Docker创建私有仓库
1.安装docker
docker私有库本身就是一个docker镜像,所以,首先要安装docker,然后启动这个镜像。关于安装docker的过程,参考另外一个文章:
安装docker过程记录
2.安装私有镜像库
首先,拉取私有镜像库
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker pull registry:2
2: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:2
docker.io/library/registry:2
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry 2 b8604a3fe854 3 weeks ago 26.2MB
这里拉取标签为2的镜像
然后,启动私有镜像的容器
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# mkdir -p /opt/data/registry
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker run --name local-regi -d -p 5000:5000 --restart=always -v /opt/data/registry:/var/lib/registry registry:2
cc672b3e0695adc0d1540ed46ae8253b6d32ed542560b8e8d3dbe1889dc1ef62
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc672b3e0695 registry:2 "/entrypoint.sh /etc…" 4 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp local-regi
执行结果可以看到,容器被启动,并映射了5000端口到本地。后面就将自己的镜像提交到私有镜像库。
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
my-proj latest 2cfa024db852 6 seconds ago 643MB
registry 2 b8604a3fe854 3 weeks ago 26.2MB
java 8 d23bdf5b1b1b 4 years ago 643MB
这里我构建了一个私有镜像"my-proj"
3.提交镜像
要将镜像提交到私有仓库,首先需要对docker声明私有镜像服务。
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:01:6e:2a brd ff:ff:ff:ff:ff:ff
inet 172.17.197.46/20 brd 172.17.207.255 scope global dynamic eth0
valid_lft 315358174sec preferred_lft 315358174sec
inet6 fe80::216:3eff:fe01:6e2a/64 scope link
valid_lft forever preferred_lft forever
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc672b3e0695 registry:2 "/entrypoint.sh /etc…" 15 minutes ago Up 15 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp local-regi
本机ip:172.17.197.46,已经启动了容器“local-regi”,映射端口5000
然后,在docker客户端注册私有镜像服务:
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "insecure-registries":["172.17.197.46:5000"]
> }
> EOF
{
"insecure-registries":["172.17.197.46:5000"]
}
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# systemctl daemon-reload
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# systemctl restart docker
此后,当客户端提交镜像到私有镜像库,分为两步:打标签和提交:
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
my-proj latest 2cfa024db852 14 minutes ago 643MB
registry 2 b8604a3fe854 3 weeks ago 26.2MB
java 8 d23bdf5b1b1b 4 years ago 643MB
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker tag my-proj 172.17.197.46:5000/my-proj:latest
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker push 172.17.197.46:5000/my-proj:latest
The push refers to repository [172.17.197.46:5000/my-proj]
35c20f26d188: Pushed
c3fe59dd9556: Pushed
6ed1a81ba5b6: Pushed
a3483ce177ce: Pushed
ce6c8756685b: Pushed
30339f20ced0: Pushed
0eb22bfb707d: Pushed
a2ae92ffcd29: Pushed
latest: digest: sha256:79d74b66dcb69e5b0facbf7a3c815167980ab9a3064c684cf68da01bba39abd8 size: 2000
经过上面的操作,镜像已经被提交到docker私有服务。
如果客户端像要下载这个镜像,首先需要像上面那个描述的,注册私有镜像服务。然后就用下面类似的操作即可:
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry 2 b8604a3fe854 3 weeks ago 26.2MB
java 8 d23bdf5b1b1b 4 years ago 643MB
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker pull 172.17.197.46:5000/my-proj:latest
latest: Pulling from my-proj
7448db3b31eb: Already exists
c36604fa7939: Already exists
29e8ef0e3340: Already exists
a0c934d2565d: Already exists
a360a17c9cab: Already exists
cfcc996af805: Already exists
2cf014724202: Already exists
4bc402a00dfe: Already exists
Digest: sha256:79d74b66dcb69e5b0facbf7a3c815167980ab9a3064c684cf68da01bba39abd8
Status: Downloaded newer image for 172.17.197.46:5000/my-proj:latest
172.17.197.46:5000/my-proj:latest
[root@iZ0jl6svdf9rj5xwb0nscoZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.17.197.46:5000/my-proj latest 2cfa024db852 18 minutes ago 643MB
registry 2 b8604a3fe854 3 weeks ago 26.2MB
java 8 d23bdf5b1b1b 4 years ago 643MB
4.其他注意
这个私有docker镜像库有三个要注意的问题:
a.镜像存储
首先,如果没有特别的操作,私有镜像作为docker的容器,在重建后,存储的镜像就没有了,需要使用挂载命令,将私有镜像存储位置挂载到宿主机或者其他docker容器外部位置,命令如下:
docker run --name local-regi -d -p 5000:5000 --restart=always -v /opt/data/registry:/var/lib/registry registry:2
-v命令将镜像存储挂载到宿主机的/opt/data/registry目录
b.容器启动
私有镜像服务作为执行的容器,在重启后,需要手动启动,可以使用restart参数,在docker服务启动,自动启动这个容器,再将docker服务设置为随系统启动即可。
docker run --name local-regi -d -p 5000:5000 --restart=always -v /opt/data/registry:/var/lib/registry registry:2
上面的命令用了–restart=always,在docker服务启动后,自动启动这个容器
c.管理界面
还存在的问题就是,这个私有服务的容器,内部保存着很多私有镜像,管理起来非常不容器,这需要独立提供一套管理界面,通常,我们可以使用“harbor”进行这类操作。关于harbor的使用方法,稍后,另起文档记录。