Docker_registry
Chapter 09: Docker Registry
Section titled “Chapter 09: Docker Registry”Docker Registry is a storage and distribution system for Docker images. This chapter covers using public and private registries.
What is a Registry?
Section titled “What is a Registry?”┌─────────────────────────────────────────────────────────────────────────────┐│ Docker Registry Concept │├─────────────────────────────────────────────────────────────────────────────┤│ ││ Registry ││ ┌─────────────────────────────────────────────────────────────────────┐ ││ │ │ ││ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ ││ │ │ nginx │ │ node │ │ python │ │ myapp │ │ ││ │ │ latest │ │ 18-alpine│ │ 3.11 │ │ v1.0.0 │ │ ││ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ ││ │ │ ││ └─────────────────────────────────────────────────────────────────────┘ ││ ││ Image Format: registry/namespace/repository:tag ││ │└─────────────────────────────────────────────────────────────────────────────┘Types of Registries
Section titled “Types of Registries”1. Docker Hub (Public)
Section titled “1. Docker Hub (Public)”- Default public registry
- Free for public images
- Paid for private images
2. Docker Trusted Registry (DTR)
Section titled “2. Docker Trusted Registry (DTR)”- Enterprise on-premise solution
- Part of Docker Enterprise
3. Cloud Registries
Section titled “3. Cloud Registries”- Amazon ECR
- Google Container Registry (GCR)
- Azure Container Registry (ACR)
- GitHub Container Registry (GHCR)
4. Self-Hosted
Section titled “4. Self-Hosted”- Harbor
- GitLab Container Registry
- Nexus Repository
Docker Hub
Section titled “Docker Hub”Using Docker Hub
Section titled “Using Docker Hub”# Search for imagesdocker search nginx
# Pull imagedocker pull nginx
# Push to Docker Hubdocker tag myapp:latest username/myapp:latestdocker push username/myapp:latestDocker Hub Features
Section titled “Docker Hub Features”- Public repositories (free)
- Automated builds
- Webhooks
- Organization teams
Amazon ECR
Section titled “Amazon ECR”Setup ECR
Section titled “Setup ECR”# Login to ECRaws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
# Pull imagedocker pull 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latest
# Push imagedocker tag myapp:latest 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latestdocker push 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latestECR with Docker Compose
Section titled “ECR with Docker Compose”services: app: image: 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latestPrivate Registry
Section titled “Private Registry”Running a Local Registry
Section titled “Running a Local Registry”# Start registrydocker run -d -p 5000:5000 --name registry registry:2
# Tag image for local registrydocker tag myapp:latest localhost:5000/myapp:latest
# Push to local registrydocker push localhost:5000/myapp:latest
# Pull from local registrydocker pull localhost:5000/myapp:latestSecure Registry with TLS
Section titled “Secure Registry with TLS”# Create certificatesmkdir -p certsopenssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
# Start registry with TLSdocker run -d \ --name registry \ -p 5000:5000 \ -v $(pwd)/certs:/certs \ -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2Harbor Registry
Section titled “Harbor Registry”Installing Harbor
Section titled “Installing Harbor”# Download Harbor installerwget https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz
# Extracttar xvf harbor-offline-installer-v2.9.0.tgz
# Configurecp harbor.yml.tmpl harbor.yml# Edit harbor.yml with your settings
# Install./install.shUsing Harbor
Section titled “Using Harbor”# Logindocker login harbor.example.com
# Tag imagedocker tag myapp:latest harbor.example.com/myproject/myapp:latest
# Pushdocker push harbor.example.com/myproject/myapp:latestRegistry Operations
Section titled “Registry Operations”Listing Images
Section titled “Listing Images”# List all images in registry (using registry API)curl -s https://registry.example.com/v2/_catalog | jq
# List image tagscurl -s https://registry.example.com/v2/myapp/tags/list | jqDeleting Images
Section titled “Deleting Images”# Delete manifest (referenced by digest)curl -X DELETE https://registry.example.com/v2/myapp/manifests/sha256:abc123...
# Run garbage collectiondocker exec registry /bin/registry garbage-collect /etc/registry/config.ymlAuthentication
Section titled “Authentication”Docker Login
Section titled “Docker Login”# Login to Docker Hubdocker login
# Login to private registrydocker login registry.example.com
# Login with usernamedocker login -u username registry.example.comUsing .docker/config.json
Section titled “Using .docker/config.json”{ "auths": { "registry.example.com": { "auth": "base64-encoded-credentials" } }}Image Promotion
Section titled “Image Promotion”┌─────────────────────────────────────────────────────────────────────────────┐│ Image Promotion Pipeline │├─────────────────────────────────────────────────────────────────────────────┤│ ││ Build → Dev Registry → Staging Registry → Production Registry ││ ││ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────────┐ ││ │ Build │───▶│ Dev │───▶│ Staging │───▶│ Production │ ││ │ Server │ │ Registry │ │Registry │ │ Registry │ ││ └─────────┘ └─────────┘ └─────────┘ └─────────────┘ ││ ││ myapp:dev myapp:staging myapp:prod ││ │└─────────────────────────────────────────────────────────────────────────────┘Summary
Section titled “Summary”In this chapter, you learned:
- Docker registry concepts
- Using Docker Hub
- Amazon ECR setup and usage
- Running private registries
- Harbor registry
- Registry authentication and operations