Pushing and pulling images with a local registry

You can only push images to a registry if the image tag matches the registry domain. The process for tagging and pushing is the same as with Docker Hub, but you need to explicitly include the local registry domain in the new tag. These commands pull my registry server image from Docker Hub and add a new tag, making it suitable to be pushed to the local registry:

docker image pull dockeronwindows/ch04-registry:2e

docker image tag dockeronwindows/ch04-registry:2e registry.local:5000/infrastructure/registry:v2.6.2

The docker image tag command specifies the source tag first, and then the target tag. You can change every part of the image name for the new target tag. I've used the following:

  • registry.local:5000 is the registry domain. The original image name had an implied domain of docker.io.
  • infrastructure is the account name. The original account name was dockeronwindows.
  • registry is the repository name. The original was ch04-registry.
  • v2.6.2 is the image tag. The original tag was 2e.
If you're wondering why all of the images for this book have the 2e tag, it's because I've used that to identify them as working with the second edition of this book. I didn't use tags for images in the first edition, so they all have the implied tag of latest. They still exist on Docker Hub, but by tagging the new versions as 2e, I can publish images to the same repositories without breaking the code samples for readers of the first edition.

I can try to push the new tagged image to the local registry, but Docker won't let me use the registry yet:

> docker image push registry.local:5000/infrastructure/registry:v2.6.2

The push refers to a repository [registry.local:5000/infrastructure/registry]
Get https://registry.local:5000/v2/: http: server gave HTTP response to HTTPS client

The Docker platform is secure by default, and the same principle extends to image registries. The Docker Engine expects to use HTTPS to communicate with registries so that the traffic is encrypted. My simple registry installation uses plaintext HTTP, so I get an error saying Docker tried to use an encrypted transport for the registry but only an unencrypted transport was available.

There are two options for setting up Docker to use the local registry. The first is to extend the registry server to secure the communication the registry server image can run over HTTPS if you supply it with an SSL certificate. That's what I would do in a production environment, but to start out I can use the other option and make an exception in the Docker configuration. The Docker Engine will allow a HTTP registry to be used if it's explicitly named in an allowed list of insecure registries.

You can run the registry image with HTTPS using your company's SSL certificate or a self-signed certificate, which means that you don't need to configure the Docker Engine to allow insecure registries. There is a Windows registry walkthrough in Docker's lab repository on GitHub, docker/labs, which explains how to do that.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.206.254