公有仓库Docker Hub
简介
仓库是集中存放镜像的地方。容易混淆的是注册服务器,它是管理仓库的服务器,每个服务器上可以有多个仓库,每个仓库下可以有多个镜像。因此仓库可以被认为是一个具体的目录。例如dl.dockerpool.com/centos来说,dl.dockerpool.com是注册服务器地址,centos是仓库名字。
Docker Hub
Docker官方目前维护着一个公共仓库,我们要是用这个仓库,需要登录https://hub.docker.com网址。注册一个账号。
命令操作
登录Login
[root@jk-lx-dev-app01 ~]# docker loginUsername: zz203203zhangPassword: *************Login Succeeded[root@jk-lx-dev-app01 ~]#
成功后,本地用户目录的.docker目录中将保留用户的认证信息。
[root@jk-lx-dev-app01 ~]# pwd/root[root@jk-lx-dev-app01 ~]# lscentos.tar[root@jk-lx-dev-app01 ~]# cd .docker/[root@jk-lx-dev-app01 .docker]# lsconfig.json[root@jk-lx-dev-app01 .docker]# cat config.json{"auths": {"https://index.docker.io/v1/": {"auth": "enoyMDMyMDN6aGFuZzp6jkswMzIwMzIwMDg="}},"HttpHeaders": {"User-Agent": "Docker-Client/19.03.5 (linux)"}}[root@jk-lx-dev-app01 .docker]#
镜像操作
在命令行我们可以通过docker search来查找官方仓库中的镜像,并可以使用docker pull命令将其下载到本地。
[root@jk-lx-dev-app01 .docker]# docker search redhatNAME DESCRIPTION STARS OFFICIAL AUTOMATEDhjd48/redhat redhat6.3x86-64 images 15fbascheper/redhat-jboss-eap Extensible RedHat JBoss EAP 13yjjy0921/redhat7.2 A clean redhat 7.2 image from official redha… 6crorvick/redhat RedHat Linux 5redhatopenjdk/redhat-openjdk18-openshift 4redhatiot/kapua-sql 2qiankunli/redhat-base a very clean redhat v6.4 x86_64 and can be u… 2redhatiot/kapua-broker 1redhatiot/kapua-api 1redhatinsights/insights-frontend Front end application for Red Hat Insights 1redhatiot/kapua-console 1wjp719/redhat6.5 enable sshd and root passwd is redhat, you c… 1redhatraptor/gocheck-sitemap Performs health check of the sitemap urls 1 [OK]redhatiot/kapua-console-jetty 0redhatmsa/hola 0redhatiot/kapua-api-jetty 0redhatqecinch/jenkins_slave 0redhatcat/gold-carp Testing image aimed at a specific rails appl… 0redhatworkshops/welcome-php 0boonjit2/redhat6.6 Linux Redhat 6.6 , gcc 4.9.2 , jdk8 0redhatinsights/fakamai-assets-base 0redhatcop/jenkins-slave-ruby A Jenkins Slave image with a ruby runtime 0redhatiot/kura-simulator 0redhatinsights/insights-proxy Proxy for redhatinsights/insights-frontend 0redhatcat/postgres-10-postgis 0
可以通过-s N指定查看多少星级以上的镜像,星级代表了该镜像的受欢迎程度
[root@jk-lx-dev-app01 .docker]# docker search -s 10 redhatFlag --stars has been deprecated, use --filter=stars=3 insteadNAME DESCRIPTION STARS OFFICIAL AUTOMATEDhjd48/redhat redhat6.3x86-64 images 15fbascheper/redhat-jboss-eap Extensible RedHat JBoss EAP 13
下载镜像及tag
[root@jk-lx-dev-app01 .docker]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginxbc51dd8edc1b: Pull complete66ba67045f57: Pull completebf317aa10aa5: Pull completeDigest: sha256:ad5552c786f128e389a0263104ae39f3d3c7895579d45ae716f528185b36bc6fStatus: Downloaded newer image for nginx:latestdocker.io/library/nginx:latest[root@jk-lx-dev-app01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEimport/centos v.2.0.1 3ebf5bc49a71 3 days ago 237MBnginx latest 2073e0bcb60e 2 weeks ago 127MBcentos latest 470671670cac 4 weeks ago 237MBtraining/sinatra latest 49d952a36c58 5 years ago 447MB[root@jk-lx-dev-app01 .docker]# docker tag 2073e0bcb60e zz203203zhang/nginx[root@jk-lx-dev-app01 .docker]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEimport/centos v.2.0.1 3ebf5bc49a71 3 days ago 237MBzz203203zhang/nginx latest 2073e0bcb60e 2 weeks ago 127MBnginx latest 2073e0bcb60e 2 weeks ago 127MBcentos latest 470671670cac 4 weeks ago 237MBtraining/sinatra latest 49d952a36c58 5 years ago 447MB
