设置登录鉴权操作搭建参考:
https://blog.csdn.net/shida_csdn/article/details/78435971
参考指南:https://blog.51cto.com/ganbing/2080140
服务端机器 (主机名为registry):docker私有仓库服务器,运行registry容器;
节点机器 (主机名为node):普通的docker服务器,在这台服务器上可以上传和下载镜像;
1. 服务端下载镜像registry
docker pull registry
2. 生成登录的用户名和密码
docker run --entrypoint htpasswd docker.io/registry:latest -Bbn hy 000000 >> /data/docker-registry/auth/htpasswd
3. 节设置配置文件,启用删除镜像功能(也可以不启用,看业务需要,修改 storage - delete - enable 为 false 即可)
# mkdir -p /opt/registry-var/config
# vim /opt/registry-var/config/config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
4. 启动registry镜像服务
docker run -d -p 5000:5000 --restart=always --name=registry\
-v /data/docker-registry/config/:/etc/docker/registry/ \
-v /data/docker-registry/auth/:/auth/ \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /data/docker-registry/:/var/lib/registry/ \
docker.io/registry:latest
5. 开启节点的http形式访问私有仓库
vim /etc/docker/daemon.json
{
"log-driver": "json-file",
"registry-mirrors":["55.18.67.171:5000"],
"insecure-registries":["55.18.67.171:5000"]
}
# systemctl daemon-reload
# systemctl restart docker
6. 上传和下载镜像到私有仓库
docker pull docker.io/hello-world
docker tag docker.io/hello-world:latest 55.18.67.171:5000/hello-word:latest
docker login 55.18.67.171:5000 -u hy -p 000000
docker push 55.18.67.171:5000/hello-word:latest
curl -u hy:000000 http://55.18.67.171:5000/v2/_catalog
7. 创建secret让pod访问不需要鉴权登录
默认default命名空间使用的secret
kubectl create secret docker-registry 10.10.10.149 --docker-server=55.18.67.171:5000 --docker-username=hy --docker-password=000000 [email protected]
hy-uat命名空间使用的secret
kubectl create secret docker-registry 10.10.10.149 --docker-server=55.18.67.171:5000 –namespace=hy-uat --docker-username=hy --docker-password=000000 [email protected]
8. 列出所有镜像
curl -u hy:000000 http://55.18.67.171:5000/v2/_catalog
9. 列出busybox镜像有哪些tag
curl -u hy:000000 http://55.18.67.171:5000/v2/company-ner/tags/list
原文地址:https://www.cnblogs.com/niewx5201314/p/11663081.html