为啥要搭私有的仓库?
安全,节省带宽,速度快.
什么是Docker Registry?
Docker Registry由三个部分组成:index,registry,registry client 可以把Index认为是负责登录、负责认证、负责存储镜像信息和负责对外显示的外部实现, 而registry则是负责存储镜像的内部实现,而Registry Client则是docker客户端。
** Docker版本需要1.6以上,先确认docker的版本 **
$ docker --version
Docker version 18.09.2, build 6247962
# docker tag centos:6 192.168.1.120:5000/centos:6
# docker push 192.168.1.120:5000/centos:6
修改/etc/docker/daemon.json
, 如果没有就创建这个文件
{
"registry-mirror": ["https://registry.docker.com"],
"insecure-registries": ["10.0.0.10:5000"]
}
$ docker run -d -v /home/devops/docker-registry:/var/lib/registry -p 5000:5000 \
--restart=always --name registry registry:2
docker volume create registry
docker run -p 5000:5000 -v /tmp/registry:/tmp/registry registry
docker run \
-e SETTINGS_FLAVOR=s3 \
-e AWS_BUCKET=mybucket \
-e STORAGE_PATH=/registry \
-e AWS_KEY=myawskey \
-e AWS_SECRET=myawssecret \
-e SEARCH_BACKEND=sqlalchemy \
-p 5000:5000 \
registry
$ docker run -d -v /home/devops/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:2
$ docker volume create registry
$ docker run -d -v registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:2
docker run \
-e SETTINGS_FLAVOR=s3 \
-e AWS_BUCKET=mybucket \
-e STORAGE_PATH=/registry \
-e AWS_KEY=myawskey \
-e AWS_SECRET=myawssecret \
-e SEARCH_BACKEND=sqlalchemy \
-p 5000:5000 \
registry
docker run -d -p 443:5000 --restart=always --name registry \
-v /home/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ssl.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/ssl.key \
registry:2
# docker pull 192.168.1.120:5000/centos:7
$ curl 127.0.0.1:5000/v2/_catalog
{"repositories":[]}
# curl http://192.168.1.120:5000/v2/centos/tags/list
$ docker volume create portainer_data
$ docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data portainer/portainer
docker service create \
--name portainer \
--publish 9000:9000 \
--constraint 'node.role == manager' \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer \
-H unix:///var/run/docker.sock
docker run -d -p 443:5000 --restart=always --name registry \
-v /home/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ssl.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/ssl.key \
registry:2
docker service create \
--name portainer \
--publish 9000:9000 \
--constraint 'node.role == manager' \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer \
-H unix:///var/run/docker.sock
### 参考
[portainer](https://www.portainer.io/)