newer image for aspenhan.com/aspenhan/alpine:latest
aspenhan.com/aspenhan/alpine:latest
[root@docker01 /opt/package/harbor]# grep 10.0.0.110 /etc/hosts
10.0.0.110      docker01 aspenhan.com
使用Harbor仓库Web界面删除镜像时,存储空间不会立即被释放。需要点击垃圾清理->立即清理垃圾释放存储空间