Keywordsdeploy local docker image to kubernetes deploy docker image to kubernetes vulnerable docker images
Private mirror warehouse
In this lesson, I will talk about the use of private image repositories.
Docker Hub
At present, Docker officially maintains a public warehouse Docker Hub, most of the needs can be achieved by directly downloading images in Docker Hub. If you feel that it is slow to pull the image of Docker Hub, we can configure an image accelerator: http://docker-cn.com/, of course, most domestic cloud vendors provide corresponding accelerators, simple configuration.
registered
You can register for a Docker account for free at https://cloud.docker.com.
log in
Log in to the Docker Hub on the command line interface by executing the docker login command and interactively entering the user name and password.
Logout
You can log out via docker logout. Pull mirror
Pull mirror
You can use the docker search command to find the image in the official warehouse, and use the docker pull command to download it to the local.
For example, search using centos as a keyword:
$ docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 465 [OK]
tianon/centos CentOS 5 and 6, created using rinse instea... 28
blalor/centos Bare-bones base CentOS 6.5 image 6 [OK]
saltstack/centos-6-minimal 6 [OK]
tutum/centos-6.4 DEPRECATED. Use tutum/centos:6.4 instead. ... 5 [OK]
You can see that many images containing keywords are returned, including the image name, description, number of favorites (indicating the degree of attention of the image), whether it was officially created, or whether it was automatically created.
The official image description is created and maintained by the official project team. The automated resource allows users to verify the source and content of the image.
According to whether it is officially provided, the image resources can be divided into two categories.
One is a mirror like centos, called the base mirror or root mirror. These basic images are created, verified, supported, and provided by Docker. Such mirror images often use a single word as the name.
There is another type, such as the tianon/centos image, which is created and maintained by Docker users, often with a user name prefix. You can specify the use of a user-supplied image by prefixing username/, such as the tianon user.
In addition, when searching, through the --filter=stars=N parameter, you can specify to display only the mirrors with a collection number of N or more. Download the official centos image to the local.
$ docker pull centos
Pulling repository centos
0b443ba03958: Download complete
539c0211cd76: Download complete
511136ea3c5a: Download complete
7064731afe90: Download complete
Push mirror
Users can also push their images to Docker Hub through the docker push command after logging in. Please replace username in the following command with your Docker account username.
$ docker tag ubuntu:17.10 username/ubuntu:17.10
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 17.10 275d79972a86 6 days ago 94.6MB
username/ubuntu 17.10 275d79972a86 6 days ago 94.6MB
$ docker push username/ubuntu:17.10
$ docker search username
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
username/ubuntu
Private warehouse
Sometimes it may be inconvenient to use a public warehouse like Docker Hub, and users can create a local warehouse for private use.
docker-registry is an officially provided tool that can be used to build private image repositories. This article is based on docker-registry v2.x version. You can run it by obtaining the official registry image.
$ docker run -d -p 5000:5000 --restart=always --name registry registry
This will use the official registry image to start the private repository. By default, the repository will be created in the /var/lib/registry directory of the container. You can use the -v parameter to store the image file in the local specified path. For example, the following example places the uploaded image in the local /opt/data/registry directory.
$ docker run -d \
-p 5000:5000 \
-v /opt/data/registry:/var/lib/registry \
registry
Upload, search, and download images in private warehouses
After creating a private warehouse, you can use docker tag to tag an image and then push it to the warehouse. For example, the private warehouse address is 127.0.0.1:5000. First check the existing image on this machine.
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu latest ba5877dc9bec 6 weeks ago 192.7 MB
Use docker tag to mark the ubuntu:latest image as 127.0.0.1:5000/ubuntu:latest. The format is docker tag IMAGE[:TAG] [REGISTRY_HOST[:REGISTRY_PORT]/]REPOSITORY[:TAG]
$ docker tag ubuntu:latest 127.0.0.1:5000/ubuntu:latest
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ubuntu latest ba5877dc9bec 6 weeks ago 192.7 MB
127.0.0.1:5000/ubuntu:latest latest ba5877dc9bec 6 weeks ago 192.7 MB
Use docker push to upload the marked image.
$ docker push 127.0.0.1:5000/ubuntu:latest
The push refers to repository [127.0.0.1:5000/ubuntu]
373a30c24545: Pushed
a9148f5200b0: Pushed
cdd3de0940ab: Pushedfc56279bbb33: Pushed
b38367233d37: Pushed
2aebd096e0e2: Pushed
latest: digest: sha256:fe4277621f10b5026266932ddf760f5a756d2facd505a94d2da12f4f52f71f5a size: 1568
Use curl to view the mirror in the warehouse.
$ curl 127.0.0.1:5000/v2/_catalog
{"repositories":["ubuntu"]}
Here you can see {"repositories":["ubuntu"]}, indicating that the image has been successfully uploaded.
Delete the existing image first, and then try to download the image from the private repository.
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
127.0.0.1:5000/ubuntu:latest latest ba5877dc9bec 6 weeks ago 192.7 MB
Precautions
If you do not want to use 127.0.0.1:5000 as the warehouse address, for example, you want other hosts on this network segment to also push the image to the private warehouse. You have to use the internal network address such as 192.168.199.100:5000 as the private warehouse address, then you will find that you cannot successfully push the image.
This is because Docker does not allow non-HTTPS push images by default. We can remove this restriction through Docker's configuration options.
Ubuntu 14.04, Debian 7 Wheezy
For systems using upstart, edit the /etc/default/docker file and add the following content to the DOCKER_OPTS:
DOCKER_OPTS="--registry-mirror=https://registry.docker-cn.com --insecure-registries=192.168.199.100:5000"
Restart the service:
$ sudo service docker restart
Ubuntu 16.04+, Debian 8+, centos 7
For systems using systemd, please write the following in /etc/docker/daemon.json (if the file does not exist, please create a new file)
{
"registry-mirror": [
"https://registry.docker-cn.com"
],
"insecure-registries": [
"192.168.199.100:5000"
]
}
Note: The file must conform to the json specification, otherwise Docker will not start.
other
For Docker for Windows and Docker for Mac, edit the daemon.json in the settings and add the same string as above.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
