AgentSkillsCN

docker-registry

私有仓库搭建、镜像管理及多仓库操作

SKILL.md
--- frontmatter
name: docker-registry
description: Private registry setup, image management, and multi-registry operations
sasmp_version: "1.3.0"
bonded_agent: 02-docker-images
bond_type: PRIMARY_BOND

Docker Registry Skill

Set up and manage private Docker registries for secure image distribution and management.

Purpose

Deploy private registries, configure authentication, and manage images across multiple registries.

Parameters

ParameterTypeRequiredDefaultDescription
registry_typeenumNodockerdocker/ecr/gcr/acr
authbooleanNotrueEnable authentication
tlsbooleanNotrueEnable TLS

Registry Types

RegistryProviderAuth Method
Docker HubDockerUsername/token
GHCRGitHubGitHub token
ECRAWSIAM/CLI
GCRGoogleService account
ACRAzureService principal

Private Registry Setup

Docker Compose

yaml
services:
  registry:
    image: registry:2
    ports:
      - "5000:5000"
    volumes:
      - registry_data:/var/lib/registry
      - ./auth:/auth
      - ./certs:/certs
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
      REGISTRY_HTTP_TLS_KEY: /certs/domain.key
    restart: unless-stopped

volumes:
  registry_data:

Create Auth File

bash
# Create htpasswd file
docker run --rm --entrypoint htpasswd \
  httpd:alpine -Bbn admin password > auth/htpasswd

Registry Operations

Login

bash
# Docker Hub
docker login

# GitHub Container Registry
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin

# AWS ECR
aws ecr get-login-password | docker login --username AWS --password-stdin <account>.dkr.ecr.<region>.amazonaws.com

# Private registry
docker login registry.example.com

Push/Pull

bash
# Tag for registry
docker tag myapp:latest registry.example.com/myapp:latest

# Push
docker push registry.example.com/myapp:latest

# Pull
docker pull registry.example.com/myapp:latest

Image Management

bash
# List images in registry (API)
curl -X GET https://registry.example.com/v2/_catalog

# List tags
curl -X GET https://registry.example.com/v2/myapp/tags/list

# Delete image (via API)
curl -X DELETE https://registry.example.com/v2/myapp/manifests/<digest>

Multi-Registry Sync

bash
# Copy between registries
skopeo copy \
  docker://source-registry/image:tag \
  docker://dest-registry/image:tag

# Sync all tags
skopeo sync --src docker --dest docker \
  source-registry/image dest-registry/

Cloud Registry Setup

AWS ECR

bash
# Create repository
aws ecr create-repository --repository-name myapp

# Login
aws ecr get-login-password --region us-east-1 | \
  docker login --username AWS --password-stdin <account>.dkr.ecr.us-east-1.amazonaws.com

# Push
docker push <account>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest

Google GCR

bash
# Auth with service account
gcloud auth configure-docker

# Push
docker push gcr.io/project-id/myapp:latest

Error Handling

Common Errors

ErrorCauseSolution
unauthorizedBad credentialsRe-login
manifest unknownImage not foundCheck name/tag
denied: accessNo permissionCheck IAM/roles
TLS handshakeCertificate issueAdd to trusted certs

Fallback Strategy

  1. Verify credentials: docker login
  2. Check image exists in registry
  3. Verify network connectivity

Troubleshooting

Debug Checklist

  • Logged in? docker login
  • Image tagged correctly?
  • Registry accessible? curl https://registry/v2/
  • TLS configured? Check certificates

Usage

code
Skill("docker-registry")

Assets

  • assets/docker-compose-registry.yaml - Registry setup
  • scripts/registry-setup.sh - Setup script

Related Skills

  • docker-optimization
  • docker-ci-cd