Docker Registry: How to work with it easily

Docker Registry: How to work with it easily
Techiio-author
Written by Nilima PaulFebruary 15, 2022
12 min read
Docker
4 VIEWS 0 LIKES 0 DISLIKES SHARE
0 LIKES 0 DISLIKES 4 VIEWS SHARE
Techiio-author
Nilima Paul

Technology Security Analyst

We will be able to learn more about Docker Registery in this article. We will learn how to run it as well as how to use it.

Introduction to Docker Registry:

Docker Registry is utilized to store Docker pictures for example peruse just format. As such, the Docker library stores Docker vaults that hold Docker pictures in various labeled variants. It is an open-source, stateless, and profoundly adaptable waiter side application. It permits us to control where we need to store our Docker pictures, we completely own our picture circulation pipeline and incorporate it with the in-house improvement work process. Docker library is just viable with the Docker motor form 1.6.0 or higher. We can utilize default stockpiling driver for example POSIX record framework for advancement or little organizations anyway it is prescribed to utilize upheld cloud-based capacity drivers like S3, Microsoft Azure, Openstack Swift, and so on.

How does Registry work in Docker:

We can run our vault to incorporate with our CI/CD pipeline. In this way, assuming there is any resolve to source code, the SCM device would set off an expansion on our CI framework, and if the form is effective, it would push the new picture to our vault. The Registry then, at that point, sends the notice that would set off an arrangement on an organizing climate. We can rapidly send another picture over an enormous group of machines utilizing the CI/CD model. We can share Docker pictures inside a confined organization utilizing the Docker library. It upholds TLS and essential confirmation for tying down admittance to our facilitated pictures.

We can a run private registry as a container using the below command:

Code:

$docker run -d -p 5000:5000 --restart=always --name my-registry registry:2
$docker tag alpine localhost:5000/alpine
$docker push localhost:5000/alpine

In the above model, we have begun a vault compartment named 'my-library' utilizing 'registry:2' Docker picture and it is tuning in on port 5000 and restart choice is set to 'generally' so if holder halted regardless, docker daemon will begin it consequently.

Presently, If we need to push any Docker picture to this private vault, we need to re-label the current Docker picture with 'localhost:5000/<Docker_Image_name>' as the initial segment of the Docker picture tells about the library where this picture ought to be pushed. This is applied when we pull the Docker picture too. Notwithstanding, assuming that we just determine the Docker picture name, Docker daemon naturally adds 'docker.io/library/' before the Docker Image name and which coordinates to pull a picture from true Docker Hub. For instance, to pull the 'ubuntu' Docker picture from true Docker Hub, we run the order as underneath :

Code:

$docker pull ubuntu

Furthermore, when we attempt to push the 'high' Docker Image the same thing occurs. Docker daemon consequently adds 'docker.io/library/' to the picture and attempts to push it to true Docker Hub anyway it expects confirmation to push the picture to true Docker Hub. We can make our Docker ID and push the Docker picture to our Docker ID anyway we again re-label the Docker Image with our Docker ID and Docker picture name.

Code:

$docker push alpine

Code:

$docker tag alpine sarab303/alpine
$docker push sarab303/alpine

We can pass extra choices or adjusted choices to change the fundamental design of the library. For instance, changing the default listening port, redo capredoingy area, carrying out TLS for getting the vault, and so forth

We should accept that we as of now have an application tuning in on port 5000 and we need to uncover the library on port 5003, we can do that as underneath:

Code:

$docker run -d -p 5003:5000 --restart=always --name my-registry registry:2
$docker tag alpine localhost:5003/alpine
$docker push localhost:5003/alpine

If we want to use a different port other than the default port on which registry listens within the container, we can change that as well by using the environment variable REGISTRY_HTTP_ADDR as shown in the below command:

Code:

$docker run -d \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5003 \
-p 5003:5003 \
--name my-registry \
registry:2

We can customize the storage location to store the repositories of the registry persistently, we can accomplish this by mounting the host location or volume to the container. Here, we run the registry container as below to bind mount the host directory ‘/mnt/registry’ into the registry container at ‘/var/lib/registry/’.

Code:

$docker run -d \
-p 5000:5000 \
--restart=always \
--name my-registry \
-v /mnt/registry:/var/lib/registry \
registry:2
$docker tag alpine localhost:5000/alpine
$docker push localhost:5000/alpine
$docker container stop my-registry &&docker container rm my-registry
$docker image rm alpine localhost:5000/alpine
$docker run -d \
-p 5000:5000 \
--restart=always \
--name my-registry \
-v /mnt/registry:/var/lib/registry \
registry:2
$docker pull localhost:5000/alpine

In the above model, began another nearby vault named 'my-library' and labeled the 'snow capped' Docker picture to 'localhost:5000/high' and pushed it to the neighborhood vault, then, at that point, halted the vault holder and erased it. Likewise eliminated locally accessible 'high' and 'localhost:5000/elevated' Docker pictures from the host. Presently, again began another vault compartment and mounted a similar host index to this holder and attempted to pull the prior pushed Docker picture for example 'localhost:5000/snow capped' and it is fruitful.

Be that as it may, the above execution is just for the end goal of testing as there is no validation component is carried out. We should execute fundamental verification for our private vault by producing an 'htpasswd' record and self-marked declarations utilizing underneath orders:

Code:

$mkdirauth
$docker run --entrypointhtpasswd registry:2 -Bbn user1 P@ssw0rd>auth/htpasswd
$mkdir certs
$ opensslreq \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt

In the above model, we have made a registry called 'auth' and 'certs' to store the htpasswd accreditations and self-marked testaments separately. In the first place, we have made the client 'user1' with the secret key 'P@ssw0rd' and put away it in the 'htpasswd' record under 'auth' envelope, then, at that point, created self marked endorsements utilizing OpenSSL and put away the 'domain. key' and 'domain. crt' documents in the 'certs' organizer keeping all subtleties clear aside from the normal name of the server.

Presently, we make another holder with extra choices and mount the certs and auth envelopes to it.

Code:

$docker run -d -p 443:443 --restart=always --name my-registry \
-v /home/ssingh/certs:/certs \
-v /home/ssingh/auth:/auth \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2

Code:

$docker tag nginx localhost:443/nginx
$docker push localhost:443/nginx
$docker login localhost:443
$docker push localhost:443/nginx

In the above depiction, labeled the 'Nginx' Docker picture to 'localhost:443/Nginx and attempted to push to the recent arrangement private library any way we can see that it is giving mistake that says 'no fundamental auth certifications'. Signed into the private vault utilizing the accreditations of 'user1' and the picture has been pushed to the private library effectively.

Conclusion:

Docker Registry is an extraordinary answer for facilitating on-pre private library, in any case, there are choices accessible for Docker Registry like Docker Hub which is allowed to utilize, facilitated vault by Docker, need to pay for extra highlights, however, and DTR, for example, Docker Trusted Registry is an economically upheld adaptation of the library, accompanies Docker Enterprise Edition.

Docker
Docker Registry
DevOps
Docker swarm
NodeJS
4 VIEWS 0 LIKES 0 DISLIKES SHARE
0 LIKES 0 DISLIKES 4 VIEWS SHARE
Was this blog helpful?
techiio-price-plantechiio-price-plantechiio-price-plantechiio-price-plantechiio-price-plan
You must be Logged in to comment
Code Block
Techiio-logo

Techiio is on the journey to build an ocean of technical knowledge, scouring the emerging stars in process and proffering them to the corporate world.

Follow us on:

Subscribe to get latest updates

You can unsubscribe anytime from getting updates from us
Developed and maintained by Wikiance
Developed and maintained by Wikiance