DEV Community

Cover image for Docker Registry Management
Waji
Waji

Posted on

Docker Registry Management

Introduction

A Docker registry is a place to store Docker images. There are two types of Docker registries

  • Private registry
  • Public registry

Docker Hub is a popular public registry, but organizations often prefer to use their own private registry to store and manage their images as it provides more control over image access and security.

Docker registry management involves pushing and pulling images from a registry, as well as managing access control, security, and versioning. To facilitate these tasks, various Docker registry management tools are available, such as Docker Trusted Registry, Harbor, and JFrog Artifactory

πŸ‘‰ In this post, I will be testing Docker-Hub repository, Nexus Repository and then apply GitHub actions to build an image automatically (CI)


Hands on Docker-Hub

πŸ’‘ If you don't have a dockerhub ID, you can refer to the steps mentioned over here

After logging in to our account in Docker hub, we need to head to 'repositories' and select 'create repository'

Creat

Creating a private repository

Repo

Once the repository is created, we can confirm the repository name

Repo

Now back to our Linux terminal. I will be working on a new directory

mkdir /DockerFile_Root
cd /DockerFile_Root
Enter fullscreen mode Exit fullscreen mode

Creating a simple test index.html file

cat "Test" > index.html
Enter fullscreen mode Exit fullscreen mode

Creating a Dockerfile

vi Dockerfile

FROM nginx:latest
LABEL maintainer "Author <Author@localhost.com>"
ADD index.html /usr/share/nginx/html
Enter fullscreen mode Exit fullscreen mode

Building this dockerfile

docker build -t mynginx:v1 ./

Successfully built a367f58de111
Successfully tagged mynginx:v1
Enter fullscreen mode Exit fullscreen mode

Logging in to my docker hub

docker login
Username:
Password:
Login Succeeded
Enter fullscreen mode Exit fullscreen mode

Pushing the image to our docker hub repository

docker tag mynginx:v1 waji97/myrepo:v1
docker push waji97/myrepo:v1
Enter fullscreen mode Exit fullscreen mode

Deleting the local images and tags

docker rmi mynginx:v1
docker rmi waji97/myrepo:v1
Enter fullscreen mode Exit fullscreen mode

Checking the repository from dockerhub

Image

Now we can start a docker container on our local machine using this image from our dockerhub

docker run -d --name Mynginx_1 -p 80:80 waji97/myrepo:v1
Unable to find image 'waji97/myrepo:v1' locally
v1: Pulling from waji97/myrepo
.
.
Status: Downloaded newer image for waji97/myrepo:v1
c3eeab8e250c18e472f105356790368253eb60991532d0b9b786829f94bf6bbe
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ We can see that it pulled from my repository

Checking the docker process and images

docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                NAMES
c3eeab8e250c        waji97/myrepo:v1    "/docker-entrypoint.…"   About a minute ago   Up About a minute   0.0.0.0:80->80/tcp   Mynginx_1

docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
waji97/myrepo       v1                  a367f58de111        10 minutes ago      142MB
Enter fullscreen mode Exit fullscreen mode

We can also visit our nginx server

Test


Hands on Nexus Repository

Nexus repository is a popular open-source repository manager developed by Sonatype. Nexus provides storing & managing software components, access control and integration with tools like Jenkins and Docker.

It was mainly used with Java projects and the repositories were accessible by an WEB UI. We will be using Nexus repository to build a private image repository using docker format.

There are three types of nexus repository:

  • Hosted: a private repository within a company (uploads are only possible locally)
  • Proxy: mirrors remote repositories (cache)
  • Group: groups various types of repositories together

Nexus

πŸ‘‰ Before starting the hands on, I recommend turning off swap memory using swapoff -a

We will start by creating a volume

docker volume create nexus_volume
nexus_volume
Enter fullscreen mode Exit fullscreen mode

Next we will change the ownership for the data directory for this volume

chown 200:200 /var/lib/docker/volumes/nexus_volume/_data/
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ We need to change this as not changing this could possibly incur push/pull errors later

Pulling the nexus image

docker pull sonatype/nexus3:latest
Enter fullscreen mode Exit fullscreen mode

Now, we will create a new container for our nexus repo

docker run -d --name Nexus -p 8081:8081 -p 5000-5001:5000-5001 -v nexus_volume:/nexus-data sonatype/nexus3
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ I would recommend to have atleast 3GBs of RAM in your host system for the above to actually run

docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
9c68a0f95437        sonatype/nexus3     "/opt/sonatype/nexus…"   3 seconds ago       Up 1 second         0.0.0.0:5000-5001->5000-5001/tcp, 0.0.0.0:8081->8081/tcp   Nexus
Enter fullscreen mode Exit fullscreen mode

Now we need to copy the password from

cat /var/lib/docker/volumes/nexus_volume/_data/admin.password 
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ Copy the password that is displayed

Navigating to the Nexus Repo Manager via our browser and logging in as 'admin' user

Admin

This will trigger a new 'change password' wizard. We can change our admin account password using this wizard

From settings, we will navigate to 'Blob Stores'

