Learn how to set up a private Docker registry on Rocky Linux 8. This comprehensive guide covers installation, configuration, and security best practices to help you manage your Docker images efficiently. #centlinux #linux #docker
Table of Contents
What is a Docker Registry?
A Docker registry is a centralized repository where Docker images are stored, managed, and distributed. It acts as a version control system for Docker images, allowing developers to push (upload) and pull (download) images to and from the registry. Here are the key components and functionalities of a Docker registry:
- Storage of Images: A registry stores different versions of Docker images, which are essentially packaged applications or services that include everything needed to run them (code, runtime, libraries, environment variables, etc.).
- Image Distribution: It enables the distribution of Docker images across different environments, such as development, testing, and production. Developers can pull images from the registry to run them on their local machines or other servers.
- Version Control: The registry maintains different versions of images, allowing teams to track changes and roll back to previous versions if necessary.
- Namespace and Tagging: Images in a registry are organized by namespaces (usually the username or organization name) and tags (specific versions or variants of an image), making it easy to manage and identify them.
- Access Control and Security: A registry can be configured with access controls to ensure that only authorized users can push or pull images. It can also be secured with TLS/SSL to encrypt communications.
- Automation and CI/CD Integration: Registries integrate with Continuous Integration and Continuous Deployment (CI/CD) pipelines, facilitating automated testing and deployment of Docker images.
The most commonly used public Docker registry is Docker Hub, which provides a large collection of publicly available images. However, organizations often set up private Docker registries to have more control over their images, improve security, and reduce dependency on external services.
What is Private Docker Registry?
Docker creates containers from Docker images. These images are provided by Docker Hub, a centralized public registry that contains various official and unofficial images of almost every software in the world. However, there are situations, when you require an on-premises Docker Private Registry to create and share custom docker images amongst your organizational units.
Docker Private Registry has a few advantages over Docker Hub, some of them are:
- Since, the Docker Registry is located on premises, therefore it increases availability and speed.
- Organization’s private images are kept within the Organization.
- Provides user authentication to restrict unauthorized access.
- Provides SSL based encryption for better security.
Here, we are using the Docker Engine CE to configure a Private Docker Registry. Therefore, it is advised that you should read Docker Deep Dive (PAID LINK) for some basic level understanding of Docker technology.
Recommended Online Training: Docker & Kubernetes: The Practical Guide [AWS Platform]
Environment Specification
We are using a minimal Rocky Linux 8 virtual machine with following specifications.
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – Rocky Linux 8.6 (Green Obsidian)
- Hostname – docker-01.centlinux.com
- IP Address – 192.168.116.128 /24
Updating Linux Software Packages
We are using the same Linux based Docker Server that we have configured in our previous installation guide.
By using a ssh client, connect with docker-01.centlinux.com as root user.
Refresh yum cache of your Linux server.
# dnf makecache Rocky Linux 8 - AppStream 1.9 kB/s | 4.8 kB 00:02 Rocky Linux 8 - BaseOS 1.0 kB/s | 4.3 kB 00:04 Rocky Linux 8 - Extras 974 B/s | 3.5 kB 00:03 Rocky Linux 8 - Extras 2.7 kB/s | 11 kB 00:03 Docker CE Stable - x86_64 5.0 kB/s | 3.5 kB 00:00 Metadata cache created.
Execute following command to update Linux software packages.
# dnf update -y
Check the Linux Kernel and Operating System versions.
# uname -r 4.18.0-372.13.1.el8_6.x86_64 # cat /etc/system-release Rocky Linux release 8.6 (Green Obsidian)
Check the version of Docker that is being used in this article.
# docker version Client: Docker Engine - Community Version: 20.10.17 API version: 1.41 Go version: go1.17.11 Git commit: 100c701 Built: Mon Jun 6 23:03:11 2022 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.17 API version: 1.41 (minimum version 1.12) Go version: go1.17.11 Git commit: a89b842 Built: Mon Jun 6 23:01:29 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.6 GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 runc: Version: 1.1.2 GitCommit: v1.1.2-0-ga916309 docker-init: Version: 0.19.0 GitCommit: de40ad0
Setup Private Docker Registry on Rocky Linux 8
List the locally available Docker images in your server.
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE
Docker Hub provides an image for Docker Registry.
You can download it and use to create your self hosted docker registry.
Pull the registry image from Docker Hub.
# docker pull registry Using default tag: latest latest: Pulling from library/registry 2408cc74d12b: Pull complete ea60b727a1ce: Pull complete c87369050336: Pull complete e69d20d3dd20: Pull complete fc30d7061437: Pull complete Digest: sha256:bedef0f1d248508fe0a16d2cacea1d2e68e899b2220e2258f1b604e1f327d475 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest
Create a directory to use as a consistent storage for Docker Containers.
# mkdir -p /opt/docker/containers/docker-registry/registry
Start the Docker Container with following command.
# docker run -d > --name docker-registry > --restart=always > -p 5000:5000 > -v /opt/docker/containers/docker-registry/registry:/var/lib/registry > registry 826777fa276a49f117e0b6300b036bc3f84ae5aa0a27e124a5a4a20c0c13b3e0
The service port 5000/tcp of Registry container is mapped with 5000/tcp of Docker host.
Therefore, you have to allow this service port in Linux firewall, so the network machines can access it.
# firewall-cmd --permanent --add-port=5000/tcp success # firewall-cmd --reload success
Now, pull an image from Docker Hub.
We prefer to pull Alpine Linux image, because it is smaller in size.
# docker pull alpine Using default tag: latest latest: Pulling from library/alpine 2408cc74d12b: Already exists Digest: sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c Status: Downloaded newer image for alpine:latest docker.io/library/alpine:latest
Now, tag the alpine image as follows, and make it ready to add into your Docker Private Registry.
# docker tag alpine:latest localhost:5000/alpine
Push the Alpine Linux image into Docker Local Registry.
# docker push localhost:5000/alpine The push refers to repository [localhost:5000/alpine] 2408cc74d12b: Pushed latest: digest: sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c size: 527
Get the list the locally available images of Alpine Linux.
# docker images | grep alpine alpine latest e66264b98777 5 weeks ago 5.53MB localhost:5000/alpine latest e66264b98777 5 weeks ago 5.53MB
You can see that, one image is available from Docker Hub while the other is available via your Docker Private Registry.
Read Also: How to run Docker in Docker (DinD) Container
Final Thoughts
Setting up a private Docker registry on Rocky Linux 8 ensures that you have complete control over your Docker images, enhancing security and efficiency in your development workflow. If you need expert assistance or want a customized solution, feel free to check out my services on Fiverr.