Docker Registry

1. 概述

公开的docker镜像仓库有很多，资源也很丰富，例如dockerhub。

但是，基于各种需求，我们可能需要搭建自己的私有镜像仓库，可能是为了镜像文件的安全，也可能是为了节省集群对外的网络带宽。

本文简单介绍docker私有仓库的搭建步骤，入门学习而已，高级玩法还需要深入研究。

Docker

2. 通过docker启动registry

2.1. 创建htpasswd文件

$ mkdir docker-repo
$ cd docker-repo
$ sudo apt install apache2-utils
$ htpasswd -Bbn testuser testpassword > htpasswd

• 参考：
  https://docs.docker.com/registry/deploying/#native-basic-auth
  https://docs.docker.com/registry/configuration/#htpasswd

2.2. 两种启动方式

• docker run a container

$ docker pull registry:2.7
$ docker run -d \
  -p 5000:5000 \
  --restart=always \
  --name registry:2.7 \
  -v /mnt/registry:/var/lib/registry \
  -v "$(pwd)"/htpasswd:/auth/htpasswd \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
  registry:2

• docker compose

$ docker pull registry:2.7
$ cat docker-compose.yml
version: '2.3'
services:
  docker-repo:
    image: 'registry:2.7'
    restart: always
    volumes:
      - ./registry:/var/lib/registry
      - ./htpasswd:/auth/htpasswd
    environment:
      - REGISTRY_AUTH=htpasswd
      - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
      - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
    ports:
      - 5000:5000
$ docker-compose up -d

3. 测试

3.1. login private registry

• 设置hostname，以及docker daemon config

$ cat /etc/hosts
127.0.0.1 test-vm1

$ cat /etc/docker/daemon.json
{
    "insecure-registries": ["test-vm1:5000"]
}

• 也可以不设置hostname，直接通过Registry Host IP访问

$ cat /etc/docker/daemon.json
{
    "insecure-registries": ["127.0.0.1:5000"]
}

• login

$ docker login test-vm1:5000
Username: testuser
Password: 

Login Succeeded

3.2. push images to private registry

• pull两个dockerhub的images

$ docker pull ubuntu:20.04
$ docker pull redis:5.0

• push到本地的private registry

$ docker tag ubuntu:20.04 test-vm1:5000/ubuntu:20.04
$ docker tag redis:5.0 test-vm1:5000/redis:5.0
$ docker push test-vm1:5000/ubuntu:20.04
$ docker push test-vm1:5000/redis:5.0

3.3. docker pull from private registry

• docker pull from another host

$ docker pull test-vm1:5000/ubuntu:20.04
$ docker pull test-vm1:5000/redis:5.0

• 查看registry目录，可以看到全部images

$ tree registry/ -L 5
registry/
└── docker
    └── registry
        └── v2
            ├── blobs
            │   └── sha256
            └── repositories
                ├── redis
                └── ubuntu

• 通过API查看仓库

$ curl -u 'testuser:testpassword' localhost:5000/v2/_catalog
{"repositories":["redis","ubuntu"]}
$ curl -u 'testuser:testpassword' localhost:5000/v2/redis/tags/list
{"name":"redis","tags":["5.0"]}

4. References

• docker registry image
  https://hub.docker.com/_/registry/
• Docker Registry
  https://docs.docker.com/registry/
• Configuring a registry
  https://docs.docker.com/registry/configuration/
• Docker私有仓库
  https://www.cnblogs.com/battor/p/docker_private_registry.html