Docker 學習（二）——基于Registry、Harbor搭建私有倉庫

Docker倉庫是集中存儲和管理Docker鏡像的平臺，支持鏡像的上傳、下載、版本管理等功能。

一、Docker倉庫分類

1.公有倉庫

????????Docker Hub：官方默認公共倉庫，提供超過10萬+鏡像，支持用戶上傳和管理鏡像。

????????第三方平臺：如阿里云ACR、騰訊云TCR等，提供鏡像加速和企業級功能。

2。私有倉庫

????????Registry：Docker官方提供的基礎私有倉庫工具，支持本地部署，但功能較簡單。

????????Harbor：企業級私有倉庫，支持角色權限、審計日志、鏡像掃描等高級功能，適合生產環境。

3.混合倉庫

????????云服務集成：如阿里云ACR、華為云SWR，結合公有云和私有倉庫優勢，提供安全托管和全球加速。

二、私有倉庫的搭建

1. 使用Registry搭建基礎私有倉庫

1.1、新建并啟動容器

[root@localhost ~]# docker run -d -p 5000:5000 registry:2    #會自動下載和啟動一個registry容器，創建本地的私有云服務
Unable to find image 'registry:2' locally
2: Pulling from library/registry
44cf07d57ee4: Pull complete
bbbdd6c6894b: Pull complete
8e82f80af0de: Pull complete
3493bf46cdec: Pull complete
6d464ea18732: Pull complete
Digest: sha256:a3d8aaa63ed8681a604f1dea0aa03f100d5895b6a58ace528858a7b332415373
Status: Downloaded newer image for registry:2
8fd929126d42e2be363130e8f38087f1eb627b112c164d32f4c62b422b2b5d96
[root@localhost ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
registry     2         26b2eb03618e   17 months ago   25.4MB

其中 -p 5000:5000 表示將容器的 5000 端口映射到主機的 5000 端口，用于訪問私有倉庫??

1.2、配置Docker客戶端信任私有倉庫：

[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.m.daocloud.io","https://hub-mirror.c.163.com","https://mirror.baidubce.com","https://docker.nju.edu.cn"],
"insecure-registries": ["192.168.8.161:5000"]
}
#insecure-registries：指定不安全的倉庫地址，允許 Docker 客戶端通過 HTTP 協議訪問該地址[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now docker

1.3、標記鏡像

[root@localhost ~]# docker tag registry:2 192.168.8.161:5000/registry:2
[root@localhost ~]# docker images
REPOSITORY                    TAG       IMAGE ID       CREATED         SIZE
192.168.8.161:5000/registry   2         26b2eb03618e   17 months ago   25.4MB
registry                      2         26b2eb03618e   17 months ago   25.4MB

1.4、將鏡像推送到私有倉庫?

[root@localhost ~]# docker push 192.168.8.161:5000/registry:2
The push refers to repository [192.168.8.161:5000/registry]
53c600587fd6: Pushed
858f5c95b990: Pushed
811f3777554a: Pushed
f646c8e10325: Pushed
f44f286046d9: Pushed
2: digest: sha256:266f282fabd7cd3df053ee7c658c77b42380d44344e33d16c5a4e58d0d5a77d7 size: 1363

1.5 、查看192.168.8.161:5000中的鏡像

[root@localhost ~]# curl http://192.168.8.161:5000/v2/_catalog
{"repositories":["registry"]}

1.6、用任意一臺能訪問到192.168.8.161地址的機器下載鏡像?

2. 使用Harbor搭建企業級私有倉庫

1、下載最新版 Docker-Compose

curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

2、下載Harbor安裝包并解壓

[root@localhost ~]# tar xzf harbor-offline-installer-v2.6.1.tgz -C /usr/local
[root@localhost ~]# cd /usr/local/harbor/
[root@localhost harbor]# ls
common.sh             harbor.yml.tmpl  LICENSE
harbor.v2.6.1.tar.gz  install.sh       prepare

3、準備證書?

[root@localhost ~]# mkdir /data/certs
[root@localhost ~]# openssl req -newkey rsa:4096 \
> -nodes -sha256 -keyout /data/certs/admin.org.key \
> -addext "subjectAltName = DNS:www.harbor1.com" \
> -x509 -days 365 -out /data/certs/admin.org.crt
Generating a RSA private key
..............................................++++
..................................++++
writing new private key to '/data/certs/admin.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:80
State or Province Name (full name) []:hunan
Locality Name (eg, city) [Default City]:changsha
Organization Name (eg, company) [Default Company Ltd]:shewai
Organizational Unit Name (eg, section) []:xingong
Common Name (eg, your name or your server's hostname) []:jike
Email Address []:admin@qq.com

4、配置Harbor參數?

[root@localhost ~]# cd /usr/local/harbor/
[root@localhost harbor]# ls
common.sh             harbor.yml.tmpl  LICENSE
harbor.v2.6.1.tar.gz  install.sh       prepare
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# vim harbor.yml
#分別修改以下參數
hostname: www.harbor1.com
certificate: /data/certs/admin.org.crt
private_key: /data/certs/admin.org.key
harbor_admin_password: 123456[root@localhost harbor]# ./prepare
[root@localhost harbor]# ./install.sh 
[Step 0]: checking if docker is installed ...Note: docker version: 26.1.3

5、驗證?

[root@localhost ~]# echo "127.0.0.1 www.harbor1.com" >> /etc/hosts

瀏覽器驗證（需添加本地域名映射）?

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/web/71249.shtml
繁體地址，請注明出處：http://hk.pswp.cn/web/71249.shtml
英文地址，請注明出處：http://en.pswp.cn/web/71249.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！