The Docker registry is a central image distribution service. When we pull or push an image, it's from the Docker registry. It can be commercially hosted (CoreOS Quay https://quay.io/ is an example, Docker's own https://hub.docker.com/ is another), or it can be self-hosted (for privacy, speed, bandwidth issues, or company policy). Docker Inc. made it simple for us to deploy it; it's extensively documented and packaged. Amongst the many deployable features, we'll start by simply deploying a single registry ready to be load-balanced, and then we'll switch its backend storage to AWS S3, so disk space will never be an issue again.
To step through this recipe, you will need the following:
- A working Docker installation
- An AWS account with full S3 access
We'll use Docker Compose to work through this recipe. Our objective is to host our own private Docker registry, initially using local storage, then an S3 bucket for infinite space. The registry will be available on http://localhost:5000, but feel free to use any other resolvable name or a dedicated server with a locally available name.
To begin with, we need the Docker registry v2 image: registry:2. We know from the documentation that port 5000 is exposed by the registry server, so we need to forward it to our host to use it locally. If we are running multiple registries behind a load balancer, it's safe to share a common secret, let's set it to s3cr3t.
This is what our initial docker-compose.yml file looks like:
version: '2'
services:
registry:
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_SECRET: s3cr3tWith this simple setup, we already are able to run our own local Docker registry server:
$ docker-compose up
To upload an image to our private registry, the process is to simply tag the image with the local registry URL and then push it. Execute the following to tag the ubuntu:16.04 image with localhost:5000/ubuntu:
$ docker tag ubuntu:16.04 localhost:5000/ubuntu
Then, to push the image to the local registry, execute this:
$ docker push localhost:5000/ubuntu
This Docker image is now stored locally and can be reused without accessing the public network nor the Docker Hub or similar services.
An issue with a highly used local Docker registry is disk space management—it's finite. The good news is that the Docker Registry handles easily an S3 backend (or Swift if we have an internal OpenStack). For the record, Google Cloud and Azure storage are also supported. To enable the S3 backend, only a few variables need to be set in the docker-compose.yml file: the AWS region to contact, the keys, and the bucket name.
REGISTRY_STORAGE: s3
REGISTRY_STORAGE_S3_REGION: us-east-1
REGISTRY_STORAGE_S3_BUCKET: registry-iacbook
REGISTRY_STORAGE_S3_ACCESSKEY: AKIAXXXXXXXXX
REGISTRY_STORAGE_S3_SECRETKEY: 1234abcde#Destroy (docker-compose down) the previous example if you tried it, and start this updated one:
$ docker-compose up
Now tag again an image locally:
$ docker tag ubuntu:16.04 localhost:5000/ubuntu
Then, push the image to the local registry:
$ docker push localhost:5000/ubuntu
Depending on your uplink speed, it will take more or less time for the Registry to sync the layers we push with the AWS S3 backend.
- The Docker Registry documentation: https://docs.docker.com/registry/configuration/