tech:notes_depot_docker_-_docker_registry
Ceci est une ancienne révision du document !
Table des matières
Notes Dépôt Docker - Docker Registry
Registry (comme JFrog Artifactory)
Public registry
Configuration
Voir :
Voir aussi :
Source :
Brouillon, insecure registry
Client
Voir :
- /etc/containers/registries.conf
- ~/.config/containers/registries.conf
- /etc/systemd/system/docker.service.d/http-proxy.conf
[Service] Environment="HTTP_PROXY=http://192.168.56.1:3128/" "HTTPS_PROXY=http://192.168.56.1:3128/" "NO_PROXY=localhost,127.0.0.0/8,192.168.0.0/16,registry.local"
systemctl daemon-reload systemctl restart docker
Vérif
systemctl show --property=Environment docker
- /etc/hosts
192.168.205.18 docker-1
API
curl -X GET -u <user>:<pass> https://myregistry:5000/v2/_catalog curl -X GET -u <user>:<pass> https://myregistry:5000/v2/ubuntu/tags/list
SSL/TLS
sudo mkdir -p /etc/docker/certs.d/registry.local:5000
Puis déposer le fichier ca.crt dans ce dossier.
Autre solution
- /etc/docker/daemon.json
{ "log-level": "error", "insecure-registries" : ["docker-1.local"], "proxies": { "http-proxy": "http://192.168.1.100:3128", "https-proxy": "https://192.168.1.100:3128", "no-proxy": "*.local,127.0.0.0/8" } }
Old
Ne semble plus marcher.
Avant nous pouvions spécifier un numéro de port au registry Docker.
- /etc/docker/daemon.json
{ "insecure-registries" : ["docker-1:5000"] }
Seveur registry
mkdir docker-registry cd docker-registry mkdir certs openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt chmod a+r certs/domain.* sudo mv certs /certs
Be sure to use the name myregistrydomain.com as a CN
- docker-compose.yml
version: '3' services: registry: image: "registry:2" ports: - "5000:5000" environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data - REGISTRY_STORAGE_DELETE_ENABLED=true volumes: - "/certs:/certs" - "/data:/data"
- docker-compose.yml
version: '3' services: redis: image: redis restart: always registry: image: "registry:2" restart: always ports: - "5000:5000" environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data - REGISTRY_HTTP_SECRET=secret - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=redis - REGISTRY_REDIS_ADDR=redis:6379 - REGISTRY_STORAGE_DELETE_ENABLED=true volumes: - "/certs:/certs" - "/data:/data" registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "80:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'registry' ENV_DOCKER_REGISTRY_PORT: 5000 ENV_DOCKER_REGISTRY_USE_SSL: 1
docker-compose up
Utilisation
Pull & Push
docker pull debian:stretch docker tag debian:stretch localhost:5000/debian:stretch docker push localhost:5000/debian:stretch
Build & Push
docker build -t plop . plop registry.local:5000/project/image:tag docker push registry.local:5000/project/image:tag
Auth
docker login registry.local:5000 -u user -p P@sssw0rd
Delete
Voir :
Afficher les information détaillées sur notre image taguée.
docker inspect registry.local:5000/hello-world:latest
Voir & effacer les versions taguées
$ docker image ls registry.local:5000/* REPOSITORY TAG IMAGE ID CREATED SIZE registry.local:5000/my-hello-world4 latest fce289e99eb9 13 months ago 1.84kB $ docker image rm registry.local:5000/my-hello-world4 Untagged: registry.local:5000/my-hello-world4:latest Untagged: registry.local:5000/my-hello-world4@sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Effacer les fichiers sur le dépôt
sudo rm ./docker/registry/v2/repositories/my-hello-world -rf sudo rm ./docker/registry/v2/repositories/my-hello-world4 ./docker/registry/v2/blobs/sha256/fc/fce289e99eb9* -rf
$ curl -k https://registry.local:5000/v2/_catalog
{"repositories":["hello-world"]}
$ curl -k https://registry.local:5000/v2/hello-world/tags/list
{"name":"hello-world","tags":["latest"]}
$ curl -k -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://registry.local:5000/v2/hello-world/manifests/latest
< content-length: 524
<
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 1510,
"digest": "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 977, "digest": "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced"
}
]
* Curl_http_done: called premature == 0
curl -k -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE https://registry.local:5000/v2/hello-world/manifests/sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e
Pour vraiment libérer l'espace
Lancer à l’intérieur du conteneur
bin/registry garbage-collect /etc/docker/registry/config.yml
Client
tech/notes_depot_docker_-_docker_registry.1759262846.txt.gz · Dernière modification : de Jean-Baptiste