先睹为快

[root@kvmmain ~]# docker pull docker.io/registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ...
sha256:0e40793ad06ac099ba63b5a8fae7a83288e64b50fe2eafa2b59741de85fd3b97: Pulling from docker.io/library/registry
b7f33cc0b48e: Pull complete
46730e1e05c9: Pull complete
458210699647: Pull complete
0cf045fea0fd: Pull complete
b78a03aa98b7: Pull complete
Digest: sha256:0e40793ad06ac099ba63b5a8fae7a83288e64b50fe2eafa2b59741de85fd3b97
Status: Downloaded newer image for docker.io/registry:latest
[root@kvmmain ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest d1e32b95d8e8 4 weeks ago 33.17 MB

然后执行

docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true  --log-driver=none -v /data/registry/data:/tmp/registry registry

其中,/home/data/registrydata是一个比较大的系统分区,今后镜像仓库中的全部数据都会保存在这个外挂目录下。
-p 5000:5000 端口映射
--restart=always1 在容器退出时总是重启容器,主要应用在生产环境
--privileged=true 在CentOS7中的安全模块selinux把权限禁掉了,参数给容器加特权,不加上传镜像会报权限错误OSError: [Errno 13] Permission denied: ‘/tmp/registry/repositories/liibrary’)或者(Received unexpected HTTP status: 500 Internal Server Error)错误
--name registry 指定容器的名称
更改名称并推送

创建带有密码验证的registry

mkdir  /opt/data/auth
docker run  --entrypoint htpasswd registry -Bbn  username  userpasswd > auth/htpasswd

把username和userpasswd换成自己真实的
然后

docker run -d -p 5000:5000 --restart=always --name docker-hub \
    -v /data/registry/data:/var/lib/registry \
    -v /data/registry/auth:/auth \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e  REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    registry

启动成功后就可以访问ip:port/v2/_catalog来查看里面的镜像了

[root@K8s-node-2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/rhel7/pod-infrastructure latest 34d3450d733b 2 weeks ago 205 MB
gcr.io/google_containers/kubernetes-dashboard-amd64 v1.5.1 1180413103fd 5 weeks ago 103.6 MB
[root@K8s-node-2 ~]# docker tag registry.access.redhat.com/rhel7/pod-infrastructure:latest registry:5000/pod-infrastructure:latest
[root@K8s-node-2 ~]# docker tag gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1 registry:5000/kubernetes-dashboard-amd64:v1.5.1
[root@K8s-node-2 ~]# docker push registry:5000/pod-infrastructure:latest
The push refers to a repository [registry:5000/pod-infrastructure]
ba3d4cbbb261: Pushed
0a081b45cb84: Pushed
df9d2808b9a9: Pushed
latest: digest: sha256:9314554780673b821cb7113d8c048a90d15077c6e7bfeebddb92a054a1f84843 size: 948
[root@K8s-node-2 ~]# docker push registry:5000/kubernetes-dashboard-amd64:v1.5.1
The push refers to a repository [registry:5000/kubernetes-dashboard-amd64]
25820b2590cc: Pushed
v1.5.1: digest: sha256:f3f399a937a73b2c0361d93576cd4eb854018a1445b016577e95976c4e09e694 size: 529
[root@K8s-node-2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.access.redhat.com/rhel7/pod-infrastructure latest 34d3450d733b 2 weeks ago 205 MB
registry:5000/pod-infrastructure latest 34d3450d733b 2 weeks ago 205 MB
gcr.io/google_containers/kubernetes-dashboard-amd64 v1.5.1 1180413103fd 5 weeks ago 103.6 MB
registry:5000/kubernetes-dashboard-amd64 v1.5.1 1180413103fd 5 weeks ago 103.6 MB
gcr.io/google_containers/kubedns-amd64 1.7 bec33bc01f03 5 months ago 55.06 MB
[root@K8s-node-2 ~]#

更改所使用的镜像名称
Dashboard是在yaml中定义的,要更改dashboard.yaml中对应的“image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1”为“image: registry:5000/kubernetes-dashboard-amd64:v1.5.1”

pod-infrastructure是在node的kubelet配置文件中定义的,要更改每个node中/etc/kubernetes/kubelet中对应的“KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"为“KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image= registry:5000/pod-infrastructure:latest "”。
更改之后需要重启kubelet服务。

宝剑锋从磨砺出,梅花香自苦寒来.