使用podman搭建registry容器仓库
配置 https 访问的私有仓库,登录用户和密码均为 admin。导入registry.tar 镜像,创建名称为 registry 的容器。
安装并启动podman
[root@linux3 ~]# yum install podman
[root@linux3 ~]# systemctl restart podman导入镜像
[root@linux3 ~]# podman load -i registry.tar
Getting image source signatures
Copying blob 7d5c99a84f76 done
Copying blob 5ddac68c42e3 done
Copying blob 94dd7d531fa5 done
Copying blob 40dbdbee1092 done
Copying blob 57ccd522851f done
Copying config 7cf5e251a1 done
Writing manifest to image destination
Storing signatures
Loaded image: docker.io/library/registry:latest
[root@linux3 ~]#生成账号密码文件
安装httpd
[root@linux3 ~]# yum install httpd安装httpd的目的是要使用其内置的
htpasswd工具生成账号密码问及那
生成账号密码文件
[root@linux3 ~]# htpasswd -Bbn admin admin > htpasswd
[root@linux3 ~]# cat htpasswd
admin:$2y$05$0wi/LYGu0i8u97sT3dFla.OHmTqtC0VjpvqYN5K.tzY23C3VCZrda
[root@linux3 ~]#创建容器需要用到的证书文件夹和存放htpasswd文件的文件夹
证书部分
证书文件夹
[root@linux3 ~]# mkdir certs将证书和密钥文件放入新建的文件夹中
[root@linux3 ~]# cp skills.key /cert/
[root@linux3 ~]# cp skills.crt /cert/
[root@linux3 ~]# ls /cert/
skills.crt skills.key
[root@linux3 ~]#htpasswd部分
创建文件夹
[root@linux3 ~]# mkdir /auth将先前生成的htpasswd文件放入新建的文件夹中
[root@linux3 ~]# cp htpasswd /auth
[root@linux3 ~]# ls /auth/
htpasswd
[root@linux3 ~]#创建容器
查看镜像ID
[root@linux3 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/registry latest 7cf5e251a154 11 months ago 24.4 MB
[root@linux3 ~]#创建容器
podman run -d --name registry -p 5000:5000 -v /auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /cert:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/skills.crt -e REGISTRY_HTTP_TLS_KEY=/certs/skills.key -e REGISTRY_STORAGE_DELETE_ENABLED=true 7cf5e251a154查看容器状态
[root@linux3 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b5b9e12a7d50 docker.io/library/registry:latest /etc/docker/regis... 5 minutes ago Up 5 minutes 0.0.0.0:5000->5000/tcp registry
[root@linux3 ~]# curl https://linux3.skills.lan:5000/v2/_catalog -k -u admin
Enter host password for user 'admin':
{"repositories":[]}
[root@linux3 ~]#导入RockyLinux镜像并查看
[root@linux3 ~]# podman load -i rockylinux-9.tar
Getting image source signatures
Copying blob a1c662363992 done
Copying config c2753e0251 done
Writing manifest to image destination
Storing signatures
Loaded image: docker.io/rockylinux/rockylinux:9.2-ubi
[root@linux3 ~]# podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/rockylinux/rockylinux 9.2-ubi c2753e0251b3 11 months ago 204 MB
docker.io/library/registry latest 7cf5e251a154 11 months ago 24.4 MB
[root@linux3 ~]#更改tag
[root@linux3 ~]# podman image tag docker.io/rockylinux/rockylinux:9.2-ubi linux3.skills.lan:5000/rockylinux:9
[root@linux3 ~]# podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/rockylinux/rockylinux 9.2-ubi c2753e0251b3 11 months ago 204 MB
linux3.skills.lan:5000/rockylinux 9 c2753e0251b3 11 months ago 204 MB
docker.io/library/registry latest 7cf5e251a154 11 months ago 24.4 MB
[root@linux3 ~]#上传
登录到registry
[root@linux3 ~]# podman login --username admin --password admin https://linux3.skills.lan:5000 --tls-verify=false
Login Succeeded!上传镜像
[root@linux3 cert]# podman push linux3.skills.lan:5000/rockylinux:9
Getting image source signatures
Copying blob a1c662363992 done
Copying config c2753e0251 done
Writing manifest to image destination
Storing signatures
[root@linux3 cert]#查看上传的镜像
[root@linux3 cert]# curl https://linux3.skills.lan:5000/v2/_catalog -k -u admin
Enter host password for user 'admin':
{"repositories":["rockylinux"]}
[root@linux3 cert]#生成证书:
openssl req -newkey rsa:2048 -nodes -sha256 -keyout skills.key -x509 -days 3650 -out skills.crt -addext >"subjectAltName = DNS:*.skills.lan"信任证书:
cp skills.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。