Sunday, December 22, 2019

Docker Trusted Registry (DTR) deep dive

This post is a continuous post of Docker Enterprise edition on CentOS7 usage.
Let's understand the usage of the DTR. How we can integrate it with Docker UCP? How the DTR help us to maintain the docker repository easy way. What benefits we can get with DTR?

As we had already installed docker-ee and UCP deployed on it with swarm cluster on a CentOS7.

What is new in Docker Trusted Registry?

Here I've collected some of the DTR Primary Usage Scenarios

CI/CD with Docker

• Image repository - Centrally located base images
• Simple upgrades - Store individual build images
• Scan and Pull tested images to production

Containers as a Service (CaaS)

• Deploy Jenkins executors or nodes
• Instant-on developer environment
• Selected curated apps from a catalog
• Dynamic composition of micro-services (“PAAS”)

General Features

• Organizations, Teams & Repositories permissions UI
• Search index, API & UI
• Interactive API documentation
• Image deletion from index
• Image garbage collection Experimental
• Docker Content Trust: View Docker Notary signatures in DTR
• Admin & Health UI
• Registry Storage Status
• LDAP/AD Integration
• RBAC API (Admin, R/W, R/O)
• User actions/API audit logs
• Registry v2 API & v2 Image Support
• One-click install/upgrade

Cloud Platform Features 

• Docker Storage drivers for the filesystem, AWS s3, and Microsoft azure 
• Support Tooling 
• Support for Ubuntu, RHEL, CentOS and Windows 10

Docker Trusted Registry DTR Flow

System Requirement for DTR


The RAM requirement is high which is 16 GB size to run the DTR in the production system.
DTR cannot be installed where UCP installed that is not on the Swarm master node. Because the UCP uses default ports 80 and 443 in the master node, where DTR also needs the same ports to run so other nodes are preferable. Hence I'm using node1 to have DTR.


  • DTR requires Docker Universal Control Plane UCP to run you need to install UCP on all swarm nodes where you plan to install DTR.

Install Docker Trusted Registry DTR

This is a simple docker container running the command with the latest DTR version to deploy on the docker enterprise engine.

 
#Installing Docker Trusted Registry (DTR)
docker run -it \
 --rm docker/dtr:2.4.12 install \
 --ucp-insecure-tls 

The installation will links to the UCP that we had installed already.
Get the DTR Connected from the UCP console. Go to the 'Admin Settings'

Admin Settings on UCP Console to view Docker Trusted Registry installed


Access the DTR console

Let's login to the DTR console, From the UCP Console, we got that where the DTR installed successfully that URL. Because we have not used trusted certs it will proceed only after accepting the Security Exception in the browser.

docker trusted registry (DTR) login 
Here the user credentials are the same as given for UCP.


DTR Console looks almost similar to UCP console, You can proceed to create the new repository, where the pointer showing!

Extra bite

Where this DTR container is running let's see what all those containers created

docker trusted registry containers list

DTR Backup Notes


When you do backup DTR following will be taken care:

  • Configurations are backed up
  • Certificate and keys are backed up
  • Repository metadata are backed up


User, Orgs, and teams are not backed up with DTR backup.


References


Official Document on DTR
Slide on DTR Features
DTR Back up





No comments:

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)