typora/note/K8S/实战笔记/镜像仓库+web.md

### 1. 私有镜像仓库部署

#### 1.1 拉取镜像

```bash
docker pull registry
```

#### 1.2 设置https

##### 1.2.1 创建证书

```bash
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/registry.key  -x509 -days 365 -out /opt/registry/certs/registry.crt
```

##### 1.2.2 创建密码文件

```bash
htpasswd -Bbn Securitit 123456 > /opt/registry/auth/htpasswd
```

##### 1.2.3 创建registry config 文件

```yaml
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['*']
    Access-Control-Max-Age: [1728000]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
```

##### 1.2.4 使用ssl 启动容器

```bash
docker run -d \
--name registry \
-p 5000:5000 \
--restart=always \
--privileged=true \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-v /opt/registry/auth/:/opt/registry/auth \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/opt/registry/auth/htpasswd" \
-v /opt/registry/certs/:/opt/registry/certs \
-v /opt/registry/config/config.yml:/etc/docker/registry/config.yml \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/opt/registry/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/opt/registry/certs/registry.key \
registry
```

### 2. 镜像仓库web管理

```bash
docker run -d -p 8080:80 \
--name registry-ui \
--restart=always \
--privileged=true \
-e "REGISTRY_TITLE=Sunqi Docker" \
-e "REGISTRY_URL=https://192.168.0.3:5000" \
joxit/docker-registry-ui:latest
```
first commit 2024-12-11 21:48:55 -05:00			`### 1. 私有镜像仓库部署`

			`#### 1.1 拉取镜像`

			```bash
			`docker pull registry`
			```

			`#### 1.2 设置https`

			`##### 1.2.1 创建证书`

			```bash
			`openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/registry.key -x509 -days 365 -out /opt/registry/certs/registry.crt`
			```

			`##### 1.2.2 创建密码文件`

			```bash
			`htpasswd -Bbn Securitit 123456 > /opt/registry/auth/htpasswd`
			```

			`##### 1.2.3 创建registry config 文件`

			```yaml
			`version: 0.1`
			`log:`
			`fields:`
			`service: registry`
			`storage:`
			`cache:`
			`blobdescriptor: inmemory`
			`filesystem:`
			`rootdirectory: /var/lib/registry`
			`http:`
			`addr: :5000`
			`headers:`
			`X-Content-Type-Options: [nosniff]`
			`Access-Control-Allow-Origin: ['*']`
			`Access-Control-Allow-Methods: ['*']`
			`Access-Control-Max-Age: [1728000]`
			`health:`
			`storagedriver:`
			`enabled: true`
			`interval: 10s`
			`threshold: 3`
			```

			`##### 1.2.4 使用ssl 启动容器`

			```bash
			`docker run -d \`
			`--name registry \`
			`-p 5000:5000 \`
			`--restart=always \`
			`--privileged=true \`
			`-e "REGISTRY_AUTH=htpasswd" \`
			`-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \`
			`-v /opt/registry/auth/:/opt/registry/auth \`
			`-e "REGISTRY_AUTH_HTPASSWD_PATH=/opt/registry/auth/htpasswd" \`
			`-v /opt/registry/certs/:/opt/registry/certs \`
			`-v /opt/registry/config/config.yml:/etc/docker/registry/config.yml \`
			`-e REGISTRY_HTTP_TLS_CERTIFICATE=/opt/registry/certs/registry.crt \`
			`-e REGISTRY_HTTP_TLS_KEY=/opt/registry/certs/registry.key \`
			`registry`
			```

			`### 2. 镜像仓库web管理`

			```bash
			`docker run -d -p 8080:80 \`
			`--name registry-ui \`
			`--restart=always \`
			`--privileged=true \`
			`-e "REGISTRY_TITLE=Sunqi Docker" \`
			`-e "REGISTRY_URL=https://192.168.0.3:5000" \`
			`joxit/docker-registry-ui:latest`
			```