Thursday, September 26, 2019

How to setup the Docker Private Registry on Ubuntu 19.04 with Docker 19.03.2?

What is Docker registry? There are various situations where a team could work on the microservices. Every time you connect to the internet and pull the images will be cost & time-consuming process. In an organization level if we set up the docker registry, where we can pull the images and all team members will reuse it by using the internal network.

Docker  public registry

A central place to store all organizational required docker images were distributed. There are several implementations of docker registries where it is build up with the following:
  • A simple webserver to make access to docker images available
  • A complete web application with user access
  • Docker builds are available in two services: DockerHub, Docker Trusted Registry
DockerHub is a public repository where you publish your contribution to any image that you made with tag [versions] which can be downloaded by anyone from the internet. It should be searchable. It all depends on the stars, the number of downloads, trust in official category of images. People will consider the comments. 



To create the Docker registry we have two options:


  • without security
  • with security


Here I would like to share the secure option as follows:

Docker container Registry 

Let's use the docker registry container which is officially published by Docker team on the docker Hub. The latest version of registry image is v2 now. This edocker registry supporst the following features: 
  • layer oriented
  • layer ID are randomly assigned
  • JSON object corresponding to each layer reflecting a parent
  • naming accomplished through tags

Docker private registry with Security setting up 

Steps to configure local private docker registry:
1. Create a certificate directory"/docker_data/certs" to hold the TLS certs
check openssl exists, if not run the following installation command:
mkdir -p "/docker_data/certs"
yum -y install openssl
On Ubuntu instance:
apt install -y openssl

2. Generate an SSL/TLS certificate to secure our private docker registry
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /docker_data/certs/domain.key -x509 -days 365 -out /docker_data/certs/domain.crt
# Enter the hostname fqdn 3. Create a directory to store docker images "/docker_data/images"
mkdir -p /docker_data/images
4. Run a docker registry container in docker host "docker-registry"
docker search registry
docker login 
# login with docker user [you must signup for this if not yet had]
docker run -d -p 5000:5000 \
-v /docker_data/images:/var/lib/registry \
 -v /docker_data/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  --restart on-failure \
  --name devops-registry \
  docker.io/registry
# check for the registry container in the list
docker container ls
# rename images which you would like to push to your private registry this is a recommendation
docker pull nginx
docker tag docker.io/nginx mydev.devopshunter.com:5000/my-nginx
# Now list of images to see the above image tag was created out of Nginx image.
docker image ls

5. Pull required docker images to docker host "docker-registry" from docker hub, rename (tag) with our local registry
docker tag docker.io/nginx mydev.devopshunter.com:5000/myweb
docker tag python mydev.devopshunter.com:5000/mypython

6. Push those pulled docker images to our docker private registry container
docker push mydev.devopshunter.com:5000/mypython
docker push mydev.devopshunter.com:5000/myweb

Let's confirm this by looking into the following path
ls -l /docker_data/images/docker/registry/v2/repositories/

# You can see two folders were created for each image, that indicates clearly what we had pushed are successful.
7. Remove old docker images from local docker-host.
 docker rmi ubuntu python nginx  

8. Configure all docker clients to use our certificates
9. docker clients can pull and push docker images into our private docker registry in registry server
curl -X GET http://localhost:5000/v2/_catalog

This is the end of the story of hosting your own docker private registry.

 References:

1. Docker Host and Docker client communication on Ubuntu 19 
2. Docker installation on CentOS 
3. Docker Concepts

No comments:

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)