This tutorial post will help you with step by step procedure of how to create our local docker registry to manage docker images from a centralized server rather then getting the docker images from hub.docker.com through internet.
When you have large number of docker hosts in your environment, Creating our own private docker registry within our internal network helps us to manage docker images from a centralized server also no need to provide internet access to all docker hosts.
Instead we can use our internal docker registry to pull or push docker images. There is a container available for docker registry for this purpose, it can be used within docker host to setting up our private docker registry.
In the previous posts, already we have explained the below topics. Refer those links to understand this topic from basics.
How to Install Kubernetes Cluster with Docker on Linux
Create Kubernetes Deployment, Services & Pods Using Kubectl
Create Kubernetes YAML for Deployment, Service & Pods
What is Docker - Get Started from Basics - Docker Tutorial
What is Container, What is Docker on Container - Get Started
How to Install Docker on CentOS 7 / RHEL 7
Docker Images Explained with Examples - Docker Tutorial
How to Run Docker Containers - Explained with Examples
In the previous posts, already we have explained the below topics. Refer those links to understand this topic from basics.
How to Install Kubernetes Cluster with Docker on Linux
Create Kubernetes Deployment, Services & Pods Using Kubectl
Create Kubernetes YAML for Deployment, Service & Pods
What is Docker - Get Started from Basics - Docker Tutorial
What is Container, What is Docker on Container - Get Started
How to Install Docker on CentOS 7 / RHEL 7
Docker Images Explained with Examples - Docker Tutorial
How to Run Docker Containers - Explained with Examples
How to Create or Build Your Own Private Docker Registry on Linux
Let's get started.
Also You can Watch this Tutorial video on our YouTube Channel.
Steps involved to configure our own local docker registry,
1. Create a certificate directory "/docker_data/certs/" to hold the TLS certificate.
2. Generate a SSL/TLS certificate to secure our private docker registry.
3. Create a directory to store docker images "/docker_data/images".
4. Run a docker registry container in docker host "docker-registry".
5. Pull required docker images to docker host "docker-registry" from docker hub.
6. Push those downloaded docker images to docker registry container.
7. Remove old docker images from local docker host.
8. Configure all docker clients to use our certificate.
9. Docker clients can Pull and push docker images in our private docker registry.
Lab Setup:
Docker Registry Hostname: docker-registry.learnitguide.net
Client docker Hostnames: docker-client1.learnitguide.net / docker-client2.learnitguide.net
Operating System: CentOS Linux release 7.2.1511 (Core)
Docker Version: 1.13.1, build dded712/1.13.1
Internet Required: Yes, only on docker registry server to pull docker images.
On Private Docker Registry:
1. Create a certificate directory "/docker_data/certs/" to hold the TLS certificate.
Docker Version: 1.13.1, build dded712/1.13.1
Internet Required: Yes, only on docker registry server to pull docker images.
On Private Docker Registry:
1. Create a certificate directory "/docker_data/certs/" to hold the TLS certificate.
[root@docker-registry ~]# mkdir -p /docker_data/certs/
2. Generate a SSL/TLS certificate to secure our docker registry.
Generate a certificate to secure our docker registry using the command "openssl". If "openssl" command is not found, please install the package "openssl" using yum repository as below. Refer this link if you dont know how to configure local yum server.
[root@docker-registry ~]# yum -y install openssl
Once "openssl" package is installed, generate the certificates.
[root@docker-registry ~]# openssl req
-newkey rsa:4096 -nodes -sha256 -keyout /docker_data/certs/domain.key
-x509 -days 365 -out /docker_data/certs/domain.crt
Output:
Generating a 4096 bit RSA private key
......................................................................................................................................
...........++
.....++
writing new private key to '/docker_data/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker-registry.learnitguide.net
Email Address []:
Its not mandatory to fill all fields, but replace the common name "docker-registry.learnitguide.net" with your valid server hostname.
