Home >Operation and Maintenance >Docker >How to build a docker private warehouse

How to build a docker private warehouse

王林
王林forward
2020-11-10 16:28:202716browse

How to build a docker private warehouse

1. Background introduction

In Docker, when we execute the docker pull xxx command, we may be curious about where docker will search and What about downloading the image?

Related recommendations: docker tutorial

Question answer:

It actually goes from the registry.hub.docker.com address Search, this is the public warehouse provided by the Docker company. The above image is available to everyone and can be used. Therefore, we can also bring the warehouse address to pull the image, such as: docker pull registry.hub.docker.com/library/alpine, but be aware that the default name of the image downloaded in this way will be longer.

If we want to use Docker in the company, it is basically impossible for us to upload commercial projects to a public warehouse. So what can we do if we want to share it with multiple machines?

Because of this need, private warehouses come into play.

The so-called private warehouse is something similar to a public warehouse built locally (LAN). After it is built, we can submit the image to the private warehouse. In this way, we can use Docker to run our project images and avoid the risk of commercial projects being exposed.

Below we use the official registry image to build a private image warehouse. Of course, there are many other methods.

2. Environment

Prepare two servers with docker installed: Server machine (host name is registry): docker private warehouse server, running registry container; Test machine (host name is node): Ordinary docker server, download a test image nginx on this server, and then upload it to the registry server for testing;

3. Deployment (server operation)

  1. Download image registry

    # docker pull registryUsing default tag: latest
    latest: Pulling from library/registry
    81033e7c1d6a: Pull complete 
    b235084c2315: Pull complete 
    c692f3a6894b: Pull complete 
    ba2177f3a70e: Pull complete 
    a8d793620947: Pull complete 
    Digest: sha256:672d519d7fd7bbc7a448d17956ebeefe225d5eb27509d8dc5ce67ecb4a0bce54
    Status: Downloaded newer image for registry:latest复制代码
  2. View image

    # docker imagesREPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    registry            latest              f32a97de94e1        3 months ago        25.8 MB复制代码
  3. Run registry container

    # docker run -itd -v /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest

    06a972de6218b1f1c3bf9b53eb9068dc66d147d14e18a89ab51db13e339d3dc9

    Parameter description -itd: Open a pseudo terminal in the container for interactive operations and run it in the background; -v: Bind the host's /data/registry directory to the container's /var/lib/registry directory (this directory is the directory where image files are stored in the registry container) to achieve data persistence; -p: Mapping port; accessing the 5000 port of the host will access the service of the registry container; --restart=always: This is the restart strategy. If the container exits abnormally, the container will be automatically restarted; --name registry: Create a container named registry, you can name it whatever you want; registry:latest: This is the image that was just pulled;

  4. Test all the images in the image warehouse

    # curl http://127.0.0.1: 5000/v2/_catalog
    {"repositories":[]}
    is now empty because it has just been run and there is no image content in it.

4. Test image warehouse (test side operation)

  1. Modify the source and image warehouse

    # vim /etc/docker/daemon.json{"registry-mirrors": [ "https://registry.docker-cn.com"]
    }# systemctl restart docker复制代码
  2. Download nginx image

    # docker pull nginx# docker imagesREPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    nginx               latest              719cd2e3ed04        2 weeks ago         109MB复制代码
  3. Tag the image

    # docker tag nginx:latest registry服务器:5000/nginx:kurisu复制代码

    Format description: Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

    nginx:lastest This is the source image and the image file that was just pulled;
    registry server:5000/nginx:kurisu This is the target Mirror is also the IP address and port of the registry's private mirror server;

    View the effect

     # docker images
      
     REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
     registry服务器:5000/nginx   kurisu              719cd2e3ed04        2 weeks ago         109MB
     nginx                      latest              719cd2e3ed04        2 weeks ago         109MB复制代码
  4. Upload to the mirror server

    # docker push registry服务器:5000/nginxThe push refers to repository [registry服务器:5000/nginx]
    Get https://registry服务器:5000/v2/: http: server gave HTTP response to HTTPS client复制代码

    This is an error, The https method is required to upload. We can modify daemon.json to solve the problem:

    [root@node ~]# vim /etc/docker/daemon.json {  "registry-mirrors": [ "https://registry.docker-cn.com"],  "insecure-registries": [ "registry服务器:5000"]
    }复制代码

    Add the address of the private mirror server. Note that the writing format is json. There are strict writing requirements, and then restart the docker service:
    # systemctl restart docker
    Upload again:

    # docker push registry服务器:5000/nginxThe push refers to repository [registry服务器:5000/nginx]
    d7acf794921f: Pushed
    d9569ca04881: Pushed
    cf5b3c6798f7: Pushed
    kurisu: digest: sha256:079aa93463d2566b7a81cbdf856afc6d4d2a6f9100ca3bcbecf24ade92c9a7fe size: 948复制代码
  5. Test download image
    The upload test is no problem, let’s test it from the registry server Download the busybox image just uploaded, first delete the image on the node host:

    # docker rmi -f $(docker images -aq)Untagged: registry服务器:5000/nginx:kurisu
    Untagged: registry服务器:5000/nginx@sha256:079aa93463d2566b7a81cbdf856afc6d4d2a6f9100ca3bcbecf24ade92c9a7fe
    Untagged: nginx:latest
    Untagged: nginx@sha256:bdbf36b7f1f77ffe7bd2a32e59235dff6ecf131e3b6b5b96061c652f30685f3a
    Deleted: sha256:719cd2e3ed04781b11ed372ec8d712fac66d5b60a6fb6190bf76b7d18cb50105
    Deleted: sha256:e9b6506fb887de50972aefd99d7c5eb56b1a8e757ed953cdfecb86b5359bcb22
    Deleted: sha256:55d9d9692a9615a28d183a42bc3881a72a39393feba3664e669e7affb78daa76
    Deleted: sha256:cf5b3c6798f77b1f78bf4e297b27cfa5b6caa982f04caeb5de7d13c255fd7a1e复制代码

    Check that all the images on the node host have been deleted:

    # docker imagesREPOSITORY          TAG                 IMAGE ID            CREATED             SIZE复制代码

    Then, download the nginx image from the registry server :

    # docker pull registry服务器:5000/nginx:kurisukurisu: Pulling from nginxfc7181108d40: Pull complete
    c4277fc40ec2: Pull complete
    780053e98559: Pull complete
    Digest: sha256:079aa93463d2566b7a81cbdf856afc6d4d2a6f9100ca3bcbecf24ade92c9a7fe
    Status: Downloaded newer image for registry服务器:5000/nginx:kurisu复制代码

    View the image on the node host:

    # docker imagesREPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
    registry服务器:5000/nginx   kurisu              719cd2e3ed04        2 weeks ago         109MB复制代码

View the remote warehouse image

  • List all images:
# curl http://registry服务器:5000/v2/_catalog{"repositories":["nginx"]}复制代码
  • List the tags of the nginx image:
# curl http://registry服务器:5000/v2/nginx/tags/list{"name":"nginx","tags":["kurisu"]}复制代码

The above is the detailed content of How to build a docker private warehouse. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:juejin.im. If there is any infringement, please contact admin@php.cn delete