Docker Private Registry
작성일:
Docker Private Registry 구성
Registry 실행
- docker-compose.yml
version: '3'
services:
registry:
image: registry
container_name: registry
restart: always
ports:
- 5000:5000
environment:
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
volumes:
- registry:/var/lib/registry
- ./config.yml:/etc/docker/registry/config.yml
volumes:
registry:
# 실행
$ docker-compose up -d
$ curl -s http://localhost:5000/v2/_catalog
{"repositories":[]}
- SSL 적용
version: '3'
services:
registry:
image: registry
container_name: private_registry
restart: always
ports:
- 5000:5000
environment:
REGISTRY_HTTP_ADDR: 0.0.0.0:5000
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain-pem.pem
REGISTRY_HTTP_TLS_KEY: /certs/domain-pem.key
volumes:
- registry:/var/lib/registry
- ./config.yml:/etc/docker/registry/config.yml
- ./certs:/certs
volumes:
registry:
Image Push
- 테스트용 이미지 태깅
# get alpine images
$ docker pull alpine
$ docker pull alpine:3.13
# tagging
$ docker tag alpine localhost:5000/cdecl/alpine:latest
$ docker tag alpine:3.13 localhost:5000/cdecl/alpine:3.13
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest ae607a46d002 2 weeks ago 5.33MB
localhost:5000/cdecl/alpine latest ae607a46d002 2 weeks ago 5.33MB
alpine 3.13 81efc9693413 2 months ago 5.35MB
localhost:5000/cdecl/alpine 3.13 81efc9693413 2 months ago 5.35MB
- Image Push
# image push
$ docker push localhost:5000/cdecl/alpine:3.13
The push refers to repository [localhost:5000/cdecl/alpine]
c55d5dbdab40: Layer already exists
3.13: digest: sha256:55fc95a51d97f7b76b124f3b581a58ebf5555d12574f16087de3971a12724dd4 size: 528
$ docker push localhost:5000/cdecl/alpine:latest
The push refers to repository [localhost:5000/cdecl/alpine]
5bfa694cc00a: Layer already exists
latest: digest: sha256:bd9137c3bb45dbc40cde0f0e19a8b9064c2bc485466221f5e95eb72b0d0cf82e size: 528
# Catalog list
$ curl -s http://localhost:5000/v2/_catalog
{"repositories":["cdecl/alpine"]}
# Tag 정보
$ curl -s http://localhost:5000/v2/cdecl/alpine/tags/list
{"name":"cdecl/alpine","tags":["latest","3.13"]}
Image Pull
$ docker pull localhost:5000/cdecl/alpine
Using default tag: latest
latest: Pulling from cdecl/alpine
Digest: sha256:bd9137c3bb45dbc40cde0f0e19a8b9064c2bc485466221f5e95eb72b0d0cf82e
Status: Downloaded newer image for localhost:5000/cdecl/alpine:latest
localhost:5000/cdecl/alpine:latest
Image Delete
- Tag 확인 -> Manifests 확인 -> Manifests 이미지 삭제
# Tag 정보 확인
$ curl -s http://localhost:5000/v2/cdecl/alpine/tags/list
{"name":"cdecl/alpine","tags":["latest","3.13"]}
# Tag의 Manifest 정보확인 - headers 확인
# <registry-url>/v2/<image-path-name>/manifests/<tag>
$ curl -s -I -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
http://localhost:5000/v2/cdecl/alpine/manifests/latest
HTTP/1.1 200 OK
Content-Length: 528
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:bd9137c3bb45dbc40cde0f0e19a8b9064c2bc485466221f5e95eb72b0d0cf82e
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:bd9137c3bb45dbc40cde0f0e19a8b9064c2bc485466221f5e95eb72b0d0cf82e"
Date: Mon, 23 Aug 2021 11:45:06 GMT
# Manifest 정보로 이미지 삭제
# Docker-Content-Digest: <sha256:로 시작하는 해쉬 문자열>
$ curl -s -XDELETE http://localhost:5000/v2/cdecl/alpine/manifests/sha256:bd9137c3bb45dbc40cde0f0e19a8b9064c2bc485466221f5e95eb72b0d0cf82e
# 확인
$ curl -s http://localhost:5000/v2/cdecl/alpine/tags/list
{"name":"cdecl/alpine","tags":["3.13"]}
Delete marked manifests
$ curl -sS http://localhost:5000/v2/cdecl/alpine/tags/list
{"name":"cdecl/alpine","tags":null}
$ docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml
cdecl/alpine
0 blobs marked, 3 blobs and 0 manifests eligible for deletion
blob eligible for deletion: sha256:81efc9693413c6292235ea2c29ea07c149701140b98df6c1998bb91d41acf802
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/81/81efc9693413c6292235ea2c29ea07c149701140b98df6c1998bb91d41acf802 go.version=go1.11.2 instance.id=d8bbbd10-232a-457a-9ceb-312b7317da5f service=registry
blob eligible for deletion: sha256:55fc95a51d97f7b76b124f3b581a58ebf5555d12574f16087de3971a12724dd4
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/55/55fc95a51d97f7b76b124f3b581a58ebf5555d12574f16087de3971a12724dd4 go.version=go1.11.2 instance.id=d8bbbd10-232a-457a-9ceb-312b7317da5f service=registry
blob eligible for deletion: sha256:595b0fe564bb9444ebfe78288079a01ee6d7f666544028d5e96ba610f909ee43
INFO[0000] Deleting blob: /docker/registry/v2/blobs/sha256/59/595b0fe564bb9444ebfe78288079a01ee6d7f666544028d5e96ba610f909ee43 go.version=go1.11.2 instance.id=d8bbbd10-232a-457a-9ceb-312b7317da5f service=registry
- 위 작업으로는 물리적인 데이터가 삭제 안됨
# 물리적인 파일 삭제
$ docker exec -it registry rm -rf /var/lib/registry/docker/registry/v2/repositories/cdecl
Script
- registry-image-delete.sh
#!/bin/bash
URI="$1"
NAME="$2"
TAG="$3"
if [[ -z "$URI" ]]; then
echo "Usage: $0 <URI> <NAME> [<TAG>]"
exit -1
fi
if [[ -z "$NAME" ]]; then
echo "Usage: $0 $URI <NAME> [<TAG>]"
echo
curl -sS $URI/v2/_catalog | jq -r '.repositories[]'
echo
exit -1
fi
if [[ -z "$TAG" ]]; then
echo "Usage: $0 $URI $NAME [<TAG>]"
echo
curl -sS $URI/v2/$NAME/tags/list | jq -r '.tags[]'
echo
exit -1
fi
MANIFESTS=$(curl -sS -I -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
$URI/v2/$NAME/manifests/$TAG | grep -i Docker-Content-Digest | awk '{print $2}')
if [[ -z "$MANIFESTS" ]]; then
echo "No manifest found for $NAME:$TAG"
exit -1
fi
echo $MANIFESTS
echo
echo curl -sS -XDELETE $URI/v2/$NAME/manifests/$MANIFESTS
echo
댓글남기기