Docker之搭建私有仓库Registry-蒲公英云

一.关于Registry

官方的Docker hub是一个用于管理公共镜像的好地方，我们可以在上面找到我们想要的镜像，也可以把我们自己的镜像推送上去。但是，有时候，我们的使用场景需要我们拥有一个私有的镜像仓库用于管理我们自己的镜像。这个可以通过开源软件Registry来达成目的。

Registry在github上有两份代码：老代码库和新代码库。老代码是采用python编写的，存在pull和push的性能问题，出到0.9.1版本之后就标志为deprecated，不再继续开发。从2.0版本开始就到在新代码库进行开发，新代码库是采用go语言编写，修改了镜像id的生成算法、registry上镜像的保存结构，大大优化了pull和push镜像的效率。

官方在Docker hub上提供了registry的镜像（详情），我们可以直接使用该registry镜像来构建一个容器，搭建我们自己的私有仓库服务。

二. Registry的部署

1.获取registry最新镜像

获取镜像指令:docker pull registry

[root@localhost ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
169185f82c45: Pull complete 
046e2d030894: Pull complete 
188836fddeeb: Pull complete 
832744537747: Pull complete 
7ceea07e80be: Pull complete 
Digest: sha256:870474507964d8e7d8c3b53bcfa738e3356d2747a42adad26d0d81ef4479eb1b
Status: Downloaded newer image for registry:latest

2.启动一个容器

启动指令:$ docker run -d -p 5000:5000 —restart always —name registry registry:2

[root@localhost ~]# docker run -d -p 5000:5000 --restart always --name registry registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
Digest: sha256:870474507964d8e7d8c3b53bcfa738e3356d2747a42adad26d0d81ef4479eb1b
Status: Downloaded newer image for registry:2
2e9bc436f2491578bcef1964ae60eefd145fd95d8a787970299c0324f85afcdf

Registry服务默认会将上传的镜像保存在容器的/var/lib/registry，我们将主机的/opt/registry目录挂载到该目录，即可实现将镜像保存到主机的/opt/registry目录了。

3.查看当前容器运行情况

运行指令:docker ps

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
2e9bc436f249        registry:2          "/entrypoint.sh /etc…"   3 minutes ago       Up 2 minutes        0.0.0.0:5000->5000/tcp   registry

容器已经运行

4.推送一个镜像到私有仓库

创建Dockfile,创建镜像为 192.168.153.142:5000/java-hello (注意是IP:端口/镜像名称)

查看一下镜像,该镜像已存在

[root@localhost ~]# docker image ls
REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
192.168.153.142:5000/java-hello       latest              aaa38e1abb29        23 hours ago        643MB
lss0555/dockerfile-entrypoint-shell   latest              a55bfbb112d3        46 hours ago        88.1MB
mysql                                 latest              81f094a7e4cc        2 weeks ago         477MB
ubuntu                                latest              47b19964fb50        2 weeks ago         88.1MB
registry                              2                   d0eed8dad114        3 weeks ago         25.8MB
registry                              latest              d0eed8dad114        3 weeks ago         25.8MB
java                                  8                   d23bdf5b1b1b        2 years ago         643MB

推送镜像 192.168.153.142:5000/java-hello 到私有仓库,运行指令为:

[root@localhost ~]# docker push 192.168.153.142:5000/java-hello
The push refers to repository [192.168.153.142:5000/java-hello]
Get https://192.168.153.142:5000/v2/: http: server gave HTTP response to HTTPS client

发现连接不上 https://192.168.153.142:5000/v2/

解决:

在目录下 /etc/docker/下增加文件,文件名称为 daemon.json

{ “insecure-registries”: [ “192.168.153.142:5000”] }
修改文件路径为 /lib/systemd/system/docker.service ,该文件里面增加一行

EnvironmentFile=/etc/docker/daemon.json

Ok,重启docker服务, 命令:systemctl reload docker

再次推送镜像到仓库,发现可以正常推送了

The push refers to repository [192.168.153.142:5000/java-hello]
50fd6e12279b: Pushed 
b9a8b0389764: Pushed 
35c20f26d188: Pushed 
c3fe59dd9556: Pushed 
6ed1a81ba5b6: Pushed 
a3483ce177ce: Pushed 
ce6c8756685b: Pushed 
30339f20ced0: Pushed 
0eb22bfb707d: Pushed 
a2ae92ffcd29: Pushed 
latest: digest: sha256:f6d8a8d4c6ef10b84a7857f7bfe840683ca3d673aa742ae0931a802c4ad59a64 size: 2414

查看仓库列表API看下情况

http://192.168.153.142:5000/v2/\_catalog

结果

{“repositories”:[“java-hello”]}

5.Docker Registry API

docker registry api 官方文档

https://docs.docker.com/registry/

method	path	Entity	Description
GET	/v2/	Base	Check that the endpoint implements Docker Registry API V2.
GET	/v2/<name>/tags/list	Tags	Fetch the tags under the repository identified by name.
GET	/v2/<name>/manifests/<reference>	Manifest	Fetch the manifest identified by nameand referencewhere referencecan be a tag or digest. A HEADrequest can also be issued to this endpoint to obtain resource information without receiving all data.
PUT	/v2/<name>/manifests/<reference>	Manifest	Put the manifest identified by nameand referencewhere referencecan be a tag or digest.
DELETE	/v2/<name>/manifests/<reference>	Manifest	Delete the manifest identified by nameand reference. Note that a manifest can only be deleted by digest.
GET	/v2/<name>/blobs/<digest>	Blob	Retrieve the blob from the registry identified bydigest. A HEADrequest can also be issued to this endpoint to obtain resource information without receiving all data.
DELETE	/v2/<name>/blobs/<digest>	Blob	Delete the blob identified by nameand digest
POST	/v2/<name>/blobs/uploads/	Initiate Blob Upload	Initiate a resumable blob upload. If successful, an upload location will be provided to complete the upload. Optionally, if thedigest parameter is present, the request body will be used to complete the upload in a single request.
GET	/v2/<name>/blobs/uploads/<uuid>	Blob Upload	Retrieve status of upload identified byuuid. The primary purpose of this endpoint is to resolve the current status of a resumable upload.
PATCH	/v2/<name>/blobs/uploads/<uuid>	Blob Upload	Upload a chunk of data for the specified upload.
PUT	/v2/<name>/blobs/uploads/<uuid>	Blob Upload	Complete the upload specified by uuid, optionally appending the body as the final chunk.
DELETE	/v2/<name>/blobs/uploads/<uuid>	Blob Upload	Cancel outstanding upload processes, releasing associated resources. If this is not called, the unfinished uploads will eventually timeout.
GET	/v2/_catalog	Catalog	Retrieve a sorted, json list of repositories available in the registry.