一、 Registry
|
Registry镜像文件 文件提取码:ekli |
该仓库没有多用户和多项目的概念。
1.启动仓库
|
docker load -i 镜像名称:版本 加载仓库镜像 docker run -d -p 宿主机端口:容器端口 --name 容器名称 -v 宿主机目录:容器目录 镜像名称:版本 #启动仓库 |
[root@docker01 ~]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/docker/registry:/var/lib/registry registry
Unable to find image 'registry:latest' locally
latest: Pulling from library/registry
486039affc0a: Pull complete
ba51a3b098e6: Pull complete
8bb4c43d6c8e: Pull complete
6f5f453e5f2d: Pull complete
42bc10b72f42: Pull complete
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:latest
176a6f5ffb02d50946f8712822aef61835a076f43d142af6a0b285b3af3f2a01
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
176a6f5ffb02 registry "/entrypoint.sh /etc…" 11 seconds ago Up 9 seconds 0.0.0.0:5000->5000/tcp registry2.修改配置文件信任仓库(首次使用仓库时配置)
配置文件:/etc/docker/daemon.json;重启生效
|
{
"registry-mirrors" : ["https://registry.docker-cn.com"], #官方仓库加速
"insecure-registries" : ["仓库地址:端口"] #信任私有仓
} |
[root@docker02 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors" : ["https://registry.docker-cn.com"],
"insecure-registries" : ["10.0.0.110:5000"]
}
[root@docker02 ~]# systemctl restart docker3.上传镜像
上传镜像必须在docker images列表中
|
docker tag 镜像名称:版本 仓库地址:端口/镜像名称:版本 #为镜像打标签 docker image push 仓库地址:端口/镜像名称:版本 #上传镜像 |
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest a24bb4013296 13 days ago 5.57
[root@docker02 ~]# docker tag alpine:latest 10.0.0.110:5000/alpine:latest
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest a24bb4013296 13 days ago 5.57MB
10.0.0.110:5000/alpine latest a24bb4013296 13 days ago 5.57MB
[root@docker02 ~]# docker push 10.0.0.110:5000/alpine:latest
The push refers to repository [10.0.0.110:5000/alpine]
50644c29ef5a: Pushed
latest: digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65 size: 528# 验证
[root@docker01 ~]# cd /opt/docker/registry/
[root@docker01 /opt/docker/registry]# cd docker/registry/v2/repositories/
[root@docker01 /opt/docker/registry/docker/registry/v2/repositories]# ls
alpine|
仓库地址:端口/v2/_catalog 查看镜像列表 仓库地址:端口/v2/镜像名/tag/list 查看镜像版本 |
4.下载镜像
| docker image pull 仓库地址:端口/镜像名称:版本 #下载镜像 |
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker02 ~]# docker pull 10.0.0.110:5000/alpine:latest
latest: Pulling from alpine
df20fa9351a1: Pull complete
Digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Status: Downloaded newer image for 10.0.0.110:5000/alpine:latest
10.0.0.110:5000/alpine:latest
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.110:5000/alpine latest a24bb4013296 13 days ago 5.57MB二、Harbor
|
Harbor镜像文件 文件提取码:xho4 |
本文以离线安装为例
1.获取harbor镜像
| tar xf 安装包名称 |
[root@docker01 ~]# mkdir /opt/package
[root@docker01 ~]# cd /opt/package/
[root@docker01 /opt/package]# ls
harbor-offline-installer-v1.10.3.tgz
[root@docker01 /opt/package]# tar xf harbor-offline-installer-v1.10.3.tgz
[root@docker01 /opt/package]# rm -f harbor-offline-installer-v1.10.3.tgz
[root@docker01 /opt/package]# ls
harbor
[root@docker01 /opt/package/harbor]# ls
common.sh harbor.v1.10.3.tar.gz harbor.yml install.sh LICENSE prepare2.配置harbor.yml文件
|
hostname: 域名 #指定Harbor域名或IP地址 http: #指定使用Http协议
port: 端口 #指定端口
harbor_admin_password: 密码 #指定Harbor初始管理员密码 |
[root@docker01 /opt/package/harbor]# grep -Ev '^$|#' harbor.yml |head -4
hostname: 10.0.0.110
http:
port: 80
harbor_admin_password: 1234563.安装harbor
| ./install.sh #执行安装脚本 |
[root@docker01 /opt/package/harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.8
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.18.0
......
