Docker私有注册表与镜像 [英] Docker private registry with mirror
问题描述
docker run -d - -name注册表-v / local / path / to / registry:/ registry -e SETTINGS_FLAVOR = local -e STORAGE_PATH = / registry -p 5000:5000注册表
docker run -d --name mirror - v / local / path / to / mirror:/ registry -e STORAGE_PATH = / registry -e STANDALONE = false -e MIRROR_SOURCE = https:/registry-1.docker.io -e MIRROR_SOURCE_INDEX = https://index.docker.io -p 5555:5000注册表
现在我想结合两者。每当用户拉图像时,它应首先查询私有注册表,然后查询镜像。当图片被推送时,他们应该只被推送到私人注册表。
我不知道如何做到这一点。任何帮助都不胜感激。
你不能强制所有的 docker push 命令推送到你的私人注册表中。一个原因是你可以有任何数量的这些寄存器。您必须首先告诉docker通过标记图像来推送哪里(请参阅下文)。
以下是如何设置Docker主机使用正在运行的私人注册表和本地
客户端设置
假设您正在运行镜像和私有注册表(可解析的)主机称为dockerstore/ / em>。镜像在端口5555,注册表在5000。
然后在客户端机器上,您应该通过额外的选项到docker守护程序启动。在你的情况下:
- 添加
--registry-mirror = http:// dockerstore:5555
告诉守护程序更喜欢使用本地镜像而不是dockerhub。 来源 - 添加
- insecure-registry dockerstore:5000
以访问私有注册表,无需进一步配置。请参阅此答案 - 重新启动docker守护程序
使用镜像
当您拉任何图像的第一个源将是本地镜像。您可以通过运行码头拉线来确认,例如
docker pull debian
输出中会显示图像从镜像中拉出的消息 - dockerstore:5000
使用本地注册表
为了将推送到私人注册表,您必须将标记图像注册表的全名。确保您在中有点或冒号标签的第一部分,告诉docker该图像应该被推送到私人注册表。
Docker查找。(域分隔符)或:(端口分隔符),以了解第一部分存储库名称是一个位置,而不是用户名。
示例:
标签30d39e59ffe2图像为 dockerstore:5000 / myapp:stable
docker标签30d39e59ffe2 dockerstore:5000 / myapp:stable
将其推送到私人注册表
docker push dockerstore:5000 / myapp:stable
然后你可以拉扯
docker pull dockerstore:5000 / myapp:stable
/ pre>
I created two Docker containers. The first one provides a private Docker registry and the second one is a mirror of the official Docker registry:
docker run -d --name registry -v /local/path/to/registry:/registry -e SETTINGS_FLAVOR=local -e STORAGE_PATH=/registry -p 5000:5000 registry docker run -d --name mirror -v /local/path/to/mirror:/registry -e STORAGE_PATH=/registry -e STANDALONE=false -e MIRROR_SOURCE=https:/registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io -p 5555:5000 registry
Now I would like to combine both. Whenever a user pulls images it should first query the private registry and then the mirror. And when images are pushed they should only be pushed to the private registry.
I do not have an idea about how this can be done. Any help is appreciated.
解决方案You cannot just force all docker push commands to push to your private registry. One reason is that you can have any number of those registers. You have to first tell docker where to push by tagging the image (see lower).
Here is how you can setup docker hosts to work with a running private registry and local mirror.
Client set-up
Lets assume that you are running both mirror and private registry on (resolvable) host called dockerstore. Mirror on port 5555, registry on 5000.
Then on client machine(s) you should pass extra options to docker daemon startup. In your case:
- Add
--registry-mirror=http://dockerstore:5555
to tell daemon to prefer using local mirror rather then dockerhub. source- Add
--insecure-registry dockerstore:5000
to access the private registry without further configuration. See this answer- Restart docker daemon
Using the mirror
When you pull any image the first source will be the local mirror. You can confirm by running a docker pull, e.g.
docker pull debian
In the output there will be message that image is being pulled from your mirror - dockerstore:5000
Using local registry
In order to push to private registry first you have to tag the image to be pushed with full name of the registry. Make sure that you have a dot or colon in the first part of the tag, to tell docker that image should be pushed to private registry.
Docker looks for either a "." (domain separator) or ":" (port separator) to learn that the first part of the repository name is a location and not a user name.
Example:
Tag 30d39e59ffe2 image as dockerstore:5000/myapp:stable
docker tag 30d39e59ffe2 dockerstore:5000/myapp:stable
Push it to private registry
docker push dockerstore:5000/myapp:stable
Then you can pull as well
docker pull dockerstore:5000/myapp:stable
这篇关于Docker私有注册表与镜像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!