要推送镜像到Docker Hub,需要先登录账号,然后使用docker push xxx来推送
[root@jk-lx-dev-app01 .docker]# docker push 2073e0bcb6The push refers to repository [docker.io/library/2073e0bcb6]An image does not exist locally with the tag: 2073e0bcb6[root@jk-lx-dev-app01 .docker]# docker push zz203203zhang/nginxThe push refers to repository [docker.io/zz203203zhang/nginx]22439467ad99: Pushedb4a29beac87c: Pushed488dfecc21b1: Pushedlatest: digest: sha256:62f787b94e5faddb79f96c84ac0877aaf28fb325bfc3601b9c0934d4c107ba94 size: 948[root@jk-lx-dev-app01 .docker]#
这个地方需要注意,镜像的名称必须要以自己Docker Hub上注册的用户名。
要使用docker tag image_id new_tagname。
我这个地方就是:docker tag 2073e0bcb60e zz203203zhang/nginx修改好了之后就可以使用docke push zz203203zhang/nginx将镜像推送到Docker Hub上面去了。
推送成功后,可以登录到自己的Docker Hub上面查看,如下:
Docker私有仓库
简介
在国内,介于网络的原因,很多时候我们无法访问Docker Hub,那么需要我们自己管理一个仓库,这个仓库可以帮助我们快速的储存我们的docker images,走内网很快,也可以方便我们同事之间更快的共享镜像,免去了无法访问Docker Hub或者访问过慢的问题。
建立私有仓库
Pull仓库
docker官方提供了一个工具docker-registry,我们可以借助这个工具构建私有镜像仓库
[root@jk-lx-dev-app01 ~]# docker search registryNAME DESCRIPTION STARS OFFICIAL AUTOMATEDregistry The Docker Registry 2.0 implementation for s… 2848 [OK]distribution/registry WARNING: NOT the registry official image!!! … 57 [OK]stefanscherer/registry-windows Containerized docker registry for Windows Se… 30budry/registry-arm Docker registry build for Raspberry PI 2 and… 18deis/registry Docker image registry for the Deis open sour… 12sixeyed/registry Docker Registry 2.6.0 running on Windows - N… 9anoxis/registry-cli You can list and delete tags from your priva… 8 [OK][root@jk-lx-dev-app01 ~]# docker pull registryUsing default tag: latestlatest: Pulling from library/registry486039affc0a: Pull completeba51a3b098e6: Pull complete8bb4c43d6c8e: Pull complete6f5f453e5f2d: Pull complete42bc10b72f42: Pull completeDigest: sha256:7d081088e4bfd632a88e3f3bcd9e007ef44a796fddfe3261407a3f9f04abe1e7Status: Downloaded newer image for registry:latestdocker.io/library/registry:latest
启动私有仓库
确定网络端口占用情况
这里由于我们需要我们的服务器与运行的docker registry私有仓库镜像进行网络连接,故我们需要使用docker-proxy技术创建一个外部服务器端口连接docker registry的5000端口,我们使用服务器内部的5000端口映射到docker registry的5000端口,需要检查5000端口是否被占用。如果未被占用,即可使用docker run命令启动docker registry。
默认情况下,仓库会创建在容器中的/tmp/registry目录下,通过-v 指定将镜像文件存放在本地的目录中。
[root@jk-lx-dev-app01 ~]# netstat -ntlp | grep 5000 ###这里执行命令后,无显示结果证明5000端口未被占用[root@jk-lx-dev-app01 ~]# docker run -d -p 5000:5000 -v /root/docker/registry:/tmp/registry registry2996f3fdd9c0a0813abcbbda7ddd3fb6580d4746f4807ce037ec4440172c359b[root@jk-lx-dev-app01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES2996f3fdd9c0 registry "/entrypoint.sh /etc…" 7 seconds ago Up 6 seconds 0.0.0.0:5000->5000/tcp stupefied_liskov
