registry是一個運行在docker中的registry鏡像的實例。
## 運行registry容器
~~~
docker run -d -p 5000:5000 --restart=always --name registry registry:2
~~~
--restart=always 容器啟動時在動重啟
>[info]這種部署僅適用于測試環境,生產環境最好使用TLS協議和訪問控制。
### 實例
~~~
# 從Docker Hub拉取ubuntu:16.04 image
docker pull ubuntu:16.04
# 打標簽,標簽第一部分是IP和端口
docker tag ubuntu:16.04 localhost:5000/my-ubuntu
# 推送到本地registry
docker push localhost:5000/my-ubuntu
# 移除本地的緩存,這個并不會將鏡像從registry中移除
docker image remove ubuntu:16.04
docker image remove localhost:5000/my-ubuntu
# 從本地registry中拉取指定鏡像
docker pull localhost:5000/my-ubuntu
~~~
### 查看鏡像倉庫中的鏡像
~~~
curl http://192.168.101.30:5000/v2/_catalog
curl -XGET http://registry:5000/v1/search?q=鏡像名稱
~~~
## 停止registry容器
~~~
docker stop registry
# 移除數據
docker rm -v registry
~~~
## 定制端口
~~~
# 更改宿主機端口
docker run -d \
-p 5001:5000 \
--name registry-test \
registry:2
# 更改registry監聽端口, REGISTRY_HTTP_ADDR
docker run -d \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5001 \
-p 5001:5001 \
--name registry-test \
registry:2
~~~
## 本地存儲
鏡像文件默認存儲在容器/var/lib/registry目錄中
~~~
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /mnt/registry:/var/lib/registry \
registry:2
~~~
## 使用compose file
~~~
cat docker-compose.yml
registry:
restart: always
image: registry:2
ports:
- 5000:5000
# environment:
# REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
# REGISTRY_HTTP_TLS_KEY: /certs/domain.key
# REGISTRY_AUTH: htpasswd
# REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
# REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /var/lob/registry:/var/lib/registry
~~~
~~~
docker-compose up -d
~~~
## 問題
~~~
docker push 192.168.101.30:5000/myfirstimage
The push refers to a repository [192.168.101.30:5000/myfirstimage]
Get https://192.168.101.30:5000/v1/_ping: http: server gave HTTP response to HTTPS client
~~~
### 默認使用https,需要改成不使用https
~~~
cat /etc/docker/daemon.json
{ "insecure-registries":["registry:5000"] }
~~~
## 倉庫配置文件
~~~
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
~~~