Using Docker Enterprise Edition to build your own private registry server

Docker is really cool, especially because it's so easy to move Docker images around compared to using a virtual machine. If you are ready to use Docker, you must have already pulled the complete image from Docker Hub. Docker Hub is Docker's cloud-based registry server service that contains thousands of Docker images to choose from. If you develop your own software packages and create your own Docker images, you will want to have your own private registry. If you have images with proprietary licenses, or want to provide a complex continuous integration (CI) process for your build system, you should have your own private registry.

Docker Enterprise Edition includes the Docker Trusted Registry (DTR). It is a highly available registry server with secure image management, built to run in your own data center or on cloud-based infrastructure. In the following, we will see that DTR is a key component in providing a secure, reusable, and continuous software supply chain. You can get started right away with our free hosted demo, or download and install for a 30-day free trial. Here are the steps to get started with the installation yourself.

Configure Docker Enterprise Edition

DTR runs on the Universal Control Panel (UCP), so you need to install a single-node cluster before you get started. If you already have your own UCP cluster, you can skip this step. On your Docker host, run the following command:

# Pull and install UCP
docker run -it -rm -v /var/run/docker.sock:/var/run/docker.sock -name ucp docker/ucp:latest install

Once UCP is up and running, there are a few things you need to do before installing DTR. Open a browser against the UCP instance you just installed. There should be a link at the end of the log output. If you already have a Docker Enterprise Edition license, enter it on this screen. If you don't have it yet, you can visit the Docker Store to get a free 30-day trial.

Once you have your licenses ready, you may want to change the port that UCP runs on. Since this is a single node cluster, DTR and UCP may run their web services on the same port. If you have a UCP cluster with more than one node, this is not a problem, as DTR will find a node with the required free ports. In UCP, click "Admin Settings -> Cluster Configuration" and change the controller port, such as 5443.

Installing DTR

We are going to install a simple, single-node DTR instance. If you are installing DTR for actual production use, you will want to set it up in high availability (HA) mode, which requires another storage medium, such as cloud-based object storage or NFS (LCTT translation note: Network File System). Because the current installation is a single-node instance, we still use the default local storage.

First we need to pull the bootstrap image of DTR. The boostrap image is a tiny, standalone installer that includes all the containers, volumes, and logical networks needed to connect to UCP and set up and start DTR.

Use command:

# Pull and run the DTR bootloader docker run -it -rm docker/dtr:latest install -ucp-insecure-tls

Note: By default, UCP and DTR have their own certificates, which are not recognized by the system. If you have already set up UCP with a TLS certificate that your system trusts, you can omit -ucp-insecure-tls option. Alternatively, you can use the -ucp-ca option to specify the UCP CA certificate directly.

The DTR bootstrap image will then ask you to confirm a few settings, such as the URL of the UCP installation and the administrator's username and password. It only takes one to two minutes to pull all the DTR images and set up everything.

Keep everything safe

Once everything is ready, you can push or pull images to or from the registry. Before we do that, let's set up TLS certificates to communicate securely with DTR.

On Linux, we can use the following command (just make sure to change the DTR_HOSTNAME variable to correctly map the DTR we just set up):

# Pull the CA certificate from DTR (if curl is not available, you can use wget)
DTR_HOSTNAME=<DTR host name>
curl -k https://$(DTR_HOSTNAME)/ca > $(DTR_HOSTNAME).crt
sudo mkdir /etc/docker/certs.d/$(DTR_HOSTNAME)
sudo cp $(DTR_HOSTNAME) /etc/docker/certs.d/$(DTR_HOSTNAME)
# Restart the docker daemon (on Ubuntu 14.04, use the command `sudo service docker restart`)
sudo systemctl restart docker

We install the client differently for Docker for Mac and Windows. Go to "Settings -> Daemon", and in the "Insecure Registration Server" section, enter your DTR hostname. Click "Apply" and the docker daemon should be good to go after restarting.

Pushing and pulling images

Now we need to set up a repository to store our images. This is a little different from Docker Hub, in that if you do a docker push and the repository doesn't exist, it will automatically create one. To create a repository, open https://<Your DTR hostname> in your browser and log in using your admin credentials when prompted. If you add a license to the UCP, the DTR automatically acquires that license. If not, please confirm uploading your license now.

After entering the web page just now, click the "New Warehouse" button to create a new warehouse.

We will create a repository for storing Alpine linux, so type "alpine" in the name input and click "Save" (called "Create" in DTR 2.5 and later).

Now we go back to the shell interface and enter the following command:

# Pull the latest version of Alpine Linux docker pull alpine:latest
# Log in to the new DTR instance docker login <Your DTR hostname>
# Tag Alpine to enable push to your DTR
docker tag alpine:latest <Your DTR hostname>/admin/alpine:latest
# Push the image to DTR docker push <Your DTR hostname>/admin/alpine:latest

That's it! We just pushed a copy of the latest Alpine Linux, re-tagged it to store it in DTR, and pushed it to our private registry. If you want to pull the image to a different Docker engine, set up your DTR certificate as shown above, then execute the following command:

# Pull the image from DTR docker pull <Your DTR hostname>/admin/alpine:latest

DTR has many excellent image management features, such as image caching, imaging, scanning, signing and even automated supply chain policies. We explore these features in more detail in later blog posts.

Summarize

The above is what I introduced to you about using Docker Enterprise Edition to build your own private registration server. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!