Installing Local Docker Registry

This article shows you how to use the Docker Registry.

Why Do You Need the Docker Registry?

Public Docker images can be updated at any time. There is nothing to stop an image update with the same tag as the previous image. Therefore, if you trust the Public Registry, there is no guarantee that every environment is indeed based on the same images.

If you are using images directly from the Public Registry, you must download them to your system and upload them to your own registry so you have control over the release of updates.

Servers not connected to the Internet

Another necessary aspect of using the Local Docker Registry is if the servers running Apinizer do not have access to hub.docker.com, you need it to be able to patch (version update).

Before starting the installation

Follow these steps to install and configure the Docker registry on your CentOS 7 server.

The docker distribution package on CentOS 7.4 is available in the extra repository. You may need to enable it if CentOS 7 is disabled on your system.

Installation Steps

Setup

sudo yum -y install docker-distribution

POWERSHELL

Configure the Docker Registry

The Docker registry configuration file is located at /etc/docker-distribution/registry/config.yml. It is in YAML format. If you need to make any changes, do so here. Example configuration file is shown below:

version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /var/lib/registry
http:
    addr: :5000

POWERSHELL

From the default config file:

/var/lib/: registry is the directory where docker images will be stored.
Service: will connect to port 5000 on all network interfaces

If you have SELinux enabled, you may have a problem using port 5000, consider disabling SELinux or putting it in permissive mode if you encounter problems.

If the firewall is enabled and running, allow the port in the firewall.

firewall-cmd --add-port = 5000 / tcp
firewall-cmd

POWERSHELL

Start the Docker Registry

Now you can start the service and set it to start on boot.

systemctl start docker-distribution
systemctl enable docker-distribution

POWERSHELL

Verify that the docker-distribution service is running:

systemctl status docker-distribution

● docker-distribution.service - v2 Registry server for Docker
   Loaded: loaded (/usr/lib/systemd/system/docker-distribution.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-03-31 14:31:16 EDT; 2min 20s ago
 Main PID: 16262 (registry)
   CGroup: /system.slice/docker-distribution.service
           └─16262 /usr/bin/registry serve /etc/docker-distribution/registry/...

POWERSHELL

Add Registry to Docker Engine

By default docker uses https to connect to the docker registry. However, there may be use cases for using an unsafe registry, especially if you're on a trusted network. This eliminates the need for a CA signed certificate for internal use or relying on a self-signed certificate on all docker nodes. Here are the steps to add the Insecure Registry to Docker Engine.

All lines in the /etc/docker/daemon.json file are deleted and the following line is added.

vi /etc/docker/daemon.json

{
 "insecure-registries" : ["dockerregistry.local:5000"]
}

POWERSHELL

The above line must be done on all servers that will connect to /etc/docker/daemon.json docker registry.

Now that the registry is ready, you can start importing docker images into it. If you don't have a DNS server, use the /etc/hosts file to map the hostname to the IP Address.

cat /etc/hosts

192.168.5.10 dockerregistry.local

POWERSHELL

It can also be added like this: "insecure-registries" : ["192.168.5.10:5000"]

Note: If the hostname is written, it must be specified in the host files of the other machines in the k8s cluster.

After making the above changes, restart Docker.

systemctl restart docker

POWERSHELL

Using the Docker Registry

First of all, the images are downloaded to the environment with the docker registry installed.

sudo docker pull apinizercloud/manager:2022.04.01

POWERSHELL

Tag the image as dockerregistry.local:5000 /manager:2022.04.01. This creates an additional tag for the current image. When the first part of the tag is a hostname and port, Docker interprets it as the location of a registry during push.

docker tag apinizercloud/manager:2022.04.01 dockerregistry.local:5000/manager:2022.04.01

POWERSHELL

Submit the image to the local registry running at dockerregistry.local:5000/manager:2022.04.01.

docker push dockerregistry.local:5000/manager:2022.04.01

POWERSHELL

If the image upload was successful, you should finally get the sha256 hash. The exported images are stored under the /var/lib/registry/docker/registry/v2/repositories directory.

ls /var/lib/registry/docker/registry/v2/repositories

POWERSHELL

Example Uses

Sample: To push the image that was pulled to the local registry. To install Manager, Worker and Caches;

sudo docker pull apinizercloud/manager:2022.04.01 $ sudo docker tag apinizercloud/manager:2022.04.01 YOUR-IP:5000/manager:2022.04.01 $ sudo docker push YOUR-IP:5000/manager:2022.04.01  --- Worker ---
sudo docker pull apinizercloud/worker:2022.04.01 $ sudo docker tag apinizercloud/worker:2022.04.01 YOUR-IP:5000/worker:2022.04.01 $ sudo docker push YOUR-IP:5000/worker:2022.04.01  --- Cache ---
sudo docker pull apinizercloud/cache:2022.04.01 $ sudo docker tag apinizercloud/cache:2022.04.01 YOUR-IP:5000/cache:2022.04.01 $ sudo docker push YOUR-IP:5000/cache:2022.04.01

POWERSHELL

Sample: Uploading an Apinizer image taken as .tar to the registry

Apinizer Image'ı yükleme

docker image load < apinizer-manager.tar
docker tag apinizer-manager:latest YOUR-IP:5000/apinizer-manager:latest
docker push YOUR-IP:5000/apinizer-manager:latest

POWERSHELL

Adding Images to Local Docker Registry with Linux Schell Code

Listing versions of images with v2 API

vi pullApinizerImages.sh

#!/bin/bash
localRepositoryUrl=YOUR-IP:5000

if [ "$localRepositoryUrl" == "$localRepositoryUrl" ]; then
    echo "Please enter your local Docker Repository URL"
else
    echo "Your Local Repository Url : "$localRepositoryUrl
fi

if [ $# -eq 0 ]; then
    echo "Please enter the version information as a parameter."
    exit
fi

echo 'Version = ' $1
version=$1

docker pull apinizercloud/manager:"$version"
docker tag apinizercloud/manager:$version $localRepositoryUrl/manager:$version
docker push $localRepositoryUrl/manager:$version
 
docker pull apinizercloud/worker:$version
docker tag apinizercloud/worker:$version $localRepositoryUrl/worker:$version
docker push $localRepositoryUrl/worker:$version
 
docker pull apinizercloud/cache:$version
docker tag apinizercloud/cache:$version $localRepositoryUrl/cache:$version
docker push $localRepositoryUrl/cache:$version

echo "Image pull operation completed."

POWERSHELL

Usage

# List image'n versions with v2 API

sh pullApinizerImages.sh 2022.04.01

POWERSHELL

# Catalog information query

curl http://YOUR-IP:5000/v2/_catalog
{
    "repositories": [
        "cache",
        "manager",
        "worker"
    ]
}

POWERSHELL

# Registry listing with v2 API

curl http://YOUR-IP:5000/v2/manager/tags/list
{
    "name": "manager",
    "tags": [
        "2022.04.01"
    ]
}

POWERSHELL

# image path when deploying to k8s

image: myregistry.local:5000/apinizer-manager:latest

YML

# To delete images in the repository

cd /var/lib/registry/docker/registry/v2/repositories 
sudo rm -rf *

POWERSHELL

Another issue to consider when installing a local docker Registry is SSL.

https://github.com/Juniper/contrail-docker/wiki/Configure-docker-service-to-use-insecure-registry

docker image prune -a

POWERSHELL