docker-registry
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDocker Registry Skill
Docker Registry Skill
Set up and manage private Docker registries for secure image distribution and management.
搭建并管理私有Docker镜像仓库,实现安全的镜像分发与管理。
Purpose
用途
Deploy private registries, configure authentication, and manage images across multiple registries.
部署私有镜像仓库、配置认证并跨多个仓库管理镜像。
Parameters
参数
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| registry_type | enum | No | docker | docker/ecr/gcr/acr |
| auth | boolean | No | true | Enable authentication |
| tls | boolean | No | true | Enable TLS |
| 参数名 | 类型 | 必填 | 默认值 | 描述 |
|---|---|---|---|---|
| registry_type | enum | 否 | docker | docker/ecr/gcr/acr |
| auth | boolean | 否 | true | 启用认证 |
| tls | boolean | 否 | true | 启用TLS |
Registry Types
镜像仓库类型
| Registry | Provider | Auth Method |
|---|---|---|
| Docker Hub | Docker | Username/token |
| GHCR | GitHub | GitHub token |
| ECR | AWS | IAM/CLI |
| GCR | Service account | |
| ACR | Azure | Service principal |
| 镜像仓库 | 服务商 | 认证方式 |
|---|---|---|
| Docker Hub | Docker | 用户名/令牌 |
| GHCR | GitHub | GitHub令牌 |
| ECR | AWS | IAM/CLI |
| GCR | 服务账号 | |
| ACR | Azure | 服务主体 |
Private Registry Setup
私有镜像仓库搭建
Docker Compose
Docker Compose
yaml
services:
registry:
image: registry:2
ports:
- "5000:5000"
volumes:
- registry_data:/var/lib/registry
- ./auth:/auth
- ./certs:/certs
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
restart: unless-stopped
volumes:
registry_data:yaml
services:
registry:
image: registry:2
ports:
- "5000:5000"
volumes:
- registry_data:/var/lib/registry
- ./auth:/auth
- ./certs:/certs
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
restart: unless-stopped
volumes:
registry_data:Create Auth File
创建认证文件
bash
undefinedbash
undefinedCreate htpasswd file
创建htpasswd文件
docker run --rm --entrypoint htpasswd
httpd:alpine -Bbn admin password > auth/htpasswd
httpd:alpine -Bbn admin password > auth/htpasswd
undefineddocker run --rm --entrypoint htpasswd
httpd:alpine -Bbn admin password > auth/htpasswd
httpd:alpine -Bbn admin password > auth/htpasswd
undefinedRegistry Operations
镜像仓库操作
Login
登录
bash
undefinedbash
undefinedDocker Hub
Docker Hub
docker login
docker login
GitHub Container Registry
GitHub Container Registry
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin
AWS ECR
AWS ECR
aws ecr get-login-password | docker login --username AWS --password-stdin <account>.dkr.ecr.<region>.amazonaws.com
aws ecr get-login-password | docker login --username AWS --password-stdin <account>.dkr.ecr.<region>.amazonaws.com
Private registry
私有镜像仓库
docker login registry.example.com
undefineddocker login registry.example.com
undefinedPush/Pull
推送/拉取
bash
undefinedbash
undefinedTag for registry
为镜像仓库打标签
docker tag myapp:latest registry.example.com/myapp:latest
docker tag myapp:latest registry.example.com/myapp:latest
Push
推送镜像
docker push registry.example.com/myapp:latest
docker push registry.example.com/myapp:latest
Pull
拉取镜像
docker pull registry.example.com/myapp:latest
undefineddocker pull registry.example.com/myapp:latest
undefinedImage Management
镜像管理
bash
undefinedbash
undefinedList images in registry (API)
列出仓库中的镜像(API方式)
curl -X GET https://registry.example.com/v2/_catalog
curl -X GET https://registry.example.com/v2/_catalog
List tags
列出标签
curl -X GET https://registry.example.com/v2/myapp/tags/list
curl -X GET https://registry.example.com/v2/myapp/tags/list
Delete image (via API)
删除镜像(通过API)
curl -X DELETE https://registry.example.com/v2/myapp/manifests/<digest>
undefinedcurl -X DELETE https://registry.example.com/v2/myapp/manifests/<digest>
undefinedMulti-Registry Sync
多仓库同步
bash
undefinedbash
undefinedCopy between registries
在仓库间复制镜像
skopeo copy
docker://source-registry/image:tag
docker://dest-registry/image:tag
docker://source-registry/image:tag
docker://dest-registry/image:tag
skopeo copy
docker://source-registry/image:tag
docker://dest-registry/image:tag
docker://source-registry/image:tag
docker://dest-registry/image:tag
Sync all tags
同步所有标签
skopeo sync --src docker --dest docker
source-registry/image dest-registry/
source-registry/image dest-registry/
undefinedskopeo sync --src docker --dest docker
source-registry/image dest-registry/
source-registry/image dest-registry/
undefinedCloud Registry Setup
云镜像仓库搭建
AWS ECR
AWS ECR
bash
undefinedbash
undefinedCreate repository
创建仓库
aws ecr create-repository --repository-name myapp
aws ecr create-repository --repository-name myapp
Login
登录
aws ecr get-login-password --region us-east-1 |
docker login --username AWS --password-stdin <account>.dkr.ecr.us-east-1.amazonaws.com
docker login --username AWS --password-stdin <account>.dkr.ecr.us-east-1.amazonaws.com
aws ecr get-login-password --region us-east-1 |
docker login --username AWS --password-stdin <account>.dkr.ecr.us-east-1.amazonaws.com
docker login --username AWS --password-stdin <account>.dkr.ecr.us-east-1.amazonaws.com
Push
推送镜像
docker push <account>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest
undefineddocker push <account>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest
undefinedGoogle GCR
Google GCR
bash
undefinedbash
undefinedAuth with service account
使用服务账号认证
gcloud auth configure-docker
gcloud auth configure-docker
Push
推送镜像
docker push gcr.io/project-id/myapp:latest
undefineddocker push gcr.io/project-id/myapp:latest
undefinedError Handling
错误处理
Common Errors
常见错误
| Error | Cause | Solution |
|---|---|---|
| Bad credentials | Re-login |
| Image not found | Check name/tag |
| No permission | Check IAM/roles |
| Certificate issue | Add to trusted certs |
| 错误信息 | 原因 | 解决方案 |
|---|---|---|
| 凭证无效 | 重新登录 |
| 镜像不存在 | 检查名称/标签 |
| 无权限 | 检查IAM/角色配置 |
| 证书问题 | 添加至可信证书列表 |
Fallback Strategy
回退策略
- Verify credentials:
docker login - Check image exists in registry
- Verify network connectivity
- 验证凭证:执行
docker login - 检查镜像是否存在于仓库中
- 验证网络连通性
Troubleshooting
故障排查
Debug Checklist
调试检查清单
- Logged in?
docker login - Image tagged correctly?
- Registry accessible?
curl https://registry/v2/ - TLS configured? Check certificates
- 是否已登录?执行验证
docker login - 镜像标签是否正确?
- 仓库是否可访问?执行检查
curl https://registry/v2/ - TLS是否配置正确?检查证书
Usage
使用方式
Skill("docker-registry")Skill("docker-registry")Assets
相关资源
- - Registry setup
assets/docker-compose-registry.yaml - - Setup script
scripts/registry-setup.sh
- - 镜像仓库搭建配置文件
assets/docker-compose-registry.yaml - - 搭建脚本
scripts/registry-setup.sh
Related Skills
关联技能
- docker-optimization
- docker-ci-cd
- docker-optimization
- docker-ci-cd