阿里云上实战openshift4-搭建企业docker registry

1.安装企业docker仓库(registryserver)

  在master节点所在的ECS

Server下载registry镜像并启动registry-server:

   docker pull registry:latest

   docker run -idt -v /opt/registry:/var/lib/registry -p 5000:5000registry:latest

   dockerps|grep registry

  #需在ECS Server管理控制台上配置安全组规则,加上规则开放5000 port

   curl http://:5000/v2


2.设置用户

 docker ps -a|grep registry

 docker rm -f registry容器id

 docker run --entrypoint htpasswd registry:latest  -Bbn user "password"  > /root/auth/htpasswd


3.registry server支持SSL

1)在master节点上生成证书

 mkdir /root/certs

 openssl req -newkey rsa:2048 -nodes -sha256 -keyout /root/certs/registry域名.key -x509

-days 3650 -out /root/certs/registry域名.crt 

2)在master节点上重启registry

 docker ps -a|grep registry

  dockerrm -f registry容器id

 docker run -d -p 5000:5000 --privileged=true -v/opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry域名.crt -e

 REGISTRY_HTTP_TLS_KEY=/certs/registry域名.key   -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd --name registry-server registry:latest


4.node节点支持以https方式访问registryserver 

1)将证书放入node节点

  将上面生成的domain.crt拷贝至node节点的/root/certs下

 mkdir /etc/docker/certs.d/registry域名:5000

  cp /root/certs/registry域名.crt  /etc/docker/certs.d/registry域名:5000/ca.crt

2)将domain.crt内容添加至/etc/pki/tls/certs/ca-bundle.crt末尾 

  cat /root/certs/registry域名.crt >> /etc/pki/tls/certs/ca-bundle.crt

3)测试以https方式访问registryserver

 curl https://registry域名:5000/v2 


5.用户登录 

 docker login -u user -p password  registry域名:5000

推荐阅读更多精彩内容