公有仓库Docker Hub
简介
仓库是集中存放镜像的地方。容易混淆的是注册服务器,它是管理仓库的服务器,每个服务器上可以有多个仓库,每个仓库下可以有多个镜像。因此仓库可以被认为是一个具体的目录。例如dl.dockerpool.com/centos来说,dl.dockerpool.com是注册服务器地址,centos是仓库名字。
Docker Hub
Docker官方目前维护着一个公共仓库,我们要是用这个仓库,需要登录https://hub.docker.com网址。注册一个账号。
命令操作
登录Login
[root@jk-lx-dev-app01 ~]# docker login
Username: zz203203zhang
Password: *************
Login Succeeded
[root@jk-lx-dev-app01 ~]#
成功后,本地用户目录的.docker目录中将保留用户的认证信息。
[root@jk-lx-dev-app01 ~]# pwd
/root
[root@jk-lx-dev-app01 ~]# ls
centos.tar
[root@jk-lx-dev-app01 ~]# cd .docker/
[root@jk-lx-dev-app01 .docker]# ls
config.json
[root@jk-lx-dev-app01 .docker]# cat config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "enoyMDMyMDN6aGFuZzp6jkswMzIwMzIwMDg="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.5 (linux)"
}
}
[root@jk-lx-dev-app01 .docker]#
镜像操作
在命令行我们可以通过docker search来查找官方仓库中的镜像,并可以使用docker pull命令将其下载到本地。
[root@jk-lx-dev-app01 .docker]# docker search redhat
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
hjd48/redhat redhat6.3x86-64 images 15
fbascheper/redhat-jboss-eap Extensible RedHat JBoss EAP 13
yjjy0921/redhat7.2 A clean redhat 7.2 image from official redha… 6
crorvick/redhat RedHat Linux 5
redhatopenjdk/redhat-openjdk18-openshift 4
redhatiot/kapua-sql 2
qiankunli/redhat-base a very clean redhat v6.4 x86_64 and can be u… 2
redhatiot/kapua-broker 1
redhatiot/kapua-api 1
redhatinsights/insights-frontend Front end application for Red Hat Insights 1
redhatiot/kapua-console 1
wjp719/redhat6.5 enable sshd and root passwd is redhat, you c… 1
redhatraptor/gocheck-sitemap Performs health check of the sitemap urls 1 [OK]
redhatiot/kapua-console-jetty 0
redhatmsa/hola 0
redhatiot/kapua-api-jetty 0
redhatqecinch/jenkins_slave 0
redhatcat/gold-carp Testing image aimed at a specific rails appl… 0
redhatworkshops/welcome-php 0
boonjit2/redhat6.6 Linux Redhat 6.6 , gcc 4.9.2 , jdk8 0
redhatinsights/fakamai-assets-base 0
redhatcop/jenkins-slave-ruby A Jenkins Slave image with a ruby runtime 0
redhatiot/kura-simulator 0
redhatinsights/insights-proxy Proxy for redhatinsights/insights-frontend 0
redhatcat/postgres-10-postgis 0
可以通过-s N指定查看多少星级以上的镜像,星级代表了该镜像的受欢迎程度
[root@jk-lx-dev-app01 .docker]# docker search -s 10 redhat
Flag --stars has been deprecated, use --filter=stars=3 instead
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
hjd48/redhat redhat6.3x86-64 images 15
fbascheper/redhat-jboss-eap Extensible RedHat JBoss EAP 13
下载镜像及tag
[root@jk-lx-dev-app01 .docker]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
bc51dd8edc1b: Pull complete
66ba67045f57: Pull complete
bf317aa10aa5: Pull complete
Digest: sha256:ad5552c786f128e389a0263104ae39f3d3c7895579d45ae716f528185b36bc6f
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@jk-lx-dev-app01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
import/centos v.2.0.1 3ebf5bc49a71 3 days ago 237MB
nginx latest 2073e0bcb60e 2 weeks ago 127MB
centos latest 470671670cac 4 weeks ago 237MB