3. Create a directory to store docker images "/docker_data/images".
Create a directory "/docker_data/images" in docker host and same directory will be mounted as a volume "/var/lib/registry" to registry container. Because "var/lib/registry" is the directory where all docker images are stored when we push and pull docker images to private docker registry. So this volume must have sufficient free space to store the docker images. If we provide this volume from docker host, we have lot of options to extend this volume in future based on the utilization.
[root@docker-registry ~]# mkdir -p /docker_data/images
4. Run a docker registry container in docker host "docker-registry".
We must have docker tool installed already to run the local docker registry. Else refer our previous article to know how to install docker on linux servers and make it ready.
Once you have installed docker on your docker host, run a container with readily available docker registry image from docker hub as below.
[root@docker-registry ~]# docker run -d -p 5000:5000
-v /docker_data/images:/var/lib/registry
-v /docker_data/certs:/certs
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
--restart on-failure
--name myregistry
docker.io/registry
Output:
Unable to find image 'docker.io/registry:latest' locally
Trying to pull repository docker.io/library/registry ...
latest: Pulling from docker.io/library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
b64fac991fbfe2241f05a363013f195567d25364125a16094bfcd807686de206
Where,
-p 5000:5000 - Registry running on 5000 port in docker container and exposes it to 5000 in docker host.
-v /docker_data/certs:/certs - Mounting the Certs directory created in docker host to docker registry.
-v /docker_data/images:/var/lib/registry - Mounting a directory to store docker images from docker host to docker container. because, all docker images are stored in directory "/var/lib/registry" within docker registry container.
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt - Assigning a variable TLS Certificate to use /certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key - Assinging a variable TLS key to use /certs/domain.key.
--restart on-failure - Docker container will restart in case of any failures.
--name myregistry - Name of the container.
docker.io/registry - Image Name of docker registry.
Check the status of the newly created docker container.
[root@docker-registry ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b64fac991fbf docker.io/registry "/entrypoint.sh /etc/" 38 seconds ago Up 38 seconds 0.0.0.0:5000->5000/tcp myregistry
[root@docker-registry ~]#
Docker registry container is running on port "5000".
5. Pull required docker images to docker host "docker-registry" from docker hub.
For example, Let's say we need httpd and nginx docker images.
[root@docker-registry ~]# docker pull httpd
[root@docker-registry ~]# docker pull nginx
Verify the downloaded docker images.
[root@docker-registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 8b89e48b5f15 5 days ago 109 MB
docker.io/registry latest b2b03e9146e1 2 weeks ago 33.29 MB
docker.io/httpd latest 01154c38b473 5 months ago 177.4 MB
[root@docker-registry ~]#
6. Push docker images to docker registry container.
We must rename it, before pushing those downloaded docker images to our private docker registry server.
[root@docker-registry ~]# docker tag docker.io/nginx localhost:5000/my-nginx
[root@docker-registry ~]# docker tag docker.io/httpd localhost:5000/my-httpd
List out the docker images.
[root@docker-registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 8b89e48b5f15 5 days ago 109 MB
localhost:5000/my-nginx latest 8b89e48b5f15 5 days ago 109 MB
docker.io/registry latest b2b03e9146e1 2 weeks ago 33.29 MB
docker.io/httpd latest 01154c38b473 5 months ago 177.4 MB
localhost:5000/my-httpd latest 01154c38b473 5 months ago 177.4 MB
[root@docker-registry ~]#
Now Push the newly tagged docker images to docker registry container.
[root@master-server ~]# docker push localhost:5000/my-nginx
[root@master-server ~]# docker push localhost:5000/my-httpd
Checkout the list of docker images pushed to our private docker registry.
[root@docker-registry ~]# ll /docker_data/images/docker/registry/v2/repositories/
total 0
drwxr-xr-x 5 root root 52 Jul 23 03:29 my-httpd
drwxr-xr-x 5 root root 52 Jul 23 03:28 my-nginx
[root@docker-registry ~]#
7. Remove old docker images from local docker host.
[root@docker-registry ~]# docker rmi docker.io/nginx docker.io/httpd
List out the docker images.
