Docker(简单学习)
Docker Registry分类
Registry用于保存docker镜像,包括镜像的层次结构和元数据
用户可以自建registry,也可以使用官方的Docker Hub
分类
Sponsor Registry:第三方的Registry,供客户和Docker社区使用
Mirror Registry:第三方的Registry,只让客户使用
Vendor Registry:由发布Docker镜像的供应商提供的registry
Private Registry:通过设有防火墙和额外的安全层的私有实体提供的registry
docker registry默认使用https
docker-distribution:docker官方的registry镜像,拖到本地运行为容器即可
也可以在本机安装docker-distribution:
[root@docker1 ~]# yum install docker-distribution.x86_64
[root@docker1 ~]# rpm -ql docker-distribution
/etc/docker-distribution/registry/config.yml
/usr/bin/registry
/usr/lib/systemd/system/docker-distribution.service
/usr/share/doc/docker-distribution-2.6.2
/usr/share/doc/docker-distribution-2.6.2/AUTHORS
/usr/share/doc/docker-distribution-2.6.2/CONTRIBUTING.md
/usr/share/doc/docker-distribution-2.6.2/LICENSE
/usr/share/doc/docker-distribution-2.6.2/MAINTAINERS
/usr/share/doc/docker-distribution-2.6.2/README.md
/var/lib/registry
查看默认的配置文件:
[root@docker1 ~]# cat /etc/docker-distribution/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
启动docker-distribution
[root@docker1 ~]# systemctl start docker-distribution
[root@docker1 ~]# ss -ltunp | grep :5000
tcp LISTEN 0 128 :::5000 :::* users:(("registry",pid=36076,fd=3))
现在将docker2机器上的镜像传到docker1的registry上,必须先给docker images打标签,因为默认的标签为docker hub的顶层仓库
hosts对docker1机器IP做解析
[root@docker2 ~]# docker images | head -2
REPOSITORY TAG IMAGE ID CREATED SIZE
docker1:5000/httpd v0.2 a83a2c1ac8b3 2 days ago 1.15MB
[root@docker2 ~]# tail -1 /etc/hosts
192.168.2.163 docker1
docker push 推镜像
会报错,提示docker客户端是https,而docker服务端给的http响应,即docker push时默认是基于https的,而docker1服务器是http的
[root@docker2 ~]# docker push docker1:5000/httpd:v0.2
The push refers to repository [docker1:5000/httpd]
Get https://docker1:5000/v2/: http: server gave HTTP response to HTTPS client
修改docker客户端配置文件,告诉我就用不安全的http,就可以成功push了
[root@docker2 ~]# vim /etc/docker/daemon.json
[root@docker2 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"insecure-registries":["docker1:5000"]
}
[root@docker2 ~]# systemctl restart docker
[root@docker2 ~]#
[root@docker2 ~]# docker push docker1:5000/httpd:v0.2
The push refers to repository [docker1:5000/httpd]
c8afcb5503d3: Pushed
23bc2b70b201: Pushed
v0.2: digest: sha256:7bc2e3c0bca86a692501522ff7adf637c1fcda87fca23a754e7db68f00c80f54 size: 734
上传的镜像在/var/lib/registry/目录下面,可以自行去查看,镜像是一层一层的
[root@docker1 ~]# cd /var/lib/registry/docker/registry/v2/repositories/httpd/
[root@docker1 httpd]# ls
_layers _manifests _uploads
[root@docker1 httpd]# ls _layers/sha256/
0d92fe152d7718e782cdae0ef465c5891492fdf7420a637e8c46057df21ecd83/ b4a6e23922ddc3d105fee9afff80151a13fe058143351a8e9294286575f2f37e/
a83a2c1ac8b323164e6143d302ee9c9d2e380956181390c67d38b5454ba4883c/
[root@docker1 httpd]# ls _layers/sha256/0d92fe152d7718e782cdae0ef465c5891492fdf7420a637e8c46057df21ecd83/
link
在docker1机器上尝试拖下来此镜像,也必须修改docker配置文件使用不安全的http
[root@docker1 httpd]# vim /etc/docker/daemon.json
[root@docker1 httpd]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"bip":"10.0.0.1/16",
"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],
"insecure-registries":["docker1:5000"]
}
[root@docker1 httpd]# systemctl restart docker
[root@docker1 httpd]# docker pull docker1:5000/httpd:v0.2
v0.2: Pulling from httpd
Digest: sha256:7bc2e3c0bca86a692501522ff7adf637c1fcda87fca23a754e7db68f00c80f54
Status: Downloaded newer image for docker1:5000/httpd:v0.2
[root@docker1 httpd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker1:5000/httpd v0.2 a83a2c1ac8b3 2 days ago 1.15MB
- 点赞
- 收藏
- 关注作者
评论(0)