Docker : Use Docker-Registry2019/01/22 |
Install Docker-Registry to build Private Registry for Docker images.
|
|
[1] |
On The Host which Docker-Registry Container runs, Get SSL Certificates, refer to here.
This example is based on the case that SSL certificates are gotten under the [/etc/letsencrypt/live/dlp.srv.world] and set the [Common Name] as [dlp.srv.world]. |
[2] | Copy to locate Certificates and pull Registry Image (v2). Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage. |
dlp:~ #
dlp:~ # mkdir -p /etc/docker/certs.d/dlp.srv.world:5000 dlp:~ # cp -p /etc/letsencrypt/live/dlp.srv.world/cert.pem /etc/docker/certs.d/dlp.srv.world:5000/ca.crt
docker pull registry:2 dlp:~ # mkdir /var/lib/docker/registry dlp:~ # docker run -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \ -v /etc/letsencrypt/live/dlp.srv.world:/certs \ -v /var/lib/docker/registry:/var/lib/registry \ registry:2 961dc43953d657c6063b5ad2018d631f1957e2164fb39eec7fe59390e8ee5f35dlp:~ # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 961dc43953d6 registry:2 "/entrypoint.sh /etc…" 33 seconds ago Up 32 seconds 0.0.0.0:5000->5000/tcp naughty_babbage |
[3] | If Firewalld is running, allow mapped port. |
dlp:~ # firewall-cmd --add-port=5000/tcp --permanent success dlp:~ # firewall-cmd --reload success |
[4] | For pushing local Image to Registry Container server, set like follows. |
# list images on Registry container dlp:~ # curl https://dlp.srv.world:5000/v2/_catalog {"repositories":[]} docker images dlp:~ # docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry 2 116995fd6624 3 days ago 25.8MB fedora latest 26ffec5b4a8a 5 days ago 274MB busybox latest 3a093384ac30 3 weeks ago 1.2MB # set a tag and push dlp:~ # docker tag fedora dlp.srv.world:5000/fedora_reg dlp:~ # docker push dlp.srv.world:5000/fedora_reg The push refers to repository [dlp.srv.world:5000/fedora_reg] 6034e8155f9c: Pushed latest: digest: sha256:352f9dc4edf5ef4c56fcc334fa68d225f617cfc994a4fa7ae9f03366aa6d1a99 size: 529dlp:~ # docker images dlp:~ # docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry 2 116995fd6624 3 days ago 25.8MB dlp.srv.world:5000/fedora_reg latest 26ffec5b4a8a 5 days ago 274MB fedora latest 26ffec5b4a8a 5 days ago 274MB busybox latest 3a093384ac30 3 weeks ago 1.2MBdlp:~ # curl https://dlp.srv.world:5000/v2/_catalog {"repositories":["fedora_reg"]} |
[5] | For getting images from Registry Container server on a Docker node, set like follows. |
# get certificates from Registry Container node01:~ # mkdir /etc/docker/certs.d/dlp.srv.world:5000 node01:~ # cd /etc/docker/certs.d/dlp.srv.world:5000 node01:/etc/docker/certs.d/dlp.srv.world:5000 # scp dlp.srv.world:"/etc/docker/certs.d/dlp.srv.world:5000/ca.crt" ./
docker pull dlp.srv.world:5000/fedora_reg Using default tag: latest Trying to pull repository dlp.srv.world:5000/fedora_reg ... sha256:6fb84ba634fe68572a2ac99741062695db24b921d0aa72e61ee669902f88c187: Pulling from dlp.srv.world:5000/fedora_reg 565884f490d9: Pull complete Digest: sha256:6fb84ba634fe68572a2ac99741062695db24b921d0aa72e61ee669902f88c187 Status: Downloaded newer image for dlp.srv.world:5000/fedora_reg:latestnode01:~ # docker images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/fedora_reg latest c582c1438f27 8 weeks ago 254 MB |
Sponsored Link |
|