怎么实现Docker私有仓库Registry 搭建,针对这个问题,这篇文章详细介绍了相对应的分析和解答,希望可以帮助更多想解决这个问题的小伙伴找到更简单易行的方法。
#==>域名或主机名
signdomain=a.b.cn
#==>生成SSL证书
mkdir ~/certs
openssl req -nodes -subj "/C=CN/ST=ZheJiang/L=HangZhou/CN=$signdomain" -newkey rsa:4096 -keyout ~/certs/$signdomain.key -out ~/certs/$signdomain.csr
openssl x509 -req -days 3650 -in ~/certs/$signdomain.csr -signkey ~/certs/$signdomain.key -out ~/certs/$signdomain.crt
#==>运行docker registry v2
docker run -d -p 5000:5000 --restart=always --name registry / -v ~/certs:/certs / -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$signdomain.crt / -e REGISTRY_HTTP_TLS_KEY=/certs/$signdomain.key / registry:2
#==>尝试 push 镜像
docker tag ubuntu a.b.cn:5000/ubuntu
docker push a.b.cn:5000/ubuntu
#==>出现如下错误:
The push refers to a repository [a.b.cn:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://a.b.cn:5000/v0/
v2 ping attempt failed with error: Get https://a.b.cn:5000/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://a.b.cn:5000/v1/_ping: x509: certificate signed by unknown authority
#==>错误是由于没有权威认证的自签名证书引起,在将crt复制docker Damon 的节点上如下目录(以当前节点示例,其它节点类似 scp 过去):
mkdir /etc/docker/certs.d/$signdomain:5000
cp ~/certs/$signdomain.crt /etc/docker/certs.d/$signdomain:5000/ca.crt
#==>验证 pull 和 push
docker pull a.b.cn:5000/ubuntu
整体:
#导入registry v2 镜像包 sudo docker load < registry.2.tar #设置registry所在主机域名或主机名 signdomain=docker-1 #设置registry认证文件目录 sudo mkdir ~/certs #openssl生成认证文件 sudo openssl req -nodes -subj "/C=CN/ST=ZheJiang/L=HangZhou/CN=$signdomain" -newkey rsa:4096 -keyout ~/certs/$signdomain.key -out ~/certs/$signdomain.csr sudo openssl x509 -req -days 3650 -in ~/certs/$signdomain.csr -signkey ~/certs/$signdomain.key -out ~/certs/$signdomain.crt #运行registry容器 sudo docker run -d -p 5000:5000 --name registry -v ~/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$signdomain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/$signdomain.key registry:2 #将crt文件复制到各docker Damon所在主机的/etc/docker/cert.d/$signdomain:5000目录(不存在先新建) sudo mkdir /etc/docker/certs.d/ sudo mkdir /etc/docker/certs.d/$signdomain:5000 sudo cp ~/certs/$signdomain.crt /etc/docker/certs.d/$signdomain:5000/ca.crt #测试registry服务 sudo docker tag registry:2 docker-1:5000/registry:2 sudo docker push docker-1:5000/registry:2
关于怎么实现Docker私有仓库Registry 搭建问题的解答就分享到这里了,希望以上内容可以对大家有一定的帮助,如果你还有很多疑惑没有解开,可以关注亿速云行业资讯频道了解更多相关知识。
原创文章,作者:kirin,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/239950.html