https://hub.docker.com/r/_/registry/

https://hub.docker.com/r/arm64v8/registry/

https://hub.docker.com/r/hyper/docker-registry-web/

# registry && minio

https://abc.htmltoo.com/thread-46785.htm

1.本机镜像仓库搭建

# 有密码

- registry

docker run -d  -p 5000:5000  --name registry --restart=always  -v /data/docker/registry/data:/var/lib/registry  -v  /data/docker/registry/registry-cert.yml:/etc/docker/registry/config.yml:ro  -v /data/docker/registry/cert/auth.cert:/etc/docker/registry/auth.cert:ro  registry:latest

-registry-web

docker run -d   -p  5100:8080   --name registry-web  --restart=always   -v /data/docker/registry/registry-web-cert/web-cert.yml:/conf/config.yml:ro  -v /data/docker/registry/cert/auth.key:/conf/auth.key   -v /data/docker/registry-web-cert/db:/data   hyper/docker-registry-web:latest

- registry

docker run -d  -p 5000:5000  --name registry --restart=always  -v /data/site/docker/data/registry/registry/data:/var/lib/registry  -v /data/site/docker/data/registry/registry/registry-cert.yml:/etc/docker/registry/config.yml:ro  -v /data/site/docker/data/registry/registry/cert/auth.cert:/etc/docker/registry/auth.cert:ro  registry:latest

-registry-web

docker run -d   -p  5100:8080   --name registry-web  --restart=always   -v /data/site/docker/data/registry/registry/registry-web-cert/web-cert.yml:/conf/config.yml:ro  -v /data/site/docker/data/registry/registry/cert/auth.key:/conf/auth.key   -v /data/site/docker/data/registry/registry/registry-web-cert/db:/data   hyper/docker-registry-web:latest

default admin user/password admin/admin

---有密码配置

cd  /data/docker/registry

mkdir  cert
openssl req -new -newkey rsa:4096 -days 3660  -subj "/CN=localhost"  -nodes -x509 -keyout cert/auth.key -out cert/auth.cert

vim  /data/docker/registry/registry-cart.yml

version: 0.1    
storage:
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
maintenance:
    readonly:
        enabled: false
http:
  addr: 0.0.0.0:5000
auth:
  token:
    # external url to docker-web authentication endpoint
    realm: http://hub.htmltoo.com:5100/api/auth
    # should be same as registry.name of registry-web
    service: hub.htmltoo.com:5000
    # should be same as registry.auth.issuer of registry-web
    issuer: 'issuer'
    # path to auth certificate
    rootcertbundle: /etc/docker/registry/auth.cert

vim  /data/docker/registry/registry-web-cert/web-cert.yml

registry:
  # Docker registry url
  url: 'http://hub.htmltoo.com:5000/v2'
  # Docker registry fqdn
  name: 'hub.htmltoo.com:5000'
  # To allow image delete, should be false
  readonly: false
  delete:
    enabled: true
  # Authentication settings
  auth:
    # Enable authentication
    enabled: true
    # Token issuer
    # should equals to auth.token.issuer of docker registry
    issuer: 'issuer'
    # Private key for token signing
    # certificate used on auth.token.rootcertbundle should signed by this key
    key: /conf/auth.key

-

http://hub.domsn.com:5100     UI_ADMIN:  admin/w~@0  默认admin/admin

Users ---> ihunter/w~1  read-all ; write-all

-密码登陆

cat /data/site/htmltoo.shell/docker-registry.md | docker login hub.htmltoo.com:5000  --username ihunter --password-stdin

docker login hub.htmltoo.com:5000 -u ihunter -p wdq54321

vim /root/.docker/config.json

{
	"auths": {
		"hub.htmltoo.com:5000": {
			"auth": "aWh1bnRlcjp3ZHE1NDMyMQ=="
		}
	}
}

-通过命令行可以将 base64 加密后的用户名密码解码

echo "aWh1bnRlcjp3ZHE1NDMyMQ==" | base64 --decode

->ihunter:wdq54321

# 提交仓库

docker commit -m="update" -a="htmltoo.com" registry  hub.htmltoo.com:5000/os:registry

docker commit -m="update" -a="htmltoo.com" regweb  hub.htmltoo.com:5000/os:regweb

docker push hub.htmltoo.com:5000/os:registry

docker push hub.htmltoo.com:5000/os:regweb

# docker设置安全凭证存储

https://abc.htmltoo.com/thread-46501.htm

# 无密码

# 独立服务器 

http://hub.htmltoo.com:5100

docker run -d  -p 5000:5000  --name registry --restart=always  -v /data/docker/registry/data/:/var/lib/registry/  -v  /data/docker/registry/registry.yml:/etc/docker/registry/config.yml:ro  registry:latest

docker run -d   -p  5100:8080   --name regweb  --restart=always --ulimit nofile=65535:65535 --ulimit nproc=65535:65535  -e REGISTRY_URL=http://registry:5000/v2 -e REGISTRY_NAME=http://hub.htmltoo.com:5000  -v /data/docker/registry/registry-web-cert/web.yml:/conf/config.yml:ro   --link registry  hyper/docker-registry-web:latest

# http://g.htmltoo.com:5100

docker run -d  -p 5000:5000  --name registry --restart=always  -v /data/site/docker/env/registry/registry/data/:/var/lib/registry/  -v  /data/site/docker/env/registry/registry/registry.yml:/etc/docker/registry/config.yml:ro  registry:latest

docker run -d   -p  5100:8080   --name regweb  --restart=always --ulimit nofile=65535:65535 --ulimit nproc=65535:65535  -e REGISTRY_URL=http://registry:5000/v2 -e REGISTRY_NAME=http://g.htmltoo.com:5000  -v /data/site/docker/env/registry/registry/registry-web-cert/web.yml:/conf/config.yml:ro   --link registry  hyper/docker-registry-web:latest

