Docker Registry私有倉庫搭建
阿新 • • 發佈:2019-02-15
nco transfer api ret com and mach reg mman
部署registry
準備一個registry.mydocker.com 的證書
對私有registry取名registry.mydocker.com
啟動registry容器
[root@Docker_Machine_192.168.31.130 ~]# docker run -d -v /data/dokcer/local_registry/:/var/lib/registry/ -v /data/dokcer/docker_local_volume/registry_ssl/:/etc/docker/registry/ssl/ -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/registry/ssl/registry.mydocker.com.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/registry/ssl/registry.mydocker.com.key --restart=always --name registry.mydocker.com --hostname registry.mydocker.com registry [root@Docker_Machine_192.168.31.130 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9215e587ea8e registry "/entrypoint.sh /etc…" About an hour ago Up 20 minutes 5000/tcp registry.mydocker.com
配置ngx
server { listen 127.0.0.1:443 ssl; server_name registry.mydocker.com; include ssl_registry.mydocker.com.conf; include deny_file.conf; # disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0; # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) chunked_transfer_encoding on; location /v2/ { # Do not allow connections from docker 1.5 and earlier # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { return 404; } proxy_pass https://172.17.0.2:5000; proxy_set_header Host $host; expires off; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /data/logs/$host.log access; }
常用手段
push
push 鏡像前,需要tag在push
[root@Docker_Machine_192.168.31.130 ~]# docker tag me/percona-server-5.7.23.24 registry.mydocker.com/mysql/percona-server-5.7.23.24 [root@Docker_Machine_192.168.31.130 ~]# docker push registry.mydocker.com/mysql/percona-server-5.7.23.24 The push refers to repository [registry.mydocker.com/mysql/percona-server-5.7.23.24] 7705ebebf110: Pushed 158db895cdd8: Pushed bcc97fbfc9e1: Pushed latest: digest: sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c size: 955
pull
[root@Docker_Machine_192.168.31.130 ~]# docker pull registry.mydocker.com/mysql/percona-server-5.7.23.24
Using default tag: latest
latest: Pulling from mysql/percona-server-5.7.23.24
Digest: sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
Status: Downloaded newer image for registry.mydocker.com/mysql/percona-server-5.7.23.24:latest
[root@Docker_Machine_192.168.31.130 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
me/percona-server-5.7.23.24 latest 5af5b8e6c4c8 2 months ago 775MB
registry.mydocker.com/mysql/percona-server-5.7.23.24 latest 5af5b8e6c4c8 2 months ago 775MB
垃圾回收
registry garbage-collect /etc/docker/registry/config.yml
[root@Docker_Machine_192.168.31.130 ~]# docker exec -it registry.mydocker.com sh
/ # registry garbage-collect /etc/docker/registry/config.yml
mysql/percona-server-5.7.23.24
mysql/percona-server-5.7.23.24: marking manifest sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
mysql/percona-server-5.7.23.24: marking blob sha256:5af5b8e6c4c84ed6945cd7a563b9128d8c0aa2107e2882aff6a5a27ef4c9b623
mysql/percona-server-5.7.23.24: marking blob sha256:7dc0dca2b1516961d6b3200564049db0a6e0410b370bb2189e2efae0d368616f
mysql/percona-server-5.7.23.24: marking blob sha256:554337fab389bc00d82df4a8deb7719c4f8898f458980d54ecc6b7edb65eb67f
mysql/percona-server-5.7.23.24: marking blob sha256:06fcba1e485b285ac7f3a5b54f6105b1e19504fc24b456252a0dcba8bd208adc
5 blobs marked, 0 blobs eligible for deletion
使用api
查看鏡像 GET /v2/_catalog
[root@Docker_Machine_192.168.31.130 ~]# curl https://registry.mydocker.com/v2/_catalog
{"repositories":["mysql/percona-server-5.7.23.24"]}
刪除鏡像
DELETE /v2/<name>/manifests/<reference>
name:鏡像名稱
reference: 鏡像對應sha256值
[root@Docker_Machine_192.168.31.130 ~]# curl -X DELETE https://registry.mydocker.com/v2/percona-server-5.7.23.24/manifests/sha256:a081a3396473904e67fd438b555576a41296057eeddf8af5f6cb2c93cc68064c
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
這種情況是私有倉庫不支持刪除操作,需要在配置文件config.yml中增加delete:enabled:true字段
具體參考https://docs.docker.com/registry/spec/api/
Authentication的加持
待續
參考https://docs.docker.com/registry/recipes/nginx/Registry私有倉庫搭建
Docker Registry私有倉庫搭建