目录
- docker 部署 registry UI
- 1. 创建registry仓库
- 2. 将镜像推入仓库
- 3. 创建registry-web
- 4. web 对接token认证的registry server
- 总结
docker 部署 registry UI
1. 创建registry仓库
$ docker run -d –restart=always –name registry -p 5000:5000 -v /storage/registry:/var/lib/registry registry:2.3.0
$ docker ps
2. 将镜像推入仓库
$ docker pull centos
$ docker tag centos:latest 192.168.211.15:5000/centos:latest
$ docker push 192.168.211.15:5000/centos:latest
The push refers to a repository [192.168.211.15:5000/centos]
Get https://192.168.211.15:5000/v1/_ping: http: server gave HTTP response to HTTPS client
在推送镜像中出现错误,因为client与Registry交互默认将采用https访问,但我们在install Registry时并未配置指定任何tls相关的key和crt文件,https将无法访问。
因此, 我们需要配置客户端的Insecure Registry选项(另一种解决方案需要配置Registry的证书)。
$ vim /etc/sysconfig/docker
OPTIONS=\’–selinux-enabled –log-driver=journald –signature-verification=false –insecure-registry 192.168.211.15:5000\’
$ docker stop registry
$ systemctl restart docker
$ docker start registry
$ docker push 192.168.211.15:5000/centos:latest
$ $ curl https://192.168.211.15:5000/v2/_catalog
{\”repositories\”:[\”centos\”]} #获取镜像列表
3. 创建registry-web
Docker官方只提供了REST API,并没有给我们一个界面。
可以使用Portus来管理私有仓库, 同时可以使用简单的UI管理工具, Docker提供私有库“hyper/docker-registry-web”, 下载该镜像就可以使用了。
$ docker run -d -p 8080:8080 –name registry-web –link registry -e REGISTRY_URL=http://registry:5000/v2 -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web
界面:
4. web 对接token认证的registry server
4.1 搭建 docker registry web
$ mkdir -p /data/registry-web/config
$ vim /data/registry-web/config/registry-web.yml
registry:
# Docker registry url
url: \’https://192.168.211.100:5000/v2\’
# web registry context path
# empty string for root context, /app to make web registry accessible on http://host/app
context_path: \’\’
# Trust any SSL certificate when connecting to registry
trust_any_ssl: true
# base64 encoded token for basic authentication
basic_auth: \’\’
# To allow image delete, should be false
readonly: true
# Docker registry fqdn
name: \’192.168.211.100:5000\’
# Authentication settings
auth:
# Enable authentication
enabled: true
# Allow registry anonymous access
# allow_anonymous: true # not implemented
# Token issuer
# should equals to auth.token.issuer of docker registry
issuer: \’test-issuer\’
# Private key for token signing
# certificate used on auth.token.rootcertbundle should signed by this key
key: /config/server.key
访问:http://192.168.211.100:5000
用户与密码:admin:admin
4.2 创建用户
4.3 用户授权
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持悠久资源网。
