镜像私库管理：多Registry并存时的对应方式

场景

使用Docker Registry提供的Insecure Registry方式，可以避开设定证书等一系列较为繁琐的操作，一般只需要在dockerd启动的option或者daemon.json中添加即可。一般来说一台机器只是设定一个Registry，但是有时有需要设定多个的情况，比如OpenShift使用的Regsitry是集成进去的，还有Harbor也是集成了官方的Registry镜像，在生产环境中这种情况即为罕见也不推荐，但是在自己学习或者资源受限的时候则可能会出现。

多Registry共存的实例

这里使用3个Registry提供服务

容器名称	对外服务端口号
registry	5000
test_env_registry	6000
uat_env_registry	7000

环境

[root@liumiao ~]# docker version
Client:
 Version:      1.13.1
 API version:  1.26
 Go version:   go1.7.5
 Git commit:   092cba3
 Built:        Wed Feb  8 08:47:51 2017
 OS/Arch:      linux/amd64

Server:
 Version:      1.13.1
 API version:  1.26 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   092cba3
 Built:        Wed Feb  8 08:47:51 2017
 OS/Arch:      linux/amd64
 Experimental: false
[root@liumiao ~]# 
[root@liumiao ~]# uname -a
Linux liumiao 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@liumiao ~]#

设定：systemd文件

此处以centos的docker的systemd的设定文件为例：

设定	说明
设定文件	/usr/lib/systemd/system/docker.service
修改内容	添加–insecure-registry IP:PORT1 –insecure-registry IP:PORT2

同样的方式可以修改daemon.json也是一样的
以下是本文使用实际例子

ExecStart=/usr/bin/dockerd                 -H tcp://0.0.0.0:4243                 -H unix:///var/run/docker.sock                 --selinux-enabled=false                 --insecure-registry 192.168.163.128:5000     --insecure-registry 192.168.163.128:6000   --insecure-registry 192.168.163.128:7000      --log-opt max-size=1g

设定：重启docker

使用如下命令使之生效

[root@liumiao ~]# systemctl daemon-reload
[root@liumiao ~]# systemctl restart docker
[root@liumiao ~]# 

使用systemctl status docker -l查看结果即可

确认

下载registry

[root@liumiao ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
4064ffdc82fe: Pull complete 
c12c92d1c5a2: Pull complete 
4fbc9b6835cc: Pull complete 
765973b0f65f: Pull complete 
3968771a7c3a: Pull complete 
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
[root@liumiao ~]#

启动三个私库

[root@liumiao ~]# docker run -p 5000:5000 -d --name registry registry
56bd02b9d3fc3c6b0720f7306b472b180f4a80c46f9f775d7c793b8b1f889045
[root@liumiao ~]# docker run -p 6000:5000 -d --name test_env_registry registry
1ab950548669214e36a7abfa74c7292c1d74f6455487862b5a53bf9cf0bd9f3a
[root@liumiao ~]# docker run -p 7000:5000 -d --name uat_env_registry registry
bfbf593ddc359f5d5d7499e0613efd7df61675e77b39b65a9241fd1101634d4d
[root@liumiao ~]#

确认结果

[root@liumiao ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
bfbf593ddc35        registry            "/entrypoint.sh /e..."   2 minutes ago       Up 2 minutes        0.0.0.0:7000->5000/tcp   uat_env_registry
1ab950548669        registry            "/entrypoint.sh /e..."   2 minutes ago       Up 2 minutes        0.0.0.0:6000->5000/tcp   test_env_registry
56bd02b9d3fc        registry            "/entrypoint.sh /e..."   3 minutes ago       Up 3 minutes        0.0.0.0:5000->5000/tcp   registry
[root@liumiao ~]#

镜像推送

下载busybox镜像并将其分别推送到三个镜像私库中

[root@liumiao ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
8c5a7da1afbc: Pull complete 
Digest: sha256:cb63aa0641a885f54de20f61d152187419e8f6b159ed11a251a09d115fdff9bd
Status: Downloaded newer image for busybox:latest
[root@liumiao ~]# docker tag busybox 192.168.163.128:5000/busybox:latest
[root@liumiao ~]# docker push 192.168.163.128:5000/busybox:latest
The push refers to a repository [192.168.163.128:5000/busybox]
f9d9e4e6e2f0: Pushed 
latest: digest: sha256:19fca0f4a812d0ba4ad89a4c345ce660ecc7c14c1ce9a9c12ac9db1ca62b4602 size: 527
[root@liumiao ~]#

推送到另外两个镜像中

[root@liumiao ~]# docker tag busybox 192.168.163.128:6000/busybox:latest
[root@liumiao ~]# docker push 192.168.163.128:6000/busybox:latest
The push refers to a repository [192.168.163.128:6000/busybox]
f9d9e4e6e2f0: Pushed 
latest: digest: sha256:19fca0f4a812d0ba4ad89a4c345ce660ecc7c14c1ce9a9c12ac9db1ca62b4602 size: 527
[root@liumiao ~]# docker tag busybox 192.168.163.128:7000/busybox:latest
[root@liumiao ~]# docker push 192.168.163.128:7000/busybox:latest
The push refers to a repository [192.168.163.128:7000/busybox]
f9d9e4e6e2f0: Pushed 
latest: digest: sha256:19fca0f4a812d0ba4ad89a4c345ce660ecc7c14c1ce9a9c12ac9db1ca62b4602 size: 527
[root@liumiao ~]#

确认结果

使用curl确认镜像推送结果

[root@liumiao ~]# curl http://192.168.163.128:5000/v2/_catalog
{"repositories":["busybox"]}
[root@liumiao ~]# curl http://192.168.163.128:6000/v2/_catalog
{"repositories":["busybox"]}
[root@liumiao ~]# curl http://192.168.163.128:7000/v2/_catalog
{"repositories":["busybox"]}
[root@liumiao ~]# 

参考文章

https://docs.docker.com/engine/reference/commandline/login/#parent-command