容器 自建镜像仓库

参考: Docker 容器仓库之搭建私有仓库、hub仓库

. /etc/os-release
echo $VERSION_ID

# ubuntu
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
# raspberry
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Raspberry_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Raspberry_${VERSION_ID}/Release.key | sudo apt-key add -

apt-get update

apt-get install podman

# podman pull docker.io/library/registry
Trying to pull docker.io/library/registry:latest...
Getting image source signatures
Copying blob 1aa54e3652a6 done  
Copying blob c33cdd195164 done  
Copying blob 5cb8b15578b2 done  
Copying blob 3ef5fbcd4118 done  
Copying blob 7f42adccaa3d done  
Copying config e8a5642563 done  
Writing manifest to image destination
Storing signatures
e8a56425636efd3a5e4337640baf5cb2264890edab9753f228a1bffe4fe52e2c

# podman images
REPOSITORY                  TAG     IMAGE ID      CREATED      SIZE
docker.io/library/registry  latest  e8a56425636e  4 weeks ago  22.8 MB

# mkdir certs
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/hub.org.key -x509 -days 365 -out certs/hub.org.crt
Generating a RSA private key
..............................................................++++
...........................................................................................................................................................................++++
writing new private key to 'certs/hub.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

# ls -l certs/
total 8
-rw-r--r-- 1 root root 1939 Dec 12 09:57 hub.org.crt
-rw------- 1 root root 3272 Dec 12 09:57 hub.org.key

## -d：打入后台；create：创建；run：创建并运行
## --name registry 容器名称
## /root/certs：宿主机路径；/certs：容器路径，把宿主机/root/certs挂接到容器内
## -v /opt/registry:/var/lib/registry：将宿主机的 /opt/registry挂接到容器的/var/lib/registry，这是registry容器的数据目录
## -e REGISTRY_HTTP_ADDR=0.0.0.0:443 #用来编辑配置文件里有个registry httpd addr，让他启用443端口
## -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt 证书的位置
## -e REGISTRY_HTTP_TLS_KEY=/certs  key的位置
## 最后的registry是镜像
# podman run -d -p 443:443 --restart=always --name registry -v /opt/storage1/registry:/var/lib/registry -v /root/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/hub.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/hub.org.key registry

# podman ps
CONTAINER ID  IMAGE                              COMMAND               CREATED        STATUS            PORTS                 NAMES
d5b69eecb953  docker.io/library/registry:latest  /etc/docker/regis...  7 seconds ago  Up 6 seconds ago  0.0.0.0:443->443/tcp  registry

$ curl -k https://mygit/v2/_catalog
{"repositories":[]}