registry web管理工具和启用删除镜像的功能
#################################################### #################################################### 生成证书 只在主节点操作 mkdir -p /gv1/registry/{certs,registry} yum install -y expect openssl ####创建证书 expect -c ' spawn openssl req -newkey rsa:4096 -nodes -sha256 -keyout /gv1/registry/certs/domain.key -x509 -days 3650 -out /gv1/registry/certs/domain.crt expect { "Country Name " { send "cn\r"; exp_continue} "State or Province Name" { send "sc\r" ; exp_continue} "Locality Name " { send "cd\r"; exp_continue} "Default Company Ltd" { send "k8s\r"; exp_continue} "Organizational Unit Name" { send "sys\r"; exp_continue} "Common Name " { send "k.xxxx.com\r" ; exp_continue} "Email Address " { send "\r" ; exp_continue} eof { exit } }' mkdir -p /etc/docker/certs.d/k.xxxx.com:30443 \cp /gv1/registry/certs/domain.crt /etc/docker/certs.d/k.xxxx.com:30443/ca.crt #################################################### ####################################################利用k8s启动镜像仓库 只在主节点操作 echo ' version: 0.1 log: fields: service: registry storage: delete: enabled: true cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3 ' >/gv1/registry/config.yml mkdir mkdir -p /etc/docker/certs.d/k.xxxx.com:5000 \cp /gv1/registry/certs/domain.crt /etc/docker/certs.d/k.xxxx.com:5000/ca.crt docker run -d --restart=always --privileged=true --name registry -p 5000:5000 -v /gv1/registry/config.yml:/etc/docker/registry/config.yml -v /gv1/registry/certs:/certs -v /gv1/registry/registry:/var/lib/registry -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key docker.io/registry:2 ############################常见问题处理 ###docker上传和拉取镜像,提示:由未知机构签署的证书 ####x509: certificate signed by unknown authority ###处理方法: ###k.xxxx.com 为生成证书时 Common Name 字段的所填写的域名;我这里面用的k.xxxx.com mkdir mkdir -p /etc/docker/certs.d/k.xxxx.com:5000 \cp /gv1/registry/certs/domain.crt /etc/docker/certs.d/k.xxxx.com:5000/ca.crt ##########################
#################################################### ####################################################registry web管理工具 可以删除镜像 #######docker run -d --restart=always -p 8080:8080 --name registry-web --link registry -e REGISTRY_URL=https://192.168.3.207:5000/v2 -e REGISTRY_TRUST_ANY_SSL=true -e REGISTRY_NAME=localhost:5000 hyper/docker-registry-web mkdir -p /gv1/registry/registry-web cat >/gv1/registry/registry-web/config.yml <<EOF registry: # Docker registry url url: https://192.168.3.207:5000/v2 # Docker registry fqdn name: k.xxxx.com:5000 # To allow image delete, should be false readonly: false auth: # Disable authentication enabled: false EOF docker run -d --restart=always -p 8080:8080 --name registry-web --link registry -v /gv1/registry/registry-web/config.yml:/conf/config.yml:ro -e REGISTRY_URL=https://192.168.3.207:5000/v2 -e REGISTRY_TRUST_ANY_SSL=true -e REGISTRY_NAME=k.xxxx.com:5000 hyper/docker-registry-web #################################################### ####################################################