执行私有仓库tag
如果我们想将本机的镜像push到我们的私有仓库,我们需要知道私有仓库的IP地址和服务的端口(这里就是上一步我们指定的5000端口,按照你自己的实际情况进行tag修改)。然后按照IP:Port/xxx的形式进行打tag,例如:
[root@jk-lx-dev-app01 ~]# docker tag 2073e0bcb60e 172.16.0.99:5000/nginx
下面是我获取本机地址及打tag的详细步骤:
使用这个命令获取本机IP
ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1
[root@jk-lx-dev-app01 ~]# ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1172.16.0.99[root@jk-lx-dev-app01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 2073e0bcb60e 2 weeks ago 127MBzz203203zhang/nginx latest 2073e0bcb60e 2 weeks ago 127MBregistry latest 708bc6af7e5e 3 weeks ago 25.8MB[root@jk-lx-dev-app01 ~]# docker tag 2073e0bcb60e 172.16.0.99:5000/nginx[root@jk-lx-dev-app01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 2073e0bcb60e 2 weeks ago 127MBzz203203zhang/nginx latest 2073e0bcb60e 2 weeks ago 127MB172.16.0.99:5000/nginx latest 2073e0bcb60e 2 weeks ago 127MBregistry latest 708bc6af7e5e 3 weeks ago 25.8MB
Push Images
打完对应的tag后,就可以使用docker push命令进行上传啦
[root@jk-lx-dev-app01 ~]# docker push 172.16.0.99:5000/nginxThe push refers to repository [172.16.0.99:5000/nginx]Get https://172.16.0.99:5000/v2/: http: server gave HTTP response to HTTPS client
哎呀,报错了,根据报错的提示,我们可以看出,我们的client使用的https的方式去访问docker私有仓库,但是我们的docker私有仓库使用的是http,所以我们得修改我们客户端访问我们私有仓库的方式为http,那么为啥我们Push到Docker Hub的时候没事呢?因为Docker Hub使用的就是https的方式,这样更为安全可靠。那么我们使用下面的方式进行访问方式的修改,并重新启动docker服务,这里的xxx.xxx.xxx.xxx需要修改为我们docker私有仓库的地址,如果端口也有不同,那么5000端口也需要修改为我们对应的端口:
[root@jk-lx-dev-app01 ~]# echo '{ "insecure-registries":["xxx.xxx.xxx.xxx:5000"] }' > /etc/docker/daemon.json[root@jk-lx-dev-app01 ~]# cat /etc/docker/daemon.json{ "insecure-registries":["192.168.0.5:5000"] }[root@jk-lx-dev-app01 ~]# systemctl restart docker
重新启动docker registry镜像
[root@jk-lx-dev-app01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES[root@jk-lx-dev-app01 ~]# docker run -d -p 5000:5000 -v /root/docker/registry:/tmp/registry registrya6c4b25dd702243bc01a655a486d2964b5cfc01f9562ef590855e2bcf3cf367e[root@jk-lx-dev-app01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4ad580d86562 registry "/entrypoint.sh /etc…" 34 minutes ago Up 34 minutes 0.0.0.0:5000->5000/tcp eager_banzai
Push镜像
[root@jk-lx-dev-app01 ~]# docker push 172.16.0.99:5000/nginxThe push refers to repository [172.16.0.99:5000/nginx]22439467ad99: Pushedb4a29beac87c: Pushed488dfecc21b1: Pushedlatest: digest: sha256:62f787b94e5faddb79f96c84ac0877aaf28fb325bfc3601b9c0934d4c107ba94 size: 948[root@jk-lx-dev-app01 ~]#
私有仓库查询
那么如果我们知道公司的私有仓库地址,那么我们怎么search我们的images呢?下面我们简单介绍几种方法:
获取仓库类的镜像
[root@jk-lx-dev-app01 ~]# curl -XGET http://172.16.0.99:5000/v2/_catalog{"repositories":["nginx"]}
获取某个镜像的标签列表
[root@jk-lx-dev-app01 ~]# curl -XGET http://172.16.0.99:5000/v2/image_name/tags/list{"errors":[{"code":"NAME_UNKNOWN","message":"repository name not known to registry","detail":{"name":"image_name"}}]}[root@jk-lx-dev-app01 ~]# curl -XGET http://172.16.0.99:5000/v2/nginx/tags/list{"name":"nginx","tags":["latest"]}
参考:
若有收获,就点个赞吧
0 人点赞