Creating harbor-jobservice ...
Creating nginx ...
✔ ----Harbor has been installed and started successfully.----
4.修改配置文件信任仓库
配置文件:/etc/docker/daemon.json;重启生效
|
{
"insecure-registries" : ["仓库地址:端口"] #信任私有仓库
} |
[root@docker02 ~]# cat /etc/docker/daemon.json
{
"insecure-registries" : ["10.0.0.110:5000","10.0.0.110"]
}
[root@docker02 ~]# systemctl restart docker5.登录仓库
不指定登录地址,默认登录官方仓库
| 登录信息默认保存在~/.docker/config.json文件中 |
| docker login 仓库地址 |
[root@docker02 ~]# docker login 10.0.0.110
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
}[root@docker02 ~]# cat /root/.docker/config.json
{
"auths": {
"10.0.0.110": {
"auth": "YWRtaW46MTIzNDU2" #Base64解密
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}6.上传镜像
上传镜像必须在docker images列表中
|
docker tag 镜像名称:版本 仓库地址:端口/项目名称/镜像名称:版本 #为镜像打标签 docker image push 仓库地址:端口/项目名称/镜像名称:版本 #上传镜像 |
[root@docker02 ~]# docker tag 10.0.0.110:5000/alpine:latest 10.0.0.110/aspenhan/alpine:latest
[root@docker02 ~]# docker push 10.0.0.110/aspenhan/alpine:latest
The push refers to repository [10.0.0.110/aspenhan/alpine]
50644c29ef5a: Pushed
latest: digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65 size: 528
7.下载镜像
| docker image pull 仓库地址:端口/项目名称/镜像名称:版本 #下载镜像 |
[root@docker02 ~]# docker pull 10.0.0.110/aspenhan/alpine:latest
latest: Pulling from aspenhan/alpine
Digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Status: Image is up to date for 10.0.0.110/aspenhan/alpine:latest
10.0.0.110/aspenhan/alpine:latest
8.Harbor实现HTTPS访问
# 准备证书
[root@docker01 ~]# mkdir /opt/package/harbor/cert
[root@docker01 ~]# cd /opt/package/harbor/cert
[root@docker01 /opt/package/harbor/cert]# rz -E
rz waiting to receive.
[root@docker01 /opt/package/harbor/cert]# ls
3106863_aspenhan.com_nginx.zip
[root@docker01 /opt/package/harbor/cert]# unzip 3106863_aspenhan.com_nginx.zip
Archive: 3106863_aspenhan.com_nginx.zip
Aliyun Certificate Download
inflating: 3106863_aspenhan.com.pem
inflating: 3106863_aspenhan.com.key
[root@docker01 /opt/package/harbor/cert]# rm -f *.zip
[root@docker01 /opt/package/harbor/cert]# ls
3106863_aspenhan.com.key 3106863_aspenhan.com.pem|
修改harbor.yml文件 hostname: 域名 #指定Harbor域名 https:
port: 端口
certificate: 证书路径 #指定证书
private_key: 私钥路径 #指定私钥路径
harbor_admin_password: 密码 重装harbor |
[root@docker01 /opt/package/harbor]# grep -Ev '^$|#' harbor.yml |head -6
hostname: aspenhan.com
https:
port: 443
certificate: /opt/package/harbor/cert/3106863_aspenhan.com.pem
private_key: /opt/package/harbor/cert/3106863_aspenhan.com.key
harbor_admin_password: 123456
[root@docker01 /opt/package/harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.8
[Step 1]: checking docker-compose is installed ...
......
✔ ----Harbor has been installed and started successfully.----
# 验证测试
[root@docker01 /opt/package/harbor]# docker login aspenhan.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker01 /opt/package/harbor]# docker pull aspenhan.com/aspenhan/alpine:latest
latest: Pulling from aspenhan/alpine
df20fa9351a1: Pull complete
Digest: sha256:a15790640a6690aa1730c38cf0a440e2aa44aaca9b0e8931a9f2b0d7cc90fd65
Status: Downloaded newer image for aspenhan.com/aspenhan/alpine:latest
aspenhan.com/aspenhan/alpine:latest
[root@docker01 /opt/package/harbor]# grep 10.0.0.110 /etc/hosts
10.0.0.110 docker01 aspenhan.com| 使用Harbor仓库Web界面删除镜像时,存储空间不会立即被释放。需要点击垃圾清理->立即清理垃圾释放存储空间 |