Docker public registry
A central place to store all organizational required docker images were distributed. There are several implementations of docker registries where it is build up with the following:
- A simple webserver to make access to docker images available
- A complete web application with user access
- Docker builds are available in two services: DockerHub, Docker Trusted Registry
To create the Docker registry we have two options:
- without security
- with security
Here I would like to share the secure option as follows:
Docker container Registry
Let's use the docker registry container which is officially published by Docker team on the docker Hub. The latest version of registry image is v2 now. This edocker registry supporst the following features:
- layer oriented
- layer ID are randomly assigned
- JSON object corresponding to each layer reflecting a parent
- naming accomplished through tags
Docker private registry with Security setting up
Steps to configure local private docker registry:1. Create a certificate directory"/docker_data/certs" to hold the TLS certs
check openssl exists, if not run the following installation command:
mkdir -p "/docker_data/certs" yum -y install opensslOn Ubuntu instance:
apt install -y openssl
2. Generate an SSL/TLS certificate to secure our private docker registry
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /docker_data/certs/domain.key -x509 -days 365 -out /docker_data/certs/domain.crt# Enter the hostname fqdn 3. Create a directory to store docker images "/docker_data/images"
mkdir -p /docker_data/images4. Run a docker registry container in docker host "docker-registry"
docker search registry docker login# login with docker user [you must signup for this if not yet had]
docker run -d -p 5000:5000 \ -v /docker_data/images:/var/lib/registry \ -v /docker_data/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ --restart on-failure \ --name devops-registry \ docker.io/registry# check for the registry container in the list
docker container ls# rename images which you would like to push to your private registry this is a recommendation
docker pull nginx docker tag docker.io/nginx mydev.devopshunter.com:5000/my-nginx# Now list of images to see the above image tag was created out of Nginx image.
docker image ls
5. Pull required docker images to docker host "docker-registry" from docker hub, rename (tag) with our local registry
docker tag docker.io/nginx mydev.devopshunter.com:5000/myweb docker tag python mydev.devopshunter.com:5000/mypython
6. Push those pulled docker images to our docker private registry container
docker push mydev.devopshunter.com:5000/mypython docker push mydev.devopshunter.com:5000/myweb
Let's confirm this by looking into the following path
ls -l /docker_data/images/docker/registry/v2/repositories/
# You can see two folders were created for each image, that indicates clearly what we had pushed are successful.
7. Remove old docker images from local docker-host.
docker rmi ubuntu python nginx
8. Configure all docker clients to use our certificates
9. docker clients can pull and push docker images into our private docker registry in registry server
curl -X GET http://localhost:5000/v2/_catalog
This is the end of the story of hosting your own docker private registry.
References:
1. Docker Host and Docker client communication on Ubuntu 192. Docker installation on CentOS
3. Docker Concepts
No comments:
Post a Comment