容器雲----docker-registry+docker-registry-web（鏡像倉庫+鏡像倉庫管理界面）

容器雲----docker-registry+docker-registry-web（鏡像倉庫+鏡像倉庫管理界面）

 

一.配置環境

下載倉庫鏡像

docker pull registry:registry

docker pull hyper/docker-registry-web

配置主機名解析

vim  /etc/hosts

docker-registry  172.22.6.241

 

二.創建鏡像倉庫

證書認證：

創建證書存放目錄

mkdir /opt/docker/data/registry_dir/certs -p

創建自簽名證書

openssl req -new -newkey rsa:4096 -days 365 -subj "/CN=docker-registry" -nodes -x509 -keyout /opt/docker/data/registry_dir/certs/auth.key -out /opt/docker/data/registry_dir/certs/auth.cert

創建帶有證書認證的鏡像倉庫

docker run -d -p 5000:5000 --restart=always --name registry-srv \

-v /opt/docker/data/registry_dir/registry:/var/lib/registry/ \

-v /opt/docker/data/registry_dir/certs:/certs \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/auth.cert \

-e REGISTRY_HTTP_TLS_KEY=/certs/auth.key \

registry:2.4.1

訪問倉庫

curl https://docker-registry:5000/v2/_catalog --insecure

嘗試推送鏡像到鏡像倉庫

docker  push  docker-registry:5000/busybox:latest

出現如下報錯

unable to ping registry endpoint https:/docker-registry:5000/v0/

v2 ping attempt failed with error: Get https://mydockerhub.com:5000/v2/: x509: certificate signed by unknown authority

v1 ping attempt failed with error: Get https://mydockerhub.com:5000/v1/_ping: x509: certificate signed by unknown authority

這是因為節點還沒有安裝證書

節點安裝證書

mkdir /etc/docker/certs.d/docker-registry:5000/ -p

cp /opt/docker/data/registry_dir/certs/auth.cert  /etc/docker/certs.d/docker-registry:5000/ca.crt

system daemon-reload

systemctl restart docker

再次嘗試推送鏡像

docker  push  docker-registry:5000/busybox:latest

The push refers to a repository [docker-registry:5000/busybox]
8a788232037e: Layer already exists
latest: digest: sha256:e2d9acbe92a6def141a9f9f2584468206735308df6a696430e25947882385fb2 size: 527

 

證書+密碼鑒權：

創建密碼文件存放目錄

mkdir  /opt/docker/data/registry_dir/auth/ -p

創建密碼文件

docker run --entrypoint htpasswd registry:2.4.1 -Bbn linkcm 123456 > /opt/docker/data/registry_dir/auth/htpasswd

啟動帶有證書+密碼鑒權的倉庫：

docker run -d -p 5000:5000 --restart=always --name registry-srv \

-v /opt/docker/data/registry_dir/registry:/var/lib/registry/ \

-v /opt/docker/data/registry_dir/certs:/certs \

-v /opt/docker/data/registry_dir/auth:/auth \

-e REGISTRY_AUTH=htpasswd \

-e REGISTRY_AUTH_HTPASSWD_REALM=Registry_Realm \

-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/auth.cert \

-e REGISTRY_HTTP_TLS_KEY=/certs/auth.key \

registry:2.4.1

嘗試推送鏡像到鏡像倉庫

docker  push  docker-registry:5000/busybox:latest

https://docker-registry:5000/v2/tonybai/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4: no basic auth credentials

這是因為沒有登錄到docker

登錄docker

docker  login  docker-registry:5000

username:test

password:

login  succeed！

再次嘗試推送鏡像到鏡像倉庫

docker  push  docker-registry:5000/busybox:latest

 

三.創建鏡像倉庫管理界面

此方法是建立在鏡像倉庫只有證書認證的模式下的，需要密碼認證的方式請自動網上搜索。

docker run -d -p 8080:8080 --name registry-web --link registry-srv \

-e REGISTRY_URL=https://registry-srv:5000/v2 \

-e REGISTRY_TRUST_ANY_SSL=true  \

-e REGISTRY_NAME=localhost:5000 \

hyper/docker-registry-web

訪問鏡像倉庫

http://172.22.6.241:8080/