[root@docker-registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost:5000/my-nginx latest 8b89e48b5f15 5 days ago 109 MB
docker.io/registry latest b2b03e9146e1 2 weeks ago 33.29 MB
localhost:5000/my-httpd latest 01154c38b473 5 months ago 177.4 MB
[root@docker-registry ~]#
8. Configure all docker clients to use our certificate.
First copy the generated certificate "/docker_data/certs/domain.crt" to all docker clients as below.
[root@docker-registry ~]# scp -r /docker_data/certs/domain.crt 192.168.2.3:/root/
domain.crt 100% 2029 2.0KB/s 00:00
[root@docker-registry ~]#
On all Docker Client Hosts:
Login into each docker clients and create a directory "docker-registry.learnitguide.net:5000" under the directory "/etc/docker/certs.d".
[root@docker-client1 ~]# mkdir -p /etc/docker/certs.d/docker-registry.learnitguide.net:5000/
Replace "docker-registry.learnitguide.net:5000" with your docker registry server name with port number.
Now copy "domain.crt" certificate from your "/root" directory to this directory, so our docker clients would use this TLS certificate to avoid certificate issues.
[root@docker-client1 ~]# cp -rf /root/domain.crt /etc/docker/certs.d/docker-registry.learnitguide.net:5000/
9. Docker clients can Pull and push docker images in our private docker registry.
Now we can Pull and push docker images using our own docker registry.
[root@docker-client1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker-client1 ~]# docker pull docker-registry.learnitguide.net:5000/my-httpd
Using default tag: latest
Trying to pull repository docker-registry.learnitguide.net:5000/my-httpd ...
latest: Pulling from docker-registry.learnitguide.net:5000/my-httpd
4176fe04cefe: Pull complete
d6c01cf91b98: Pull complete
b7066921647a: Pull complete
643378aaba88: Pull complete
3c51f6dc6a3b: Pull complete
4f25e420c4cc: Pull complete
ccdbe37da15c: Pull complete
Digest: sha256:6a457fe47eaa405ea173ca61d29c4367a593e8b092ed2e6c0fda0c77d801c485
[root@docker-client1 ~]# docker pull docker-registry.learnitguide.net:5000/my-nginx
Using default tag: latest
Trying to pull repository docker-registry.learnitguide.net:5000/my-nginx ...
latest: Pulling from docker-registry.learnitguide.net:5000/my-nginx
be8881be8156: Pull complete
f2f27ed9664f: Pull complete
54ff137eb1b2: Pull complete
Digest: sha256:42e8199b5eb4a9e4896308cabc547740a0c9fc1e1a1719abf31cd444d426fbc8
[root@docker-client1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-registry.learnitguide.net:5000/my-nginx latest 8b89e48b5f15 5 days ago 109 MB
docker-registry.learnitguide.net:5000/my-httpd latest 01154c38b473 5 months ago 177.4 MB
[root@docker-client1 ~]#
Similarly, we can push any docker images to our docker registry server using the below command.
[root@docker-client1 ~]# docker push docker-registry.learnitguide.net:5000/my-httpd
Hope you have got an idea how to create our own private docker registry. Going forward we will play more with docker tool.
If you are interested in learning, Request you to go through the below recommended tutorial.
DevOps Full Course Tutorial for Beginners - DevOps Free Training Online
Docker Full Course Tutorial for Beginners - Docker Free Training Online
Kubernetes Full Course Tutorial for Beginners - Kubernetes Free Training Online
Ansible Full Course Tutorial for Beginners - Ansible Free Training Online
Openstack Full Course Tutorial for Beginners - Openstack Free Training Online
Keep practicing and have fun. Leave your comments if any.
Stay connected with us on social networking sites, Thank you.
0 Comments