Blobs

Creating a new blob to use as docker-registry

Registry

Now heading to "Repositories" and clicking on "Create repository"

Create

We need to select 'docker(hosted)' from here and set up as following

Pull

After creating the above repository, we need to create another one named 'docker(proxy)'

P

Pu

Finally we will create our 'docker(group)' repository as well

Group

Adding all the members to our group

Group

Now from the "Security" section, we will navigate to Realms

Realm

Adding the "Docker Bearer Token Realm"

Realms

πŸ‘‰ Going back to our Linux terminal

We will add the following to our daemon JSON file

vi /etc/docker/daemon.json

"insecure-registries" : ["192.168.1.10:5000", "192.168.1.10:5001"]
Enter fullscreen mode Exit fullscreen mode

πŸ’‘ We had to add this as Nexus supports HTTPS but we are using HTTP

Reloading the daemon and restarting docker

systemctl daemon-reload
systemctl restart docker

docker start Nexus
Nexus
Enter fullscreen mode Exit fullscreen mode

Now we can pull a test image for our nexus repository

docker pull 192.168.1.10:5000/hello-world
Using default tag: latest
latest: Pulling from hello-world
.
Status: Downloaded newer image for 192.168.1.10:5000/hello-world:latest
Enter fullscreen mode Exit fullscreen mode

To confirm if this image was downloaded,

Nexus

We will perform another test by tagging our existing 'alpine' image to our nexus repository

docker tag alpine 192.168.1.10:5001/myalpine:v1
Enter fullscreen mode Exit fullscreen mode

Logging in to our repository

docker login 192.168.1.10:5001
Username:
Password:
Login Succeeded
Enter fullscreen mode Exit fullscreen mode

Pushing the tagged image to our repository

docker push 192.168.1.10:5001/myalpine:v1
The push refers to repository [192.168.1.10:5001/myalpine]
7cd52847ad77: Pushed 

# Logging out
docker logout 192.168.1.10:5001/myalpine:v1
Enter fullscreen mode Exit fullscreen mode

Confirming this push from the WEB UI

UI


Hands on GitHub actions (CI)

GitHub Actions is a powerful CI/CD tool for automating software development workflows. It allows developers to automate tasks, build, test, and deploy code directly from GitHub.

  • Workflows are defined in YAML format and consist of Events and Jobs.
  • Events are triggers that execute a workflow.
  • Events can be configured to trigger on actions such as a push to a repository.
  • Workflows can contain multiple Jobs.
  • When multiple Jobs are present, parallel execution is the default behavior.
  • A Runner is required to execute Jobs and is typically a container.

✨ WorkFlow:-

  • Workflow: The entire workspace for building, deploying, and testing.
  • Event: The trigger for a Workflow to run (when it executes).
  • Job: The unit of work in a Workflow.
  • Step: Defines the sequence of tasks that a Job should perform.
  • Action: A pre-defined function (library) that performs a specific task. Runner: A containerized instance used to execute a Workflow.

Github Actions

πŸ‘‰ I will be doing a short hands on in which we will use Github actions to automatically create a docker image and push it to the dockerhub repository

From GitHub, we need to create a new repository for testing Github actions

Github

Now from DockerHub

Dockerhub

Now we will navigate to "My profile" => "Edit Profile" => "Security"

KDK

From this section, we will create a new access token with Read, Write and Delete permissions

Token

πŸ‘‰ Going back to Github

From our repository, we will head to settings and select

Actions

We will make 2 new secrets, one contains your DockerHub username and the other should contain the Access Token that we created from Dockerhub

Token

Now from our Github repository, we will create a new Dockerfile and also add a test html file

File

We will head to "Actions" and setup our custom workflow

Configure

My workflow YAML file looks like this

YAML

πŸ‘‰ This file will build an image and push it automatically to Dockerhub using Dockerfile present in the Github repository's main branch

Upon committing this file, we will have a new workflows folder in our repository

Workflow

We can also check our actions section

Dockerpush

To test if this actually worked, we will go to our Dockerhub repository

πŸ‘‰ Dockerhub test repository

Tag

We will test this image from our Linux Terminal now

Creating a container using our image from Dockerhub

docker login

docker run -d --name Mynginx_1 -p 80:80 waji97/testrepo:latest
latest: Pulling from waji97/testrepo
.
.
Status: Downloaded newer image for waji97/testrepo:latest
6bd35189a8261f80ed6763bd75f78cb0172bd21a0abcdb871ffb047c0d9e9729
Enter fullscreen mode Exit fullscreen mode

Testing from the browser

WEB UI

πŸ‘‰ We will now try changing our index.html file from Github and commit so that Github actions can actually integrate this automatically

Upon committing the changes, we will be able to see a new workflow

Workflow2

Now from the Linux System, we will delete the container and the image.

After deleting the current image, we will pull the latest image from our Dockerhub repository and create a new container using the image to check our results

Final

✨ This is Continuous Integration


Conclusion

In conclusion, managing a Docker registry is an essential aspect of containerization. Dockerhub, Nexus Repository, and Github Actions CI are three popular options for Docker registry management, each with their own advantages and limitations βœ”

Latest comments (0)