Podman : Use Registry
2019/10/11 |
Install Registry to build Private Registry for Container Images.
|
|
[1] |
On The Host tha Registry Container runs, Get SSL Certificates, refer to here.
This example is based on the case that SSL certificates are gotten under the [/etc/letsencrypt/live/dlp.srv.world] and set the [Common Name] as [dlp.srv.world]. |
[2] | Copy Certificates and pull Registry Image (v2). Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage. |
[root@dlp ~]#
[root@dlp ~]# mkdir -p /etc/containers/certs.d/dlp.srv.world:5000 [root@dlp ~]# cp -p /etc/letsencrypt/live/dlp.srv.world/cert.pem /etc/containers/certs.d/dlp.srv.world:5000/ca.crt
podman pull registry:2 [root@dlp ~]# mkdir /var/lib/containers/registry [root@dlp ~]# podman run --privileged -d -p 5000:5000 \
[root@dlp ~]# -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \ -v /etc/letsencrypt/live/dlp.srv.world:/certs \ -v /var/lib/containers/registry:/var/lib/registry \ registry:2 podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20d25a314afc docker.io/library/registry:2 /entrypoint.sh /e... 39 seconds ago Up 38 seconds ago 0.0.0.0:5000->5000/tcp laughing_sammet |
[3] | If Firewalld is running, allow mapped port. |
[root@dlp ~]# firewall-cmd --add-port=5000/tcp --permanent success [root@dlp ~]# firewall-cmd --reload success |
[4] | For pushing local image to Registry Container, set like follows. |
# list images on Registry container [root@dlp ~]# curl https://dlp.srv.world:5000/v2/_catalog {"repositories":[]} podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/nginx_server latest 41c48e1d2421 12 hours ago 308 MB srv.world/centos_httpd latest 67edc4066f76 18 hours ago 368 MB docker.io/library/centos latest 0f3e07c0138f 9 days ago 227 MB docker.io/library/registry 2 f32a97de94e1 7 months ago 26.4 MB quay.io/libpod/alpine_nginx latest 3ef70f7291f4 11 months ago 9.21 MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 21 months ago 747 kB # set a tag and push [root@dlp ~]# podman tag srv.world/nginx_server dlp.srv.world:5000/nginx_server [root@dlp ~]# podman push dlp.srv.world:5000/nginx_server Getting image source signatures Skipping blob 9e607bb861a7 (already present): 216.91 MiB / 216.91 MiB 2s Copying blob 5f70bf18a086: 1.00 KiB / 1.00 KiB 2s Copying blob f37758383b40: 77.17 MiB / 77.17 MiB 2s Copying blob 11c197127a9f: 4.00 KiB / 4.00 KiB 2s Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB 2s Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB 2s Copying config 41c48e1d2421: 2.33 KiB / 2.33 KiB 0s Writing manifest to image destination Storing signatures[root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/nginx_server latest 41c48e1d2421 12 hours ago 308 MB dlp.srv.world:5000/nginx_server latest 41c48e1d2421 12 hours ago 308 MB srv.world/centos_httpd latest 67edc4066f76 18 hours ago 368 MB docker.io/library/centos latest 0f3e07c0138f 9 days ago 227 MB docker.io/library/registry 2 f32a97de94e1 7 months ago 26.4 MB quay.io/libpod/alpine_nginx latest 3ef70f7291f4 11 months ago 9.21 MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 21 months ago 747 kB[root@dlp ~]# curl https://dlp.srv.world:5000/v2/_catalog {"repositories":["nginx_server"]} |
[5] | For getting images from Registry Container on a Podman node, set like follows. |
# get certificate from Registry Container [root@node01 ~]# mkdir -p /etc/containers/certs.d/dlp.srv.world:5000 [root@node01 ~]# cd /etc/containers/certs.d/dlp.srv.world:5000 [root@node01 dlp.srv.world:5000]# scp dlp.srv.world:"/etc/containers/certs.d/dlp.srv.world:5000/ca.crt" ./
podman pull dlp.srv.world:5000/nginx_server Trying to pull dlp.srv.world:5000/nginx_server...Getting image source signatures Copying blob d15017667120: 71.82 MiB / 71.82 MiB 3s Copying blob 1dbcab28ce46: 48 B / 48 B 3s Copying blob 3de5c672b0ec: 39.58 MiB / 39.58 MiB 3s Copying blob 1a35c6e13efc: 256 B / 256 B 3s Copying blob 1dbcab28ce46: 48 B / 48 B 3s Copying blob 1dbcab28ce46: 48 B / 48 B 3s Copying config 41c48e1d2421: 2.33 KiB / 2.33 KiB 0s Writing manifest to image destination Storing signatures 41c48e1d242161269177ee5668af907ea7a6534a341b5eb489d62eaf767b7612[root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/nginx_server latest 41c48e1d2421 12 hours ago 308 MB |