Docker : Use Docker-Registry
2017/08/03 |
Install Docker-Registry to build Private Registry for Docker images.
This example is based on the case to use self-signed certificates. |
|
[1] |
On The Host which Docker-Registry Container runs, Create SSL Certificates, refer to here.
This example is based on the case that SSL certificates are made under the [/etc/ssl/private] and set the [Common Name] as [dlp.srv.world]. |
[2] | Copy to locate Certificates and pull Registry Image (v2). Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage. |
root@dlp:~#
root@dlp:~# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 root@dlp:~# cp -p /etc/ssl/private/server.crt /etc/ssl/private/domain.crt root@dlp:~# cp -p /etc/ssl/private/server.key /etc/ssl/private/domain.key root@dlp:~# cp -p /etc/ssl/private/server.crt /etc/docker/certs.d/dlp.srv.world:5000/ca.crt
docker pull registry:2 root@dlp:~# mkdir /var/lib/docker/registry root@dlp:~# docker run -d -p 5000:5000 \
root@dlp:~# -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ -v /etc/ssl/private:/certs \ -v /var/lib/docker/registry:/var/lib/registry \ registry:2 docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4769f313b190 registry:2 "/entrypoint..." 5 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp mode.. |
[3] | For pushing local Image to Registry Container server, set like follows. |
# list images on Registry container root@dlp:~# curl -k https://localhost:5000/v2/_catalog {"repositories":[]} docker images REPOSITORY TAG IMAGE ID CREATED SIZE storage latest e5f465d60931 2 hours ago 1.13MB web_server latest d6df7acdc0e3 2 hours ago 296MB srv.world/deb_apache2 latest 8efc6944bf8d 2 days ago 219MB debian latest a20fd0d59cf1 10 days ago 100MB registry 2 751f286bc25e 2 weeks ago 33.2MB busybox latest efe10ee6727f 2 weeks ago 1.13MB # set a tag and push root@dlp:~# docker tag debian dlp.srv.world:5000/debian_reg root@dlp:~# docker push dlp.srv.world:5000/debian_reg The push refers to a repository [dlp.srv.world:5000/debian_reg] cf4ecb492384: Pushed latest: digest: sha256:40506065be119bfc51093a65bf0123147cd2af72c767168dafdcb2d131f72e4d size: 529 root@dlp:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE storage latest e5f465d60931 2 hours ago 1.13MB web_server latest d6df7acdc0e3 2 hours ago 296MB srv.world/deb_apache2 latest 8efc6944bf8d 2 days ago 219MB dlp.srv.world:5000/debian_reg latest a20fd0d59cf1 10 days ago 100MB debian latest a20fd0d59cf1 10 days ago 100MB registry 2 751f286bc25e 2 weeks ago 33.2MB busybox latest efe10ee6727f 2 weeks ago 1.13MBroot@dlp:~# curl -k https://localhost:5000/v2/_catalog {"repositories":["debian_reg"]} |
[4] | For getting images from Registry Container server on a Docker node, set like follows. |
# get certificates from Registry Container root@node01:~# mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 root@node01:~# cd /etc/docker/certs.d/dlp.srv.world:5000 root@node01:/etc/docker/certs.d/dlp.srv.world:5000# scp dlp.srv.world:"/etc/docker/certs.d/dlp.srv.world:5000/ca.crt" ./
docker pull dlp.srv.world:5000/debian_reg Using default tag: latest latest: Pulling from debian_reg Digest: sha256:40506065be119bfc51093a65bf0123147cd2af72c767168dafdcb2d131f72e4d Status: Downloaded newer image for dlp.srv.world:5000/debian_reg:latest root@node01:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/debian_reg latest a20fd0d59cf1 10 days ago 100MB debian latest a20fd0d59cf1 10 days ago 100MB |