CentOS 8
Sponsored Link

Podman : Use Registry
2019/10/11
 
Install Registry to build Private Registry for Container Images.
[1]
On The Host tha Registry Container runs, Get SSL Certificates, refer to here (CentOS 7).
This example is based on the case that SSL certificates are gotten under the [/etc/letsencrypt/live/dlp.srv.world] and set the [Common Name] as [dlp.srv.world].
[2] Copy Certificates and pull Registry Image (v2).
Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage.
[root@dlp ~]#
mkdir -p /etc/containers/certs.d/dlp.srv.world:5000

[root@dlp ~]#
cp -p /etc/letsencrypt/live/dlp.srv.world/cert.pem /etc/containers/certs.d/dlp.srv.world:5000/ca.crt
[root@dlp ~]#
podman pull registry:2

[root@dlp ~]#
mkdir /var/lib/containers/registry

[root@dlp ~]#
podman run --privileged -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \
-v /etc/letsencrypt/live/dlp.srv.world:/certs \
-v /var/lib/containers/registry:/var/lib/registry \
registry:2
[root@dlp ~]#
podman ps

CONTAINER ID  IMAGE                         COMMAND               CREATED         STATUS             PORTS                   NAMES
20d25a314afc  docker.io/library/registry:2  /entrypoint.sh /e...  39 seconds ago  Up 38 seconds ago  0.0.0.0:5000->5000/tcp  laughing_sammet
[3] If Firewalld is running, allow mapped port.
[root@dlp ~]#
firewall-cmd --add-port=5000/tcp --permanent

success
[root@dlp ~]#
firewall-cmd --reload

success
[4] For pushing local image to Registry Container, set like follows.
# list images on Registry container

[root@dlp ~]#
curl https://dlp.srv.world:5000/v2/_catalog

{"repositories":[]}
[root@dlp ~]#
podman images

REPOSITORY                    TAG      IMAGE ID       CREATED         SIZE
srv.world/nginx_server        latest   41c48e1d2421   12 hours ago    308 MB
srv.world/centos_httpd        latest   67edc4066f76   18 hours ago    368 MB
docker.io/library/centos      latest   0f3e07c0138f   9 days ago      227 MB
docker.io/library/registry    2        f32a97de94e1   7 months ago    26.4 MB
quay.io/libpod/alpine_nginx   latest   3ef70f7291f4   11 months ago   9.21 MB
k8s.gcr.io/pause              3.1      da86e6ba6ca1   21 months ago   747 kB

# set a tag and push

[root@dlp ~]#
podman tag srv.world/nginx_server dlp.srv.world:5000/nginx_server

[root@dlp ~]#
podman push dlp.srv.world:5000/nginx_server

Getting image source signatures
Skipping blob 9e607bb861a7 (already present): 216.91 MiB / 216.91 MiB  2s
Copying blob 5f70bf18a086: 1.00 KiB / 1.00 KiB  2s
Copying blob f37758383b40: 77.17 MiB / 77.17 MiB  2s
Copying blob 11c197127a9f: 4.00 KiB / 4.00 KiB  2s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB  2s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB  2s
Copying config 41c48e1d2421: 2.33 KiB / 2.33 KiB  0s
Writing manifest to image destination
Storing signatures
[root@dlp ~]#
podman images

REPOSITORY                        TAG      IMAGE ID       CREATED         SIZE
srv.world/nginx_server            latest   41c48e1d2421   12 hours ago    308 MB
dlp.srv.world:5000/nginx_server   latest   41c48e1d2421   12 hours ago    308 MB
srv.world/centos_httpd            latest   67edc4066f76   18 hours ago    368 MB
docker.io/library/centos          latest   0f3e07c0138f   9 days ago      227 MB
docker.io/library/registry        2        f32a97de94e1   7 months ago    26.4 MB
quay.io/libpod/alpine_nginx       latest   3ef70f7291f4   11 months ago   9.21 MB
k8s.gcr.io/pause                  3.1      da86e6ba6ca1   21 months ago   747 kB

[root@dlp ~]#
curl https://dlp.srv.world:5000/v2/_catalog

{"repositories":["nginx_server"]}
[5] For getting images from Registry Container on a Podman node, set like follows.
# get certificate from Registry Container

[root@node01 ~]#
mkdir -p /etc/containers/certs.d/dlp.srv.world:5000

[root@node01 ~]#
cd /etc/containers/certs.d/dlp.srv.world:5000

[root@node01 dlp.srv.world:5000]#
scp dlp.srv.world:"/etc/containers/certs.d/dlp.srv.world:5000/ca.crt" ./
[root@node01 ~]#
podman pull dlp.srv.world:5000/nginx_server

Trying to pull dlp.srv.world:5000/nginx_server...Getting image source signatures
Copying blob d15017667120: 71.82 MiB / 71.82 MiB  3s
Copying blob 1dbcab28ce46: 48 B / 48 B  3s
Copying blob 3de5c672b0ec: 39.58 MiB / 39.58 MiB  3s
Copying blob 1a35c6e13efc: 256 B / 256 B  3s
Copying blob 1dbcab28ce46: 48 B / 48 B  3s
Copying blob 1dbcab28ce46: 48 B / 48 B  3s
Copying config 41c48e1d2421: 2.33 KiB / 2.33 KiB  0s
Writing manifest to image destination
Storing signatures
41c48e1d242161269177ee5668af907ea7a6534a341b5eb489d62eaf767b7612
[root@node01 ~]#
podman images

REPOSITORY                        TAG      IMAGE ID       CREATED        SIZE
dlp.srv.world:5000/nginx_server   latest   41c48e1d2421   12 hours ago   308 MB
Matched Content