Docker笔记——搭建私有仓

Docker Hub当然是首选镜像仓，如果不想对所有人公开只想在局域网或公司内部使用，则有必要搭建私有仓来存储分发镜像。

搭建私有仓当然可以直接运行以下命令来创建个registry容器：

docker run -d -p 5000:5000 --restart=always --name registry registry:2

一条命令已经很简洁了，这里如果只是写这么一句话就实在太没必要了，所以本文介绍如何一步步编译出registry镜像。

registry官方路径：https://hub.docker.com/_/registry/

Docker registry镜像依赖关系是registry:latest -> alpine:3.4 -> scratch:latest

1 alpine镜像

Dockerfile路径：https://github.com/gliderlabs/docker-alpine/blob/8f23fc2e995ab8f7f0f5960c6a1ddd12f57efd0c/versions/library-3.4/Dockerfile

Docker Registry镜像依赖于alpine:3.4镜像，alpine镜像是一个基于Alpine Linux的一个Docker镜像，它拥有完整的包索引，它真的很小，编译出来只有4.803M。

2 scratch镜像

github 路径：https://github.com/fpco/haskell-scratch

alpine:3.4镜像依赖于scratch镜像，而scratch是一个包含了最少的共享库的Docker基础镜像，它不足5M。

关于scratch可以看这里的介绍https://www.fpcomplete.com/blog/2015/05/haskell-web-server-in-5mb

 

3 编译镜像

有了以上信息，就可以开始干活了：

3.1 从https://codeload.github.com/fpco/haskell-scratch/zip/master下载scratch，解压后进入haskell-scratch-master目录，执行make即可生成scratch镜像，如下：

# make
sha256:8cbba14eb7fe1eb44e53557028f622d3de6baf5b932e53b4522b7b525f3c42c3
sha256:659b6da402fd38431f58614b4c57fa6c6efec87702702446c8636628f434d246
# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
haskell-scratch           integer-simple      659b6da402fd        7 seconds ago       3.811 MB
haskell-scratch           integer-gmp         8cbba14eb7fe        8 seconds ago       4.286 MB

执行成功后即可得到两个镜像，haskell-scratch:integer-simple和haskell-scratch:integer-gmp

为了使用方便，我们给scratch创建个tag，命令如下：

docker tag haskell-scratch:integer-gmp scratch

3.2 从https://codeload.github.com/gliderlabs/docker-alpine/zip/8f23fc2e995ab8f7f0f5960c6a1ddd12f57efd0c下载alpine，解压后进入docker-alpine-8f23fc2e995ab8f7f0f5960c6a1ddd12f57efd0c/versions/library-3.4目录执行build命令编译alpine镜像，命令如下：

docker build -t alpine:3.4 .

3.3 从https://codeload.github.com/docker/distribution-library-image/zip/3b4a84c1f152b60688e99d2efadf305479541482下载registry，解压后进入distribution-library-image-3b4a84c1f152b60688e99d2efadf305479541482目录，执行build命令编译registry镜像，命令如下：

docker build -t registry .

至此就有了自己一步步编译出来的registry镜像，那么创建个容器试试，命令如下：

# docker run -d -p 5000:5000 --restart=always --name registry registry
055d53fe984679128e2ab8404a4eb4087eb0eb1713368b048d030e8d65a8f56d
# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
055d53fe9846        registry            "/entrypoint.sh /etc/"   43 minutes ago      Up 43 minutes       0.0.0.0:5000->5000/tcp   registry

3.4 push镜像至私有仓

首先，想要push镜像至私有仓，镜像名必须满足一定格式，格式为registry_host:port/image_name:tag

我们给hello-world:latest镜像创建个tag，命令如下：

# docker tag hello-world localhost:5000/hello-world
# docker images
REPOSITORY                   TAG                 IMAGE ID            CREATED             SIZE
hello-world                  latest              c54a2cc56cbb        12 weeks ago        1.848 kB
localhost:5000/hello-world   latest              c54a2cc56cbb        12 weeks ago        1.848 kB

然后docker push就可以将这个镜像提交到私有仓中了，如下：

docker push localhost:5000/hello-world
The push refers to a repository [localhost:5000/hello-world]
a02596fdd012: Pushed
latest: digest: sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4 size: 524

接下来为了验证我们的私有仓可用，我将本地的hello-world镜像删除后来做验证，过程如下：

root@ *** :~# docker rmi localhost:5000/hello-world hello-world
Untagged: localhost:5000/hello-world:latest
Untagged: localhost:5000/hello-world@sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4
Untagged: hello-world:latest
Untagged: hello-world@sha256:0256e8a36e2070f7bf2d0b0763dbabdd67798512411de4cdcf9431a1feb60fd9
Deleted: sha256:c54a2cc56cbb2f04003c1cd4507e118af7c0d340fe7e2720f70976c4b75237dc
Deleted: sha256:a02596fdd012f22b03af6ad7d11fa590c57507558357b079c3e8cebceb4262d7
root@ *** :~# docker run localhost:5000/hello-world
Unable to find image 'localhost:5000/hello-world:latest' locally
latest: Pulling from hello-world

c04b14da8d14: Pull complete
Digest: sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4
Status: Downloaded newer image for localhost:5000/hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker Hub account:
 https://hub.docker.com

For more examples and ideas, visit:
 https://docs.docker.com/engine/userguide/

至此，私有仓搭建成功。