training/sinatra latest 49d952a36c58 5 years ago 447MB
[root@jk-lx-dev-app01 .docker]# docker tag 2073e0bcb60e zz203203zhang/nginx
[root@jk-lx-dev-app01 .docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
import/centos v.2.0.1 3ebf5bc49a71 3 days ago 237MB
zz203203zhang/nginx latest 2073e0bcb60e 2 weeks ago 127MB
nginx latest 2073e0bcb60e 2 weeks ago 127MB
centos latest 470671670cac 4 weeks ago 237MB
training/sinatra latest 49d952a36c58 5 years ago 447MB
要推送镜像到Docker Hub,需要先登录账号,然后使用docker push xxx来推送
[root@jk-lx-dev-app01 .docker]# docker push 2073e0bcb6
The push refers to repository [docker.io/library/2073e0bcb6]
An image does not exist locally with the tag: 2073e0bcb6
[root@jk-lx-dev-app01 .docker]# docker push zz203203zhang/nginx
The push refers to repository [docker.io/zz203203zhang/nginx]
22439467ad99: Pushed
b4a29beac87c: Pushed
488dfecc21b1: Pushed
latest: digest: sha256:62f787b94e5faddb79f96c84ac0877aaf28fb325bfc3601b9c0934d4c107ba94 size: 948
[root@jk-lx-dev-app01 .docker]#
这个地方需要注意,镜像的名称必须要以自己Docker Hub上注册的用户名。
要使用docker tag image_id new_tagname。
我这个地方就是:docker tag 2073e0bcb60e zz203203zhang/nginx修改好了之后就可以使用docke push zz203203zhang/nginx将镜像推送到Docker Hub上面去了。
推送成功后,可以登录到自己的Docker Hub上面查看,如下:
Docker私有仓库
简介
在国内,介于网络的原因,很多时候我们无法访问Docker Hub,那么需要我们自己管理一个仓库,这个仓库可以帮助我们快速的储存我们的docker images,走内网很快,也可以方便我们同事之间更快的共享镜像,免去了无法访问Docker Hub或者访问过慢的问题。
建立私有仓库
Pull仓库
docker官方提供了一个工具docker-registry,我们可以借助这个工具构建私有镜像仓库
[root@jk-lx-dev-app01 ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry The Docker Registry 2.0 implementation for s… 2848 [OK]
distribution/registry WARNING: NOT the registry official image!!! … 57 [OK]
stefanscherer/registry-windows Containerized docker registry for Windows Se… 30
budry/registry-arm Docker registry build for Raspberry PI 2 and… 18
deis/registry Docker image registry for the Deis open sour… 12
sixeyed/registry Docker Registry 2.6.0 running on Windows - N… 9
anoxis/registry-cli You can list and delete tags from your priva… 8 [OK]
[root@jk-lx-dev-app01 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
486039affc0a: Pull complete
ba51a3b098e6: Pull complete
8bb4c43d6c8e: Pull complete
6f5f453e5f2d: Pull complete
42bc10b72f42: Pull complete
Digest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
启动私有仓库
确定网络端口占用情况
这里由于我们需要我们的服务器与运行的docker registry私有仓库镜像进行网络连接,故我们需要使用docker-proxy技术创建一个外部服务器端口连接docker registry的5000端口,我们使用服务器内部的5000端口映射到docker registry的5000端口,需要检查5000端口是否被占用。如果未被占用,即可使用docker run命令启动docker registry。
默认情况下,仓库会创建在容器中的/tmp/registry目录下,通过-v 指定将镜像文件存放在本地的目录中。
[root@jk-lx-dev-app01 ~]# netstat -ntlp | grep 5000 ###这里执行命令后,无显示结果证明5000端口未被占用
[root@jk-lx-dev-app01 ~]# docker run -d -p 5000:5000 -v /root/docker/registry:/tmp/registry registry
2996f3fdd9c0a0813abcbbda7ddd3fb6580d4746f4807ce037ec4440172c359b
[root@jk-lx-dev-app01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2996f3fdd9c0 registry "/entrypoint.sh /etc…" 7 seconds ago Up 6 seconds 0.0.0.0:5000->5000/tcp stupefied_liskov
