Docker学习（二）——私有仓库搭建

Docker仓库是集中存储和管理Docker镜像的平台，支持镜像的上传、下载、版本管理等功能。

一、Docker仓库分类 1.公有仓库

        Docker Hub：官方默认公共仓库，提供超过10万+镜像，支持用户上传和管理镜像。

        第三方平台：如阿里云ACR、腾讯云TCR等，提供镜像加速和企业级功能。

2。私有仓库

        Registry：Docker官方提供的基础私有仓库工具，支持本地部署，但功能较简单。

        Harbor：企业级私有仓库，支持角色权限、审计日志、镜像扫描等高级功能，适合生产环境。

3.混合仓库

        云服务集成：如阿里云ACR、华为云SWR，结合公有云和私有仓库优势，提供安全托管和全球加速。

二、私有仓库的搭建 1. 使用Registry搭建基础私有仓库 1.1、新建并启动容器 [root@localhost ~]# docker run -d -p 5000:5000 registry:2 #会自动下载和启动一个registry容器，创建本地的私有云服务 Unable to find image 'registry:2' locally 2: Pulling from library/registry 44cf07d57ee4: Pull complete bbbdd6c6894b: Pull complete 8e82f80af0de: Pull complete 3493bf46cdec: Pull complete 6d464ea18732: Pull complete Digest: sha256:a3d8aaa63ed8681a604f1dea0aa03f100d5895b6a58ace528858a7b332415373 Status: Downloaded newer image for registry:2 8fd929126d42e2be363130e8f38087f1eb627b112c164d32f4c62b422b2b5d96 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry 2 26b2eb03618e 17 months ago 25.4MB

其中 -p 5000:5000 表示将容器的 5000 端口映射到主机的 5000 端口，用于访问私有仓库  

1.2、配置Docker客户端信任私有仓库： [root@localhost ~]# vim /etc/docker/daemon.json { "registry-mirrors": [ " docker.m.daocloud.io", " hub-mirror.c.163 ", " mirror.baidubce ", " docker.nju.edu " ], "insecure-registries": ["192.168.8.161:5000"] } #insecure-registries：指定不安全的仓库地址，允许 Docker 客户端通过 HTTP 协议访问该地址 [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl enable --now docker 1.3、 标记镜像 [root@localhost ~]# docker tag registry:2 192.168.8.161:5000/registry:2 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.8.161:5000/registry 2 26b2eb03618e 17 months ago 25.4MB registry 2 26b2eb03618e 17 months ago 25.4MB 1.4、将镜像推送到私有仓库  [root@localhost ~]# docker push 192.168.8.161:5000/registry:2 The push refers to repository [192.168.8.161:5000/registry] 53c600587fd6: Pushed 858f5c95b990: Pushed 811f3777554a: Pushed f646c8e10325: Pushed f44f286046d9: Pushed 2: digest: sha256:266f282fabd7cd3df053ee7c658c77b42380d44344e33d16c5a4e58d0d5a77d7 size: 1363 1.5 、查看192.168.8.161:5000中的镜像 [root@localhost ~]# curl http://192.168.8.161:5000/v2/_catalog {"repositories":["registry"]} 1.6、用任意一台能访问到192.168.8.161地址的机器下载镜像 

2. 使用Harbor搭建企业级私有仓库 1、下载最新版 Docker-Compose curl -L get.daocloud.io/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose

2、下载Harbor安装包并解压 [root@localhost ~]# tar xzf harbor-offline-installer-v2.6.1.tgz -C /usr/local [root@localhost ~]# cd /usr/local/harbor/ [root@localhost harbor]# ls common.sh harbor.yml.tmpl LICENSE harbor.v2.6.1.tar.gz install.sh prepare 3、准备证书  [root@localhost ~]# mkdir /data/certs [root@localhost ~]# openssl req -newkey rsa:4096 \ > -nodes -sha256 -keyout /data/certs/admin.org.key \ > -addext "subjectAltName = DNS: .harbor1 " \ > -x509 -days 365 -out /data/certs/admin.org.crt Generating a RSA private key ..............................................++++ ..................................++++ writing new private key to '/data/certs/admin.org.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:80 State or Province Name (full name) []:hunan Locality Name (eg, city) [Default City]:changsha Organization Name (eg, company) [Default Company Ltd]:shewai Organizational Unit Name (eg, section) []:xingong Common Name (eg, your name or your server's hostname) []:jike Email Address []:admin@qq 4、配置Harbor参数  [root@localhost ~]# cd /usr/local/harbor/ [root@localhost harbor]# ls common.sh harbor.yml.tmpl LICENSE harbor.v2.6.1.tar.gz install.sh prepare [root@localhost harbor]# cp harbor.yml.tmpl harbor.yml [root@localhost harbor]# vim harbor.yml #分别修改以下参数 hostname: .harbor1 certificate: /data/certs/admin.org.crt private_key: /data/certs/admin.org.key harbor_admin_password: 123456 [root@localhost harbor]# ./prepare [root@localhost harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 26.1.3 5、验证  [root@localhost ~]# echo "127.0.0.1 .harbor1 " >> /etc/hosts

浏览器验证（需添加本地域名映射）