Docker自建仓库之Docker Registry部署实战

作者：尹正杰
版权声明：原创作品，谢绝转载！否则将追究法律责任。

　　本篇博客将介绍通过官方提供的docker registry 镜像来简单搭建一套本地私有仓库环境,生产环境中很少有人使用docker registry,因为它没有管理界面，这一点对于运维人员并不友好,而对于开发人员其实有没有管理界面都无所谓。

一.Docker Registry概述

　　Docker Registry作为Docker的核心组件之一负责镜像内容的存储和分发，客户端的docker pull以及push命令都将直接与registry进行交互。  

　　最初版本的registry由python实现，由于设计初期在安全性，性能以及API的设计上有着诸多的缺陷,该版本在0.9之后停止了开发,由新的项目distribution(新docker register被称为Distribution)来重新设计并开发下一代registry,新的项目由Golang开发。  

　　所有的API,底层存储方式,系统架构都进行了全方面的重新设计以解决上一代registry中存在的问题日，2016年4月份registry 2.0正式发布，docker 1.6版本开始支持registry 2.0,而八月份随着docker 1.8发布,docker hub正式启用2.1版本registry全面替代之前版本registry，新版registry对镜像存储格式进行了重新设计并和旧版本不兼容,docker 1.5和之前的版本无法读取2.0的镜像。  

　　另外,Registry 2.4版本之后支持了回收站机制，也就是可以删除镜像了，在2.4版本之前是无法支持删除镜像的，所以如果你要使用最好是大于Registry 2.4版本的哟~

二.搭建单机仓库

1>.下载Docker Registry镜像

[root@docker101.yinzhengjie.org.cn ~]# docker image pull registry
Using default tag: latest
latest: Pulling from library/registry
486039affc0a: Pull complete 
ba51a3b098e6: Pull complete 
8bb4c43d6c8e: Pull complete 
6f5f453e5f2d: Pull complete 
42bc10b72f42: Pull complete 
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@docker101.yinzhengjie.org.cn ~]#

2>.创建授权使用目录

[root@docker101.yinzhengjie.org.cn ~]# mkdir -pv /yinzhengjie/data/docker/auth
mkdir: created directory ‘/yinzhengjie/data’
mkdir: created directory ‘/yinzhengjie/data/docker’
mkdir: created directory ‘/yinzhengjie/data/docker/auth’
[root@docker101.yinzhengjie.org.cn ~]#

3>.创建创建用户名和密码

[root@docker101.yinzhengjie.org.cn ~]# cd /yinzhengjie/data/docker/
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# ll
total 0
drwxr-xr-x 2 root root 6 Jan 27 18:21 auth
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# docker run --entrypoint htpasswd registry -Bbn jason 2020 > auth/htpasswd
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# ll auth/
total 4
-rw-r--r-- 1 root root 68 Jan 27 18:21 htpasswd
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# cat auth/htpasswd 
jason:$2y$05$Gzol9U5vYUMe2kEaUEj03OA2bAKnhK3CnZJFOzv2ljAqrawW/db4e

[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]# 
[root@docker101.yinzhengjie.org.cn /yinzhengjie/data/docker]#

4>.启动docker registry

[root@docker101.yinzhengjie.org.cn ~]# ss -ntl
State      Recv-Q Send-Q                                                                                          Local Address:Port                                                                                                         Peer Address:Port              
LISTEN     0      128                                                                                                         *:22                                                                                                                      *:*                  
LISTEN     0      128                                                                                                        :::22                                                                                                                     :::*                  
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker container ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker container run -d -p 6000:5000 --restart=always --name myRegistry01 -v /yinzhengjie/data/docker/auth/:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry
b06b6468313a577d5b33f92e70f7e5843b0a5cdd1d0793eaa5bf96be9ffdf14d
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# ss -ntl
State      Recv-Q Send-Q                                                                                          Local Address:Port                                                                                                         Peer Address:Port              
LISTEN     0      128                                                                                                         *:22                                                                                                                      *:*                  
LISTEN     0      20480                                                                                                      :::6000                                                                                                                   :::*                  
LISTEN     0      128                                                                                                        :::22                                                                                                                     :::*                  
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker container ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
b06b6468313a        registry            "/entrypoint.sh /etc…"   8 seconds ago       Up 7 seconds        0.0.0.0:6000->5000/tcp   myRegistry01
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker container exec -it myRegistry01 sh
/ # 
/ # netstat -untalp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 :::5000                 :::*                    LISTEN      1/registry
/ # 
/ # exit
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]#

