Let's understand the usage of the DTR. How we can integrate it with Docker UCP? How the DTR help us to maintain the docker repository easy way. What benefits we can get with DTR?
As we had already installed docker-ee and UCP deployed on it with swarm cluster on a CentOS7.
What is new in Docker Trusted Registry?
Here I've collected some of the DTR Primary Usage ScenariosCI/CD with Docker
• Image repository - Centrally located base images• Simple upgrades - Store individual build images
• Scan and Pull tested images to production
Containers as a Service (CaaS)
• Deploy Jenkins executors or nodes• Instant-on developer environment
• Selected curated apps from a catalog
• Dynamic composition of micro-services (“PAAS”)
General Features
• Organizations, Teams & Repositories permissions UI• Search index, API & UI
• Interactive API documentation
• Image deletion from index
• Image garbage collection Experimental
• Docker Content Trust: View Docker Notary signatures in DTR
• Admin & Health UI
• Registry Storage Status
• LDAP/AD Integration
• RBAC API (Admin, R/W, R/O)
• User actions/API audit logs
• Registry v2 API & v2 Image Support
• One-click install/upgrade
Cloud Platform Features
• Docker Storage drivers for the filesystem, AWS s3, and Microsoft azure
• Support Tooling
• Support for Ubuntu, RHEL, CentOS and Windows 10
Docker Trusted Registry DTR Flow |
System Requirement for DTR
The RAM requirement is high which is 16 GB size to run the DTR in the production system.
DTR cannot be installed where UCP installed that is not on the Swarm master node. Because the UCP uses default ports 80 and 443 in the master node, where DTR also needs the same ports to run so other nodes are preferable. Hence I'm using node1 to have DTR.
- DTR requires Docker Universal Control Plane UCP to run you need to install UCP on all swarm nodes where you plan to install DTR.
Install Docker Trusted Registry DTR
This is a simple docker container running the command with the latest DTR version to deploy on the docker enterprise engine.#Installing Docker Trusted Registry (DTR) docker run -it \ --rm docker/dtr:2.4.12 install \ --ucp-insecure-tlsThe installation will links to the UCP that we had installed already.
Get the DTR Connected from the UCP console. Go to the 'Admin Settings'
Admin Settings on UCP Console to view Docker Trusted Registry installed |
Access the DTR console
Let's login to the DTR console, From the UCP Console, we got that where the DTR installed successfully that URL. Because we have not used trusted certs it will proceed only after accepting the Security Exception in the browser.docker trusted registry (DTR) login |
DTR Console looks almost similar to UCP console, You can proceed to create the new repository, where the pointer showing!
Extra bite
Where this DTR container is running let's see what all those containers createddocker trusted registry containers list |
DTR Backup Notes
When you do backup DTR following will be taken care:
- Configurations are backed up
- Certificate and keys are backed up
- Repository metadata are backed up
User, Orgs, and teams are not backed up with DTR backup.
References
Official Document on DTR
Slide on DTR Features
DTR Back up
No comments:
Post a Comment