Deploying a Private Docker Registry
If you are familiar with Docker, then surely you have at least heard of the concept of private registries. Out of the box, Docker talks directly to the public registry (Docker Hub) which is great when experimenting but can be a serious concern when deploying your software out to your customers. With the ability for anyone to push fresh code out to Docker Hub, there are numerous stability and security considerations to make regarding what images and versions should be leveraged throughout your deployment. To best address this situation, many organizations are looking to deploy a private registry for tested images to be stored and used for their production systems. Now the fun part, how do we get started? Ironically, private docker registries are available as a docker image via Docker Hub.
docker@boot2docker:~$ docker pull registry
Once you have successfully pulled down the registry docker image, you will want to start the container such that it is network accessible so other machines on your network can access it. We add an extra flag here of “–restart=always” to ensure that if the container dies that it immediately comes back up. If you are interested, you can look into restart policies to set things like max retries.
docker@boot2docker:~$ docker run -d -p 5000:5000 --restart=always --name registry registry
Once the registry is started, we can switch to another box (or stay on this box) to show how we can leverage our new registry. Begin by pulling an image from Docker Hub (busybox) so that we have something to push to our new private registry. Note: Optionally you could also create and build your own container from scratch and push that to the private registry as well.
docker@testmachine:~$ docker pull busybox
Now that we have an image to play with, lets push it up to our private repository. First, we will need to tag our image to the private registry and then push it. Since we are using the latest version of busybox, the fully-qualified-image-name (FQIN) is busybox:latest. Therefore, we’ll tag it the registry using the following command and then immediately push it.
docker@testmachine:~$ docker tag busybox:latest <domainOfDockerRegistry>:5000/busybox:latest
docker@testmachine:~$ docker push <domainOfDockerRegistry>:5000/busybox:latest
To finish, we’ll remove busybox from our current running machine and then re-pull the image from our private repository
docker@testmachine:~$ docker rmi <domainOfDockerRegistry>:5000/busybox:latest
docker@testmachine:~$ docker rmi busybox:latest
docker@testmachine:~$ docker pull <domainOfDockerRegistry>:5000/busybox:latest
And that’s it, you now have your own private registry deployed and it’s successfully running. Now be aware, all docker containers are ephemeral by default meaning that if the registry container gets removed so does all of the images it is currently hosting. Luckily there are numerous drivers out there that you can leverage to persistently back your running container. Interested in how you can run a stable and secure private docker registry? Need assistance in orchestrating a container-based environment? Contact us today!