执行私有仓库tag
如果我们想将本机的镜像push到我们的私有仓库,我们需要知道私有仓库的IP地址和服务的端口(这里就是上一步我们指定的5000端口,按照你自己的实际情况进行tag修改)。然后按照IP:Port/xxx的形式进行打tag,例如:
[root@jk-lx-dev-app01 ~]# docker tag 2073e0bcb60e 172.16.0.99:5000/nginx
下面是我获取本机地址及打tag的详细步骤:
使用这个命令获取本机IP
ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1
[root@jk-lx-dev-app01 ~]# ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1
172.16.0.99
[root@jk-lx-dev-app01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 2073e0bcb60e 2 weeks ago 127MB
zz203203zhang/nginx latest 2073e0bcb60e 2 weeks ago 127MB
registry latest 708bc6af7e5e 3 weeks ago 25.8MB
[root@jk-lx-dev-app01 ~]# docker tag 2073e0bcb60e 172.16.0.99:5000/nginx
[root@jk-lx-dev-app01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 2073e0bcb60e 2 weeks ago 127MB
zz203203zhang/nginx latest 2073e0bcb60e 2 weeks ago 127MB
172.16.0.99:5000/nginx latest 2073e0bcb60e 2 weeks ago 127MB
registry latest 708bc6af7e5e 3 weeks ago 25.8MB
Push Images
打完对应的tag后,就可以使用docker push命令进行上传啦
[root@jk-lx-dev-app01 ~]# docker push 172.16.0.99:5000/nginx
The push refers to repository [172.16.0.99:5000/nginx]
Get https://172.16.0.99:5000/v2/: http: server gave HTTP response to HTTPS client
哎呀,报错了,根据报错的提示,我们可以看出,我们的client使用的https的方式去访问docker私有仓库,但是我们的docker私有仓库使用的是http,所以我们得修改我们客户端访问我们私有仓库的方式为http,那么为啥我们Push到Docker Hub的时候没事呢?因为Docker Hub使用的就是https的方式,这样更为安全可靠。那么我们使用下面的方式进行访问方式的修改,并重新启动docker服务,这里的xxx.xxx.xxx.xxx需要修改为我们docker私有仓库的地址,如果端口也有不同,那么5000端口也需要修改为我们对应的端口:
[root@jk-lx-dev-app01 ~]# echo '{ "insecure-registries":["xxx.xxx.xxx.xxx:5000"] }' > /etc/docker/daemon.json
[root@jk-lx-dev-app01 ~]# cat /etc/docker/daemon.json
{ "insecure-registries":["192.168.0.5:5000"] }
[root@jk-lx-dev-app01 ~]# systemctl restart docker
重新启动docker registry镜像
[root@jk-lx-dev-app01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@jk-lx-dev-app01 ~]# docker run -d -p 5000:5000 -v /root/docker/registry:/tmp/registry registry
a6c4b25dd702243bc01a655a486d2964b5cfc01f9562ef590855e2bcf3cf367e
[root@jk-lx-dev-app01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ad580d86562 registry "/entrypoint.sh /etc…" 34 minutes ago Up 34 minutes 0.0.0.0:5000->5000/tcp eager_banzai
Push镜像
[root@jk-lx-dev-app01 ~]# docker push 172.16.0.99:5000/nginx
The push refers to repository [172.16.0.99:5000/nginx]
22439467ad99: Pushed
b4a29beac87c: Pushed
488dfecc21b1: Pushed
latest: digest: sha256:62f787b94e5faddb79f96c84ac0877aaf28fb325bfc3601b9c0934d4c107ba94 size: 948
[root@jk-lx-dev-app01 ~]#
私有仓库查询
那么如果我们知道公司的私有仓库地址,那么我们怎么search我们的images呢?下面我们简单介绍几种方法:
获取仓库类的镜像
[root@jk-lx-dev-app01 ~]# curl -XGET http://172.16.0.99:5000/v2/_catalog
{"repositories":["nginx"]}
获取某个镜像的标签列表
[root@jk-lx-dev-app01 ~]# curl -XGET http://172.16.0.99:5000/v2/image_name/tags/list
{"errors":[{"code":"NAME_UNKNOWN","message":"repository name not known to registry","detail":{"name":"image_name"}}]}
[root@jk-lx-dev-app01 ~]# curl -XGET http://172.16.0.99:5000/v2/nginx/tags/list
{"name":"nginx","tags":["latest"]}
参考: