Docker Private Registry allows us to maintain a local repository of Docker image to access within a limited source of network or groups. Private docker registry is useful when you do not want to share a secure content of your docker on cloud or where you have a limited access to the internet or bandwidth for frequent request for docker image.
So lets see how we can get this setup on Centos7 :
1. Install docker registry package using yum :
[root@siddhesh ~]# yum install docker-distribution
[root@siddhesh ~]# yum info docker-distribution
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* epel: mirrors.ukfast.co.uk
* extras: centos.excellmedia.net
* remi-php70: rpms.remirepo.net
* remi-php70-test: rpms.remirepo.net
* updates: centos.excellmedia.net
Installed Packages
Name : docker-distribution
Arch : x86_64
Version : 2.6.2
Release : 2.git48294d9.el7
Size : 12 M
Repo : installed
From repo : extras
Summary : Docker toolset to pack, ship, store, and deliver content
URL : https://github.com/docker/distribution
License : ASL 2.0
Description : Docker toolset to pack, ship, store, and deliver content
[root@siddhesh ~]#
2. Configure Local Docker Registry :
Main configuration file of docker registry is /etc/docker-distribution/registry/config.yml
This configuration file is in yaml format where you can define directory path to save a docker images and port to listen registry service on.
[root@siddhesh ~]# cat /etc/docker-distribution/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
[root@siddhesh ~]#
Here :
rootdirectory is a path of your local repository
addr is port on which service will be listen
3. Start docker registry service.
You can now start the service and enable to start on boot.
[root@siddhesh ~]# systemctl start docker-distribution
[root@siddhesh ~]# systemctl enable docker-distribution
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.
[root@siddhesh ~]#
You can verify this using telnet or netstat.
[root@siddhesh ~]# telnet localhost 5000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
[root@siddhesh ~]# netstat -antup |grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 3299/lua
tcp6 0 0 :::5000 :::* LISTEN 3299/lua
[root@siddhesh ~]#
4. Setup insecure registry to local docker engine :
By default docker uses https(443) port to connect its registry. But in most of local docker registry we might use insecure registry as access to this registry from outside network is restricted at Network Layer.
For this add below line under docker engine daemon file :
[root@siddhesh ~]# cat /etc/docker/daemon.json
{
"insecure-registries" : ["tecgeek.repo.host:5000"]
}
[root@siddhesh ~]#
Here :
tecgeek.repo.host is my host name of docker registry
5000 is port which open to accept connection from client.
Make sure you have run dns entry for tecgeek.repo.host under your dns server or add this entry in /etc/hosts file
[root@siddhesh ~]# ping tecgeek.repo.host -c 1
PING tecgeek.repo.host (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.099 ms
--- tecgeek.repo.host ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.099/0.099/0.099/0.000 ms
[root@siddhesh ~]#
5. Lets push docker image to local registry :
To test this I'll download one light weight image of alpine from hub.docker.com
[root@siddhesh ~]# docker pull alpine
Using default tag: latest
Trying to pull repository docker.io/library/alpine ...
latest: Pulling from docker.io/library/alpine
cbdbe7a5bc2a: Pull complete
Digest: sha256:9a839e63dad54c3a6d1834e29692c8492d93f90c59c978c1ed79109ea4fb9a54
Status: Downloaded newer image for docker.io/alpine:latest
[root@siddhesh ~]#
Create a tag for this machine which will be in used while pushing image to local registry.
[root@siddhesh ~]# docker tag alpine tecgeek.repo.host:5000/alpine
Now lets push this image using created tag to local registry.
[root@siddhesh ~]# docker push tecgeek.repo.host:5000/alpine
The push refers to repository [tecgeek.repo.host:5000/alpine]
db584c622b50: Pushed
52a7ea2bb533: Pushed
52f389ea437e: Pushed
88888b9b1b5b: Pushed
a94e0d5a7c40: Pushed
alpine: digest: sha256:52286464db54577a128fa1b1aa3c115bd86721b490ff4cbd0cd14d190b66c570 size: 1357
[root@siddhesh ~]#
Store image can be found under /var/lib/registry/docker/registry/v2/repositories
[root@siddhesh ~]# ls /var/lib/registry/docker/registry/v2/repositories
alpine
[root@siddhesh ~]#
Comentarios