#docker私库管理
#新建docker私库
docker pull registry
docker run -d -p 5000:5000 -v /opt/docker/registry:/var/lib/registry --restart=always --privileged=true --name registry registry:latest
# 开启非安全http访问方式
/etc/docker/daemon.json内添加"insecure-registries" : ["192.168.100.6:5000"]并重启docker服务systemctl restart docker,否则报错:The push refers to repository [192.168.100.6:5000/nginx], Get https://192.168.100.6:5000/v2/: http: server gave HTTP response to HTTPS client
# 开启安全https访问
详见官方教程https://docs.docker.com/registry/insecure/
docker pull nginx
docker tag nginx 192.168.100.6:5000/nginx
docker push 192.168.100.6:5000/nginx (push相应镜像即可)
#查看私库里的镜像信息
curl -XGET http://192.168.100.6:5000/v2/_catalog
curl -XGET http://192.168.100.6:5000/v2/dnsmasq-metrics-amd64/tags/list
#获取私库里的镜像digest
curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -XGET 192.168.100.6:5000/v2/registry/manifests/v1
curl -X GET -I http://10.30.17.155:5000/v2/dnsmasq-metrics-amd64/manifests/v1
#删除私库里的镜像
curl -I -X DELETE http://192.168.100.6:5000/v2/dnsmasq-metrics-amd64/manifests/sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e
#阿里云私库管理(官方参考:https://helpcdn.aliyun.com/document_detail/60743.html?spm=a2c4e.11153987.0.0.47da6474kxuhUE)
#Docker的镜像地址是什么?我们来看一个完整的例子。(以容器服务的公共镜像为例)
#registry.cn-hangzhou.aliyuncs.com/acs/agent:0.8
registry.cn-hangzhou.aliyuncs.com 叫做 "Registry域名"
acs 叫做 "命名空间"
agent 叫做 "仓库名称"
0.8 叫做 "Tag"、"镜像标签"(非必须,默认latest)
将这个几个完全独立的概念组合一下,还有几个术语
registry.cn-hangzhou.aliyuncs.com/acs/agent 称为 "仓库坐标"
acs/agent 称为 "仓库全名"(通常在API中使用)
#开通registry服务,并设置Registry登录密码
登录https://cr.console.aliyun.com/cn-beijing/new
#创建镜像仓库
设置地域-命名空间-仓库名称-仓库类型-等
设置完毕后会有三个地址:公网地址、专有网络、经典网络
#登录阿里云私有仓库registry(阿里云帐号用户名,密码为开通registry服务时的密码)
docker login --username=*** registry.cn-beijing.aliyuncs.com
#从Registry中拉取镜像
docker pull registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
#将镜像推送到registry
docker login --username=*** registry.cn-beijing.aliyuncs.com
docker tag [ImageId] registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
docker push registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
#选择合适的镜像地址
从ECS推送镜像时,可以选择使用镜像仓库内网地址。推送速度将得到提升并且将不会损耗您的公网流量。
如果您使用的机器位于经典网络,请使用 registry-internal.cn-beijing.aliyuncs.com 作为Registry的域名登录,并作为镜像命名空间前缀。
如果您使用的机器位于VPC网络,请使用 registry-vpc.cn-beijing.aliyuncs.com 作为Registry的域名登录,并作为镜像命名空间前缀。
#退出仓库
docker logout registry.cn-beijing.aliyuncs.com
#查看公共仓库的tag信息
https://cr.console.aliyun.com/cn-beijing/instances/images
比如搜索google_containers/tiller查看tiller的具体tag信息
#推荐一个第三方的docker-ls工具,用以查询镜像tags(https://github.com/mayflower/docker-ls)
#安装
wget https://github-production-release-asset-2e65be.s3.amazonaws.com/52611782/16210e00-c5ce-11e8-80bc-670983318ca9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190514%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190514T053201Z&X-Amz-Expires=300&X-Amz-Signature=d52c7e14fa5fd8a4718a1ac76d598c0a5272271b2ef10f63d38be18eebfa24c5&X-Amz-SignedHeaders=host&actor_id=17699536&response-content-disposition=attachment%3B%20filename%3Ddocker-ls-linux-amd64.zip&response-content-type=application%2Foctet-stream -o docker-ls-linux-amd64.zip
unzip docker-ls-linux-amd64.zip && mv docker-ls /usr/local/bin/docker-ls && mv docker-rm /usr/local/bin/docker-rm
#使用范例
List all repositories in a custom registry:
docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123
List all repositories in a custom registry, including their tags:
docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123 --level 1
List all tags in stuff/busybox using HTTP basic auth
docker-ls tags --registry https://my.registry.org --user hanni --password hanni123 --basic-auth stuff/busybox
Inspect tag stuff/busybox:latest, no authentication, JSON output.
docker-ls tag --registry https://my.registry.org --json stuff/busybox:latest
Inspect tag stuff/busybox:latest, no authentication, dump the raw manifest with parsed history as JSON.
