Followers

Docker Registry in Detail

Store Docker Images into Docker Registry (insecurely) Consideration  for this example IP address of Registry server is 172.16.16.100 Step1:-...

Store Docker Images into Docker Registry (insecurely)

Consideration  for this example

IP address of Registry server is 172.16.16.100

Step1:-  Let's Tag an image with 172.16.16.100:5000 Run below commands on Registry server

    Remove all the containers
       docker rm -f $(docker ps -a -q)

    Pull the docker image nginx (  you can take any image)   

         docker pull nginx

     Tag the image with private ip adderss of Registry server

           docker image tag nginx 172.16.16.100:5000/nginx

    Verify Image got created 

          docker images

    Create Docker registry container

      docker container run -d -p 5000:5000 --name local_registry registry

    Below command will throw the error because my repiostry is not secure 

    docker push 172.16.16.100:5000/nginx

   Error:-> Get https://172.16.16.100:5000/v2/: http: server gave HTTP response to HTTPS client

 

 If you want to push the insecure registry then create a file /etc/docker/daemon.json and enter below lines and save the file(Please change IP as per your docker host system ip

 

  {

     "insecure-registries": ["172.16.16.100:5000"]

  }


  Restart Docker daemon

   systemctl restart docker

 Start docker registry container

    docker start local_registry 

  Push nginx repiostry , it should be pushed to docker registry without any error

   docker push 172.16.16.100:5000/nginx

How to pull insecure registry on remote system

Take another Virtual Machine that is in the same network and install docker into that remote machine

Install docker

   apt update && apt install docker.io -y

If you want to push the insecure registry then create a file /etc/docker/daemon.json and enter below lines and save the file(Please change IP as per your docker host system ip

 

  {

     "insecure-registries": ["172.16.16.100:5000"]

  }

    Restart Docker daemon

     systemctl restart docker

   Pull the Docker Registry image

     docker pull 172.16.16.100:5000/nginx

   Verify image is available on this system

     docker images


How to create secure Regsitry

 First remove daemon.json file on Docker Registry and Remote System

       rm /etc/docker/daemon.json

 Restart docker service

     systemctl restart docker

 On Docker Registry Server remove local_registry Container ( if it is in running state)

   docker rm -f local_registry

 Create a directory to keep the certificates on Docker Registry Server

  mkdir /certs 

 Create a directory certs in /etc/docker directory

  mkdir /etc/docker/certs.d

 Create a directory for images

  mkdir /my_repo  

 Create a self signed certificate with openssl utility.

openssl req -newkey rsa:4096 -nodes -sha256 -keyout /certs/domain.key -addext "subjectAltName = DNS:repo.docker.kmit" -x509 -days 365 -out /certs/domain.crt

it asks some optional questions but the mandatory step is to provide common name

   Common Name :-  repo.docker.kmit  ( you can give any name)

Create a directory with   repo.docker.kmit:5000 under /etc/docker/certs.d directory

  mkdir -p /etc/docker/certs.d/repo.docker.kmit:5000

Goto /certs directory

  cd /certs

Copy /certs/domain.crt file to  /etc/docker/certs.d/repo.docker.kmit:5000 with name ca.crt

  cp domain.crt /etc/docker/certs.d/repo.docker.kmit\:5000/ca.crt

When using authentication, some versions of Docker also require you to trust the certificate at the OS level.

   cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt


Run a secure registry

docker run -d -p 5000:5000 -v /my_repo:/var/lib/registry -v /certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart on-failure --name myregistry registry

Resolve repo.docker.kmit name by adding entry in /etc/hosts file (172.16.16.100 is docker host ip)

   172.16.16.100 repo.docker.kmit

Download any image and tag it as repo.docker.kmit:5000

  docker pull mysql

  docker image tag mysql  repo.docker.kmit:5000/mysql

 Push it to docker registry

  docker push repo.docker.kmit:5000/mysql

How to pull Images securely on Client or Remote System

 Login to remote system which is on same network and docker is installed on it.

Resolve repo.docker.kmit name by adding entry in /etc/hosts file (172.16.16.100 is docker registry ip)

   172.16.16.100 repo.docker.kmit

Create a directory /etc/docker/certs.d/repo.docker.kmit:5000

mkdir -p /etc/docker/certs.d/repo.docker.kmit:5000

 Copy valid certificate domain.crt file from docker Registry server  and keep it at /etc/docker/certs.d/repo.docker.kmit\:5000/

Pull docker image from docker registry and it will be sucessfull

   docker pull repo.docker.kmit:5000/mysql

   

  

COMMENTS

Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,ELK,2,git,2,Jira,1,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SonarQube,3,Splunk,2,vagrant kubernetes,1,YAML Basics,1,
ltr
item
DevOpsWorld: Docker Registry in Detail
Docker Registry in Detail
DevOpsWorld
https://www.devopsworld.co.in/2021/06/docker-registry-in-detail.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2021/06/docker-registry-in-detail.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content