1.安装企业docker仓库(registryserver)
在master节点所在的ECS
Server下载registry镜像并启动registry-server:
docker pull registry:latest
docker run -idt -v /opt/registry:/var/lib/registry -p 5000:5000registry:latest
dockerps|grep registry
#需在ECS Server管理控制台上配置安全组规则,加上规则开放5000 port
curl http://:5000/v2
2.设置用户
docker ps -a|grep registry
docker rm -f registry容器id
docker run --entrypoint htpasswd registry:latest -Bbn user "password" > /root/auth/htpasswd
3.registry server支持SSL
1)在master节点上生成证书
mkdir /root/certs
openssl req -newkey rsa:2048 -nodes -sha256 -keyout /root/certs/registry域名.key -x509
-days 3650 -out /root/certs/registry域名.crt
2)在master节点上重启registry
docker ps -a|grep registry
dockerrm -f registry容器id
docker run -d -p 5000:5000 --privileged=true -v/opt/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry域名.crt -e
REGISTRY_HTTP_TLS_KEY=/certs/registry域名.key -v /root/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd --name registry-server registry:latest
4.node节点支持以https方式访问registryserver
1)将证书放入node节点
将上面生成的domain.crt拷贝至node节点的/root/certs下
mkdir /etc/docker/certs.d/registry域名:5000
cp /root/certs/registry域名.crt /etc/docker/certs.d/registry域名:5000/ca.crt
2)将domain.crt内容添加至/etc/pki/tls/certs/ca-bundle.crt末尾
cat /root/certs/registry域名.crt >> /etc/pki/tls/certs/ca-bundle.crt
3)测试以https方式访问registryserver
curl https://registry域名:5000/v2
5.用户登录
docker login -u user -p password registry域名:5000
