Installing Local Docker Registry
This article shows you how to use the Docker Registry.
Why Do You Need the Docker Registry?
Public Docker images can be updated at any time. There is nothing to stop an image update with the same tag as the previous image. Therefore, if you trust the Public Registry, there is no guarantee that every environment is indeed based on the same images.
If you are using images directly from the Public Registry, you must download them to your system and upload them to your own registry so you have control over the release of updates.
Servers not connected to the Internet
Another necessary aspect of using the Local Docker Registry is if the servers running Apinizer do not have access to hub.docker.com, you need it to be able to patch (version update).
Before starting the installation
Follow these steps to install and configure the Docker registry on your CentOS 7 server.
- The docker distribution package on CentOS 7.4 is available in the extra repository. You may need to enable it if CentOS 7 is disabled on your system.
Installation Steps
Setup
sudo yum -y install docker-distribution
Configure the Docker Registry
The Docker registry configuration file is located at /etc/docker-distribution/registry/config.yml. It is in YAML format. If you need to make any changes, do so here. Example configuration file is shown below:
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
From the default config file:
- /var/lib/: registry is the directory where docker images will be stored.
- Service: will connect to port 5000 on all network interfaces
If you have SELinux enabled, you may have a problem using port 5000, consider disabling SELinux or putting it in permissive mode if you encounter problems.
If the firewall is enabled and running, allow the port in the firewall.
firewall-cmd --add-port = 5000 / tcp
firewall-cmd
Start the Docker Registry
Now you can start the service and set it to start on boot.
systemctl start docker-distribution
systemctl enable docker-distribution
Verify that the docker-distribution service is running:
systemctl status docker-distribution
● docker-distribution.service - v2 Registry server for Docker
Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-03-31 14:31:16 EDT; 2min 20s ago
Main PID: 16262 (registry)
CGroup: /system.slice/docker-distribution.service
└─16262 /usr/bin/registry serve /etc/docker-distribution/registry/...
Add Registry to Docker Engine
By default docker uses https to connect to the docker registry. However, there may be use cases for using an unsafe registry, especially if you're on a trusted network. This eliminates the need for a CA signed certificate for internal use or relying on a self-signed certificate on all docker nodes. Here are the steps to add the Insecure Registry to Docker Engine.
All lines in the /etc/docker/daemon.json file are deleted and the following line is added.
vi /etc/docker/daemon.json
{
"insecure-registries" : ["dockerregistry.local:5000"]
}
The above line must be done on all servers that will connect to /etc/docker/daemon.json docker registry.
Now that the registry is ready, you can start importing docker images into it. If you don't have a DNS server, use the /etc/hosts file to map the hostname to the IP Address.
cat /etc/hosts
192.168.5.10 dockerregistry.local
It can also be added like this: "insecure-registries" : ["192.168.5.10:5000"]
Note: If the hostname is written, it must be specified in the host files of the other machines in the k8s cluster.
After making the above changes, restart Docker.
systemctl restart docker
Using the Docker Registry
First of all, the images are downloaded to the environment with the docker registry installed.
sudo docker pull apinizercloud/manager:2022.04.01
Tag the image as dockerregistry.local:5000 /manager:2022.04.01. This creates an additional tag for the current image. When the first part of the tag is a hostname and port, Docker interprets it as the location of a registry during push.
docker tag apinizercloud/manager:2022.04.01 dockerregistry.local:5000/manager:2022.04.01
Submit the image to the local registry running at dockerregistry.local:5000/manager:2022.04.01.
docker push dockerregistry.local:5000/manager:2022.04.01
If the image upload was successful, you should finally get the sha256 hash. The exported images are stored under the /var/lib/registry/docker/registry/v2/repositories directory.
ls /var/lib/registry/docker/registry/v2/repositories
Example Uses
Sample: To push the image that was pulled to the local registry. To install Manager, Worker and Caches;
sudo docker pull apinizercloud/manager:2022.04.01 $ sudo docker tag apinizercloud/manager:2022.04.01 YOUR-IP:5000/manager:2022.04.01 $ sudo docker push YOUR-IP:5000/manager:2022.04.01 --- Worker ---
sudo docker pull apinizercloud/worker:2022.04.01 $ sudo docker tag apinizercloud/worker:2022.04.01 YOUR-IP:5000/worker:2022.04.01 $ sudo docker push YOUR-IP:5000/worker:2022.04.01 --- Cache ---
sudo docker pull apinizercloud/cache:2022.04.01 $ sudo docker tag apinizercloud/cache:2022.04.01 YOUR-IP:5000/cache:2022.04.01 $ sudo docker push YOUR-IP:5000/cache:2022.04.01
Sample: Uploading an Apinizer image taken as .tar to the registry
Apinizer Image'ı yükleme
docker image load < apinizer-manager.tar
docker tag apinizer-manager:latest YOUR-IP:5000/apinizer-manager:latest
docker push YOUR-IP:5000/apinizer-manager:latest
Adding Images to Local Docker Registry with Linux Schell Code
Listing versions of images with v2 API
vi pullApinizerImages.sh
#!/bin/bash
localRepositoryUrl=YOUR-IP:5000
if [ "$localRepositoryUrl" == "$localRepositoryUrl" ]; then
echo "Please enter your local Docker Repository URL"
else
echo "Your Local Repository Url : "$localRepositoryUrl
fi
if [ $# -eq 0 ]; then
echo "Please enter the version information as a parameter."
exit
fi
echo 'Version = ' $1
version=$1
docker pull apinizercloud/manager:"$version"
docker tag apinizercloud/manager:$version $localRepositoryUrl/manager:$version
docker push $localRepositoryUrl/manager:$version
docker pull apinizercloud/worker:$version
docker tag apinizercloud/worker:$version $localRepositoryUrl/worker:$version
docker push $localRepositoryUrl/worker:$version
docker pull apinizercloud/cache:$version
docker tag apinizercloud/cache:$version $localRepositoryUrl/cache:$version
docker push $localRepositoryUrl/cache:$version
echo "Image pull operation completed."
Usage
# List image'n versions with v2 API
sh pullApinizerImages.sh 2022.04.01
# Catalog information query
curl http://YOUR-IP:5000/v2/_catalog
{
"repositories": [
"cache",
"manager",
"worker"
]
}
# Registry listing with v2 API
curl http://YOUR-IP:5000/v2/manager/tags/list
{
"name": "manager",
"tags": [
"2022.04.01"
]
}
# image path when deploying to k8s
image: myregistry.local:5000/apinizer-manager:latest
# To delete images in the repository
cd /var/lib/registry/docker/registry/v2/repositories
sudo rm -rf *
Another issue to consider when installing a local docker Registry is SSL.
https://github.com/Juniper/contrail-docker/wiki/Configure-docker-service-to-use-insecure-registry
docker image prune -a