---无密码配置

vim  /data/docker/registry/registry.yml

version: 0.1    
storage:
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
maintenance:
    readonly:
        enabled: false
http:
  addr: 0.0.0.0:5000

vim  /data/docker/registry/registry-web-cert/web.yml

registry:  
  # Docker registry url  
  url: http://hub.htmltoo.com:5000/v2  
  # Docker registry fqdn  
  name: hub.htmltoo.com:5000  
  # To allow image delete, should be false  
  readonly: false  
  auth:  
    # Disable authentication  
    enabled: false
  delete:
    enabled: true

2. 垃圾回收, 进入registry容器，执行garbage-collect 命令执行垃圾回收

docker exec -it registry  /bin/registry garbage-collect  /etc/docker/registry/config.yml

3.使用案例

docker提交镜像:   https://abc.htmltoo.com/thread-45169.htm

http://hub.htmltoo.com:5100   # docker Registry 查看

docker commit -m="update" -a="htmltoo.com" registry hub.htmltoo.com:5000/os:registry
docker commit -m="update" -a="htmltoo.com" registry-web hub.htmltoo.com:5000/os:registry-web
docker push hub.htmltoo.com:5000/os:registry       # 上传本机镜像
docker push hub.htmltoo.com:5000/os:registry-web   # 上传本机镜像
docker pull hub.htmltoo.com:5000/os:registry       # 本机读取镜像

4.docker-registry-web:容器

find  / -name "server.xml"
/etc/tomcat7/server.xml
cd  /etc/tomcat7/

find  / -name "shutdown.sh"
/usr/share/tomcat7/bin/shutdown.sh
cd  /usr/share/tomcat7/bin/

5.docker-registry-web: war包修改

cd  webapps/
cp ROOT.war ROOT.war.bak
jar xvf ROOT.war
sed -i 's~Web Registry~Docker Registry~g'  WEB-INF/grails-app/views/layouts/main.gsp
jar uvf ROOT.war  WEB-INF/grails-app/views/layouts/main.gsp
docker restart registry-web

war包里面文件的修改方式
1)将war包移动到一个干净的路径下,使用jar xvf ROOT.war命令将war进行解压操作
2)修改相应的文件内容，修改想要修改的文件，比如web.xml
3)使用jar uvf ROOT.war WEB-INF/web.xml将web.xml重新压缩到war包

6.安装容器管理-portainer

https://abc.htmltoo.com/thread-312.htm

7.Harbor 部署 - 企业级的Docker registry服务

https://abc.htmltoo.com/thread-46131.htm

8.在k8s中使用镜像仓库

---想要在k8s中拉取私有镜像仓库的镜像，需要先配置一个secret。

---secret有命名空间属性，需要指定命名空间。具体如下：

kubectl create secret docker-registry registry-secret-name  --docker-server=10.244.1.3:5000 --docker-username=username --docker-password=password  -n namespace

---其中registry为创建的secretname，通过命令可以看到创建的secret。

kubectl get secret

NAME                                       TYPE                                                      DATA   AGE

registry-secret-name           kubernetes.io/dockerconfigjson        1      3d11h

---在创建deployment的yaml文件需要在spec.template.spec中增加 imagePullSecrets，

name值为刚刚创建的secret名称：registry-secret-name ，具体yaml文件如下：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: accessmanage-center-deployment
  namespace: dev
  labels:
    app: accessmanage-center
spec:
  replicas: 1
  selector:
    matchLabels:
      app: accessmanage-center
  template:
    metadata:
      labels:
        app: accessmanage-center
    spec:
      imagePullSecrets:
      - name: registry-secret-name
      containers:
      - name: accessmanage-center
        image: 10.244.1.3:5000/tomcat:7

---配置默认规则

将该密钥设置到k8s的默认账号中： 

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "registrysecret"}]}'

---查看默认账号配置： 

kubectl get serviceaccounts default -o yaml

# 阿里云容器管理

https://cr.console.aliyun.com/

# 提交阿里镜像

docker login --username=adongquann@aliyun.com registry.cn-zhangjiakou.aliyuncs.com

Pass: W~1

docker commit -m="update" -a="htmltoo.com" 63629   63629f98a64d  registry.cn-zhangjiakou.aliyuncs.com/htmltoo/nginx:1.9.6

docker push registry.cn-zhangjiakou.aliyuncs.com/htmltoo/nginx:1.9.6

---从Registry中拉取镜像

docker pull  registry.cn-zhangjiakou.aliyuncs.com/htmltoo/nginx:1.9.6

---命名空间/仓库名称/版本号

htmltoo/nginx:1.9.6

# Harbor 容器管理

http://hub.htmltoo.com:5200      输入用户名: admim

https://abc.htmltoo.com/thread-46131.htm

# 登陆admin凭证密码

cat ~/registry-5000.md | docker login hub.htmltoo.com:5200  --username admin --password-stdin

docker commit -m="update" -a="htmltoo.com" 63629f98a64d  hub.htmltoo.com:5200/htmltoo/nginx

docker  image

docker tag 98d4ff00ea5f  hub.htmltoo.com:5200/htmltoo/nginx

docker pull  hub.htmltoo.com:5200/htmltoo/nginx