yum install -y docker-distribution
In this exercise, you will learn container registry basics, what the registry offers and how to use it.
What is container registry?
A basic container registry is a stateless, highly scalable server side application that stores and distributes container images. The docker registry is an open-source project offered under the permissive Apache license.
Why use container registries?
You should use a private container registry if you want to:
tightly control where your images are being stored
fully own your image’s distribution pipeline
integrate image storage and distribution tightly into your in-house development workflow
First, lets install the
docker-distribution package, to provide the registry software:
yum install -y docker-distribution
Next, lets set the service to auto-start at system boot:
systemctl enable docker-distribution
A) The container registry configuration file will need to be modified to allow the use of https (secure) communications. First, we will generate a certificate.
openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt
B) Answer the questions that OpenSSL asks, in any way that you see fit, but make sure that you specify a
Common Name of
localhost. Here is an example:
Generating a 4096 bit RSA private key ............................................................++ ...............................................................++ writing new private key to 'domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) :Ohio Locality Name (eg, city) [Default City]:Dublin Organization Name (eg, company) [Default Company Ltd]:workshop Organizational Unit Name (eg, section) :workshop Common Name (eg, your name or your server's hostname) :localhost Email Address :firstname.lastname@example.org
cp domain.crt /etc/pki/tls/certs
Edit the file '/etc/docker-distribution/registry/config.yml' to match the example below. Pay close attention to the last five lines, starting with tls, as these are required for configuration file.
version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /var/lib/registry delete: enabled: true http: addr: :5000 tls: certificate: /etc/docker-distribution/certs/domain.crt key: /etc/docker-distribution/certs/domain.key host: https://localhost:5000 relativeurls: false
systemctl start docker-distribution
Before we upload anything, let’s take a look to see what images we have in the local image database:
REPOSITORY TAG IMAGE ID CREATED SIZE registry.access.redhat.com/rhel7 latest 7a840db7f020 2 days ago 211MB docker.io/library/fedora latest cc510acfcd70 2 weeks ago 263MB docker.io/library/fedora_postgresql latest b105a704d05d 10 minutes ago 495MB
To push the container, either of these two commands will work.
Choose only one of the following two commands (
buildah push fedora_postgresql:latest localhost:5000/fedora_postgresql:latest
With Skopeo, we need to be a bit more specific, and specify the image ID that we saw, above, from
|This image ID will vary, and you should use the value from the output produced on your workshop instance:|
skopeo copy containers-storage:7a840db7f020 docker://localhost:5000/fedora_postgresql:latest
Next, let’s search the registry to make sure that our image made it, and is available:
podman search localhost:5000/postgresql
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED localhost:5000 localhost:5000/fedora_postgresql 0