docker-ls tag --registry https://my.registry.org --json --raw-manifest --parse-history stuff/busybox:latest
#查看docker官方站点某个image的tags信息
curl 'https://registry.hub.docker.com/v2/repositories/library/debian/tags/'|jq '."results"[]["name"]'
# 安装jq命令
yum -y epel-release && yum install -y jq
#新建docker私库
docker pull registry
docker run -d -p 5000:5000 -v /opt/docker/registry:/var/lib/registry --restart=always --privileged=true --name registry registry:latest
# 开启非安全http访问方式
/etc/docker/daemon.json内添加"insecure-registries" : ["192.168.100.6:5000"]并重启docker服务systemctl restart docker,否则报错:The push refers to repository [192.168.100.6:5000/nginx], Get https://192.168.100.6:5000/v2/: http: server gave HTTP response to HTTPS client
# 开启安全https访问
详见官方教程https://docs.docker.com/registry/insecure/
docker pull nginx
docker tag nginx 192.168.100.6:5000/nginx
docker push 192.168.100.6:5000/nginx (push相应镜像即可)
#查看私库里的镜像信息
curl -XGET http://192.168.100.6:5000/v2/_catalog
curl -XGET http://192.168.100.6:5000/v2/dnsmasq-metrics-amd64/tags/list
#获取私库里的镜像digest
curl --header "Accept: application/vnd.docker.distribution.manifest.v2+json" -I -XGET 192.168.100.6:5000/v2/registry/manifests/v1
curl -X GET -I http://10.30.17.155:5000/v2/dnsmasq-metrics-amd64/manifests/v1
#删除私库里的镜像
curl -I -X DELETE http://192.168.100.6:5000/v2/dnsmasq-metrics-amd64/manifests/sha256:6a67ba482a8dd4f8143ac96b1dcffa5e45af95b8d3e37aeba72401a5afd7ab8e
#阿里云私库管理(官方参考:https://helpcdn.aliyun.com/document_detail/60743.html?spm=a2c4e.11153987.0.0.47da6474kxuhUE)
#Docker的镜像地址是什么?我们来看一个完整的例子。(以容器服务的公共镜像为例)
#registry.cn-hangzhou.aliyuncs.com/acs/agent:0.8
registry.cn-hangzhou.aliyuncs.com 叫做 "Registry域名"
acs 叫做 "命名空间"
agent 叫做 "仓库名称"
0.8 叫做 "Tag"、"镜像标签"(非必须,默认latest)
将这个几个完全独立的概念组合一下,还有几个术语
registry.cn-hangzhou.aliyuncs.com/acs/agent 称为 "仓库坐标"
acs/agent 称为 "仓库全名"(通常在API中使用)
#开通registry服务,并设置Registry登录密码
登录https://cr.console.aliyun.com/cn-beijing/new
#创建镜像仓库
设置地域-命名空间-仓库名称-仓库类型-等
设置完毕后会有三个地址:公网地址、专有网络、经典网络
#登录阿里云私有仓库registry(阿里云帐号用户名,密码为开通registry服务时的密码)
docker login --username=*** registry.cn-beijing.aliyuncs.com
#从Registry中拉取镜像
docker pull registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
#将镜像推送到registry
docker login --username=*** registry.cn-beijing.aliyuncs.com
docker tag [ImageId] registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
docker push registry.cn-beijing.aliyuncs.com/[命名空间]/[仓库名称]:[镜像版本号]
#选择合适的镜像地址
从ECS推送镜像时,可以选择使用镜像仓库内网地址。推送速度将得到提升并且将不会损耗您的公网流量。
如果您使用的机器位于经典网络,请使用 registry-internal.cn-beijing.aliyuncs.com 作为Registry的域名登录,并作为镜像命名空间前缀。
如果您使用的机器位于VPC网络,请使用 registry-vpc.cn-beijing.aliyuncs.com 作为Registry的域名登录,并作为镜像命名空间前缀。
#退出仓库
docker logout registry.cn-beijing.aliyuncs.com
#查看公共仓库的tag信息
https://cr.console.aliyun.com/cn-beijing/instances/images
比如搜索google_containers/tiller查看tiller的具体tag信息
#推荐一个第三方的docker-ls工具,用以查询镜像tags(https://github.com/mayflower/docker-ls)
#安装
wget https://github-production-release-asset-2e65be.s3.amazonaws.com/52611782/16210e00-c5ce-11e8-80bc-670983318ca9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190514%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190514T053201Z&X-Amz-Expires=300&X-Amz-Signature=d52c7e14fa5fd8a4718a1ac76d598c0a5272271b2ef10f63d38be18eebfa24c5&X-Amz-SignedHeaders=host&actor_id=17699536&response-content-disposition=attachment%3B%20filename%3Ddocker-ls-linux-amd64.zip&response-content-type=application%2Foctet-stream -o docker-ls-linux-amd64.zip
unzip docker-ls-linux-amd64.zip && mv docker-ls /usr/local/bin/docker-ls && mv docker-rm /usr/local/bin/docker-rm
#使用范例
List all repositories in a custom registry:
docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123
List all repositories in a custom registry, including their tags:
docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123 --level 1
List all tags in stuff/busybox using HTTP basic auth
docker-ls tags --registry https://my.registry.org --user hanni --password hanni123 --basic-auth stuff/busybox
Inspect tag stuff/busybox:latest, no authentication, JSON output.
docker-ls tag --registry https://my.registry.org --json stuff/busybox:latest
Inspect tag stuff/busybox:latest, no authentication, dump the raw manifest with parsed history as JSON.
docker-ls tag --registry https://my.registry.org --json --raw-manifest --parse-history stuff/busybox:latest
#查看docker官方站点某个image的tags信息
curl 'https://registry.hub.docker.com/v2/repositories/library/debian/tags/'|jq '."results"[]["name"]'
# 安装jq命令
yum -y epel-release && yum install -y jq