Docker

Docker private(local) registry/Harbor 구축

thxxyj 2023. 3. 17. 16:06
728x90

1. docker registry 설치하기

1. docker registry 이미지 가져오기

root@test-server:~# docker pull registry:latest
latest: Pulling from library/registry
ef5531b6e74e: Pull complete
a52704366974: Pull complete
dda5a8ba6f46: Pull complete
eb9a2e8a8f76: Pull complete
25bb6825962e: Pull complete
Digest: sha256:41f413c22d6156587e2a51f3e80c09808b8c70e82be149b82b5e0196a88d49b4
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest

root@test-server:~# docker images
REPOSITORY                TAG       IMAGE ID       CREATED         SIZE
registry                  latest    0d153fadf70b   4 weeks ago     24.2MB

 

2. docker registry 실행

root@test-server:~# docker run --name local-registry \
-d --restart=always \
-p 5000:5000 \
-v /data/registry:/var/lib/registry/docker/registry/v2 \
registry:latest
97fe1169139d93cbbe20bb01d521460f2e8e4b877c3112f23be07970d6db5f9b

* docker run 명령어로 컨테이너 기동 (https://docs.docker.com/engine/reference/commandline/run/)
--name  컨테이너 이름
-d   daemon으로 실행
-p   5000:5000 registry 실행 (local 5000번 포트 -> 이미지 5000번 포트로 바인딩)
-v   /data/registry:/var/lib/registry/docker/registry/v2 (볼륨 local_path:container_path)

 

* Docker Registry Volume 설정하는 이유

더보기

Registry Container가 Down 되면 Container의 휘발성으로 인해 모든 데이터가 삭제됩니다.
Container가 다운되었을 경우를 대비하여 Registry를 별도로 관리할 수 있는 Volume을 생성하고 
이를 Container 내부와 공유할 수 있도록 설정하는 것이 중요합니다.

본 테스트에서는 Local Volume의 경로를 Container 내부 registry 경로인 /var/lib/registry/docker/registry/v2와 매핑하여 
Container가 다운되더라도 재기동 시 Local volume에 저장된 데이터를 그대로 로딩할 수 있도록 설정합니다.
https://hihellloitland.tistory.com/63


3. 컨테이너 정상 작동하는지, 바인딩한 5000포트 정상적으로 listen 하는지 확인

root@test-server:~# docker ps
CONTAINER ID   IMAGE                     COMMAND                  CREATED          STATUS          PORTS                                                                                      NAMES
97fe1169139d   registry:latest           "/entrypoint.sh /etc…"   21 seconds ago   Up 17 seconds   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp                                                  local-registry

root@test-server:~# netstat -anp | grep 5000 | grep LISTEN
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      2249448/docker-prox
tcp6       0      0 :::5000                 :::*                    LISTEN      2249455/docker-prox

 


 

2. docker registry에 image push 하기

1. registry에 push할 docker image 생성

# docker hub에서 이미지 pull
root@test-server:~# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:ffb13da98453e0f04d33a6eee5bb8e46ee50d08ebe17735fc0779d0349e889e9
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest

# 가져온 docker image에 tag 설정
root@test-server:~# docker tag hello-world 10.111.22.33:5000/hello-world-local

# docker images 확인
root@test-server:~# docker images
REPOSITORY                              TAG       IMAGE ID       CREATED         SIZE
10.111.22.33:5000/hello-world-local     latest    feb5d9fea6a5   17 months ago   13.3kB
hello-world                             latest    feb5d9fea6a5   17 months ago   13.3kB

* docker tag 형식: ${docker_registry_IP}:${docker_registry_port}/${repository}/${image_name}:${tag}


2. docker tag를 이용해 docker registry에 push

* Docker Harbor를 이용할때, harbor에 로그인 후에 push / pull 진행한다.

더보기
$ docker login -u ${username} ${harbor_ip}:${harbor_port} 
(Password)
root@test-server:~# docker push 10.111.22.33:5000/hello-world-local
Using default tag: latest
The push refers to repository [10.111.22.33:5000/hello-world-local]
Get "https://10.111.22.33:5000/v2/": http: server gave HTTP response to HTTPS client


위와 같이 "server gave HTTP response to HTTPS client" 에러 발생하면 /etc/docker/daemon.json 추가 안된것임

2-1. Insecure registry 추가

* insecure-registries 내용을 필수로 추가해야함

# vi /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {"max-size": "100m"},
  "storage-driver": "overlay2",
  "insecure-registries": ["10.111.22.33:5000"],
  "graph": "/data/docker",
  "allow-nondistributable-artifacts": ["10.111.22.33:5000"]
}

 

 

2-2. daeomon reload 한 뒤, docker restart

* 처음에 registry -d restart=always로 기동하여 docker restart 하면 registry 자동으로 기동됨

root@test-server:~# systemctl daemon-reload
root@test-server:~# systemctl restart docker

 

2-3. 다시 docker image push  ===> 성공!!

root@test-server:~# docker push 10.111.22.33:5000/hello-world-local
Using default tag: latest
The push refers to repository [10.111.22.33:5000/hello-world-local]
e07ee1baac5f: Pushed
latest: digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4 size: 525

 


 

3. 다른 서버에서 Docker registry의 image 받기

1. 다른 서버에서 위에서 진행한 private registry에 push 한 image를 가져오려면,

pull 할 서버에도 Insecure registry 추가해야함

thxxyj@server02:~$ sudo vi /etc/docker/daemon.json
{
  "insecure-registries": ["10.111.22.33:5000"]
}

 

2. daeomon reload 한 뒤, docker restart

thxxyj@server02:~$ systemctl daemon-reload
thxxyj@server02:~$ systemctl restart docker


3. docker pull image

thxxyj@server02:~$ docker pull 10.111.22.33:5000/hello-world-local
Using default tag: latest
latest: Pulling from hello-world-local
2db29710123e: Pull complete
Digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4
Status: Downloaded newer image for 10.111.22.33:5000/hello-world-local:latest
10.111.22.33:5000/hello-world-local:latest

thxxyj@server02:~$ docker images
REPOSITORY                            TAG       IMAGE ID       CREATED          SIZE
10.111.22.33:5000/hello-world-local   latest    feb5d9fea6a5   17 months ago    13.3kB

 

 

+ 도커 이미지의 태그가 여러개 있을때 삭제하는 법

docker rmi ${DOCKER-IMG}:${TAG}

 

 

 

참고 https://waspro.tistory.com/532

728x90