Running Docker Registry
- A private image registry for your network
- Part of the docker/distribution GitHub repo
- The de facto in private container registries
- Not as full featured as Hub or others, no web UI, basic auth only
- At its core: a web API and storage system, written in Go
- Storage supports local, S3/Azure/Alibaba/Google Cloud, and OpenStack Swift
Registry and Proper TLS
- "Secure by Default": Docker won't talk to registry without HTTPS
- Except, localhost (127.0.0.0/8)
- For remote self-signed TLS, enable "insecure-registry" in engine
Using Docker Registry Locally
- If we want to preserve registry data we need to use bind mount or volume
~> docker container run -d -p 5000:5000 --name registry -v $(pwd)/registry-data:/var/lib/registry registry
4d56aa4d7f07378bf47aeee48979b07bf5b7608aa6b9a8ac662aa8d5de02f11e
~> docker image ls | egrep "REPOSITORY|registry"
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 28525f9a6e46 2 weeks ago 33.2MB
~> docker pull hello-world
~> docker tag hello-world 127.0.0.1:5000/hello-world
~> docker image ls | egrep "REPOSITORY|hello"
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest 05a3bd381fc2 3 weeks ago 1.84kB
127.0.0.1:5000/hello-world latest 05a3bd381fc2 3 weeks ago 1.84kB
~> docker push 127.0.0.1:5000/hello-world
The push refers to a repository [127.0.0.1:5000/hello-world]
3a36971a9f14: Preparing
3a36971a9f14: Pushed
latest: digest: sha256:a5074d61e1e0175fb3a46e0bab46b1f764380ad00cac0e71d53bd4917d196988 size: 524
~> docker image rm hello-world
Untagged: hello-world:latest
Untagged: hello-world@sha256:b2ba691d8aac9e5ac3644c0788e3d3823f9e97f757f01d2ddc6eb5458df9d801
~> docker image rm 127.0.0.1:5000/hello-world
Untagged: 127.0.0.1:5000/hello-world:latest
Untagged: 127.0.0.1:5000/hello-world@sha256:a5074d61e1e0175fb3a46e0bab46b1f764380ad00cac0e71d53bd4917d196988
Deleted: sha256:05a3bd381fc2470695a35f230afefd7bf978b566253199c4ae5cc96fafa29b37
Deleted: sha256:3a36971a9f14df69f90891bf24dc2b9ed9c2d20959b624eab41bbf126272a023
~> docker image ls | egrep "REPOSITORY|hello"
REPOSITORY TAG IMAGE ID CREATED SIZE
~> docker pull 127.0.0.1:5000/hello-world
Using default tag: latest
latest: Pulling from hello-world
5b0f327be733: Pulling fs layer
5b0f327be733: Verifying Checksum
5b0f327be733: Download complete
5b0f327be733: Pull complete
Digest: sha256:a5074d61e1e0175fb3a46e0bab46b1f764380ad00cac0e71d53bd4917d196988
Status: Downloaded newer image for 127.0.0.1:5000/hello-world:latest
~> cd ./data && tree
data
└───docker
└───registry
└───v2
├───blobs
│ └───sha256
│ ├───20
│ │ └───2075ac87b043415d35bb6351b4a59df19b8ad154e578f7048335feeb02d0f759
│ ├───48
│ │ └───48b5124b2768d2b917edcb640435044a97967015485e812545546cbed5cf0233
│ └───98
│ └───983bfa07a342e316f08afd066894505088de985d46a9af743920aa9cafd17e7a
└───repositories
└───hello-world
├───_layers
│ └───sha256
│ ├───48b5124b2768d2b917edcb640435044a97967015485e812545546cbed5cf0233
│ └───983bfa07a342e316f08afd066894505088de985d46a9af743920aa9cafd17e7a
└───_manifests
├───revisions
│ └───sha256
│ └───2075ac87b043415d35bb6351b4a59df19b8ad154e578f7048335feeb02d0f759
└───tags
└───latest
├───current
└───index
└───sha256
└───2075ac87b043415d35bb6351b4a59df19b8ad154e578f7048335feeb02d0f759
Recap
- Run the registry image (not preserve data)
docker container run -d -p 5000:5000 --name registry registry
- Run the registry image (preserve data)
docker container run -d -p 5000:5000 --name registry -v $(pwd):/var/lib/registry registry
- Re-tag an existing image and push it to your new registry
docker tag hello-world 127.0.0.1:5000/hello-world
docker push 127.0.0.1:5000/hello-world
- Remove that image from local cache and pull it from new registry
docker image rm hello-world
docker image rm 127.0.0.1:5000/hello-world
docker pull 127.0.0.1:5000/hello-world
External links