SandW
/
docker-registry-boshrelease
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Run your own private Docker Registry in standalone mode (without requiring the public index) on AWS, OpenStack or vSphere with BOSH
175 Commits 1 Branch 0 Tags 379 KiB
Shell 98.2%
HTML 1.8%
Go to file
Stark & Wayne CI Bot 1b7a730515 release v3.6.0 2022-10-03 19:16:06 +00:00
.final_builds release v3.6.0 2022-10-03 19:16:06 +00:00
ci release v3.6.0 2022-10-03 19:16:06 +00:00
config Support NFS on Xenial stemcells 2019-07-11 08:06:40 -04:00
jobs fix nfs_mounter and debian_nfs_server pre-start scripts (#45) (#46) 2019-09-16 09:46:07 -04:00
manifests release v3.6.0 2022-10-03 19:16:06 +00:00
packages Update config to be compatible with Bionic stemcell 2022-03-07 11:26:54 -06:00
releases release v3.6.0 2022-10-03 19:16:06 +00:00
src/common Fix cf_release Security Vulnerability 2017-01-26 17:03:50 -05:00
.gitignore Update to v2 Docker Registry 2015-12-10 09:38:55 -05:00
.gitmodules Update to v2 Docker Registry 2015-12-10 09:38:55 -05:00
LICENSE MIT License 2016-03-07 15:09:43 -05:00
README.md fix name of file in readme 2019-12-14 08:13:05 +11:00

README.md

Private Docker Registry deployed with BOSH

Run your own private Docker Registry in standalone mode (without requiring the public index).

Simple deployment with internal DNS

The default deployment manifest will create an internal DNS hostname docker-registry.bosh for clients to use.

bosh -d docker-registry deploy manifests/docker-registry.yml

Now fetch the self-signed root CA, and the admin basic-auth password, and store in local files:

credhub get -n /bucc/docker-registry/docker_registry_certificate -j \
    | jq -r ".value.ca" > registry-ca.pem
credhub get -n /bucc/docker-registry/docker_registry_password -j \
    | jq -r ".value" > registry-password

We can test out our registry from within the registry's own instance. First, upload our secrets:

bosh scp registry-ca.pem registry-password docker-registry:/tmp/

Next, SSH into the instance:

bosh -d docker-registry ssh

We can now interact with the Registry via its API and its DNS alias docker-registry.bosh:

$ curl https://docker-registry.bosh/v2/_catalog -u "admin:$(cat /tmp/password)" --cacert /tmp/ca.pem
{"repositories":[]}

Expose Docker Registry via Static IP

Delete the TLS certificate for the Docker Registry, so that a new one will be generated that includes both the new static IP, and the docker-registry.bosh hostname:

credhub delete -n /bucc/docker-registry/docker_registry_certificate

Select an available static IP from the Cloud Config. We'll use 10.244.0.34 below, and re-deploy the Docker Registry with the manifests/operators/static-ip.yml operator file:

bosh -d docker-registry deploy manifests/docker-registry.yml \
    -o manifests/operators/static-ip.yml \
    -v ip=10.244.0.34

Now add registry-ca.pem to system CA (please let use know if there's a way for docker login to consume a local self-signed CA). For example, in Keychain it may look like:

keychain

We can now docker login to our registry, tag ubuntu:latest as 10.244.0.34/ubuntu and push it to our registry:

docker login -u admin -p "$(cat registry-password)" 10.244.0.34
docker tag ubuntu 10.244.0.34/ubuntu
docker push 10.244.0.34/ubuntu

Our registry API confirms it now has the ubuntu image:

$ curl https://10.244.0.34/v2/_catalog -u "admin:$(cat registry-password)"
{"repositories":["ubuntu"]}