5>.验证端口和容器

6>.测试登录仓库

[root@docker101.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json 
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"],
  "insecure-registries":["docker101.yinzhengjie.org.cn:6000"]
}
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker login docker101.yinzhengjie.org.cn:6000
Username: jason
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]#

[root@docker101.yinzhengjie.org.cn ~]# docker info
Client:
 Debug Mode: false

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 27
 Server Version: 19.03.5
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.84GiB
 Name: docker101.yinzhengjie.org.cn
 ID: ZPMZ:2YLN:PQIW:2CN4:GYX6:LAV5:4WMX:U2PH:GIDV:R363:TQI3:QP2O
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: yinzhengjie2019
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  docker101.yinzhengjie.org.cn:6000
  127.0.0.0/8
 Registry Mirrors:
  https://tuv7rqqq.mirror.aliyuncs.com/
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
[root@docker101.yinzhengjie.org.cn ~]#

[root@docker101.yinzhengjie.org.cn ~]# docker info

7>.使用yum方式安装Docker Registry服务

　　博主推荐阅读:
　　　　https://www.cnblogs.com/yinzhengjie/p/11706627.html

三.验证Docker Registry

1>.在"docker101.yinzhengjie.org.cn"登陆后上传镜像

[root@docker101.yinzhengjie.org.cn ~]# docker image ls
REPOSITORY                                                TAG                   IMAGE ID            CREATED             SIZE
centos-haproxy                                            v1.8.20               1858fe05d96f        3 days ago          606MB
registry                                                  latest                708bc6af7e5e        3 days ago          25.8MB
tomcat-app01                                              v0.1                  bf45c22f2d5b        4 days ago          983MB
tomcat-base                                               8.5.50                9ff79f369094        5 days ago          968MB
jdk-base                                                  1.8.0_231             0f63a97ddc85        5 days ago          953MB
centos-base                                               7.6.1810              b4931fd9ace2        5 days ago          551MB
centos                                                    centos7.6.1810        f1cb7c7d58b7        10 months ago       202MB
yinzhengjie2019/centos                                    v0.1_centos7.6.1810   f1cb7c7d58b7        10 months ago       202MB
registry.cn-beijing.aliyuncs.com/yinzhengjie2020/centos   v0.1_centos7.6.1810   f1cb7c7d58b7        10 months ago       202MB
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker image tag centos-base:7.6.1810 docker101.yinzhengjie.org.cn:6000/jason/centos-base:v7.6.1810
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker image ls
REPOSITORY                                                TAG                   IMAGE ID            CREATED             SIZE
centos-haproxy                                            v1.8.20               1858fe05d96f        3 days ago          606MB
registry                                                  latest                708bc6af7e5e        3 days ago          25.8MB
tomcat-app01                                              v0.1                  bf45c22f2d5b        4 days ago          983MB
tomcat-base                                               8.5.50                9ff79f369094        5 days ago          968MB
jdk-base                                                  1.8.0_231             0f63a97ddc85        5 days ago          953MB
centos-base                                               7.6.1810              b4931fd9ace2        5 days ago          551MB
docker101.yinzhengjie.org.cn:6000/jason/centos-base       v7.6.1810             b4931fd9ace2        5 days ago          551MB
centos                                                    centos7.6.1810        f1cb7c7d58b7        10 months ago       202MB
yinzhengjie2019/centos                                    v0.1_centos7.6.1810   f1cb7c7d58b7        10 months ago       202MB
registry.cn-beijing.aliyuncs.com/yinzhengjie2020/centos   v0.1_centos7.6.1810   f1cb7c7d58b7        10 months ago       202MB
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# 
[root@docker101.yinzhengjie.org.cn ~]# docker image push docker101.yinzhengjie.org.cn:6000/jason/centos-base:v7.6.1810 
The push refers to repository [docker101.yinzhengjie.org.cn:6000/jason/centos-base]
0f448859d86e: Pushed 
89169d87dbe2: Pushed 
v7.6.1810: digest: sha256:62c5a70f2846bd7f8ecd65785e379d0e00acf33ae899f0ec96754a3731b2d425 size: 742
[root@docker101.yinzhengjie.org.cn ~]#

2>.在"docker102.yinzhengjie.org.cn"登陆后下载镜像