搭建私有docker仓库 叁歲伎倆 2022-01-21 09:59 297阅读 0赞 # 搭建私有docker仓库 # 1. 操作系统版本:centos7 2. docker 当前版本 [root@localhost data]# docker version Client: Version: 18.09.6 API version: 1.39 Go version: go1.10.8 Git commit: 481bc77156 Built: Sat May 4 02:34:58 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 18.09.6 API version: 1.39 (minimum version 1.12) Go version: go1.10.8 Git commit: 481bc77 Built: Sat May 4 02:02:43 2019 OS/Arch: linux/amd64 Experimental: false 3. 创建 /data/config.yml 文件 1. /data/config.yml 文件中写入如下内容: version: 0.1 log: fields: service: registry storage: delete: enabled: true cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3 4. 运行 docker registry [root@localhost ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry -v /data/config.yml:/etc/docker/registry/config.yml registry 1. 如果遇到:docker0: iptables: No chain/target/match by that name 错误 解决办法:[https://blog.csdn.net/newtelcom/article/details/79548152][https_blog.csdn.net_newtelcom_article_details_79548152] 在CentOS 7下使用类似nginx之类的web server,启动docker时有时会报以下错误: docker0: iptables: No chain/target/match by that name. 解决方法: service docker restart 重启docker后: iptables -L 可以看到iptables里面多出了Chain Docker的选项。 经验为:在启动firewalld之后,iptables被激活,此时没有docker chain,重启docker后被加入到iptable里面。 1. 测试 1. 拉取一个 hello-world 镜像 [root@localhost ~]# docker pull hello-world 2. 接下来修改一下该镜像的tag [root@localhost ~]# docker tag hello-world 192.168.130.132:5000/hello-world 3. push到私有仓库 [root@localhost ~]# docker push 192.168.130.132:5000/hello-world 2. docker registry https问题 1. clien 端解决方法 1. 在”/etc/docker/“目录下,创建”daemon.json“文件。在文件中写入一下内容,注意 insecure-registries 是 docker registry 的地址 { "insecure-registries":["192.168.130.132:5000"] } 2. 参考文章:[https://www.cnblogs.com/hobinly/p/6110624.html][https_www.cnblogs.com_hobinly_p_6110624.html] 2. server 端解决方法 1. 因为Docker从1.3.X之后,与docker registry交互默认使用的是https,然而此处搭建的私有仓库只提供http服务,所以当与私有仓库交互时就会报上面的错误。为了解决这个问题需要在启动docker server时增加启动参数为默认使用http访问。修改docker启动配置文件: [root@localhost ~]# vim /usr/lib/systemd/system/docker.service 2. 找到 ExecStart 这一行,在后面加入 --insecure-registry 192.168.130.132:5000,192.168.130.132:5000 是服务端地址。 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.130.132:5000 3. 修改后重启docker [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl restart docker 3. 镜像查看访问地址:[http://192.168.130.132:5000/v2/\_catalog][http_192.168.130.132_5000_v2_catalog] 4. 搭建私有docker私有仓库参考文章列表: 1. [https://www.cnblogs.com/Tempted/p/7768694.html][https_www.cnblogs.com_Tempted_p_7768694.html] 2. [https://blog.csdn.net/qq\_42114918/article/details/81609465][https_blog.csdn.net_qq_42114918_article_details_81609465] [https_blog.csdn.net_newtelcom_article_details_79548152]: https://blog.csdn.net/newtelcom/article/details/79548152 [https_www.cnblogs.com_hobinly_p_6110624.html]: https://www.cnblogs.com/hobinly/p/6110624.html [http_192.168.130.132_5000_v2_catalog]: http://192.168.130.132:5000/v2/_catalog [https_www.cnblogs.com_Tempted_p_7768694.html]: https://www.cnblogs.com/Tempted/p/7768694.html [https_blog.csdn.net_qq_42114918_article_details_81609465]: https://blog.csdn.net/qq_42114918/article/details/81609465
还没有评论,来说两句吧...