Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Container Guide / Configuring image storage
Applies to Container Guide

8 Configuring image storage

 

Before creating custom images, decide where you want to store images. The easiest solution is to push images to Docker Hub. By default, all images pushed to Docker Hub are public. Make sure not to publish sensitive data or software not licensed for public use.

You can restrict access to custom container images with the following:

  • Docker Hub allows creating private repositories for paid subscribers.

  • An on-site Docker Registry allows storing all the container images used by your organization.

8.1 What is Docker Registry?

 

Docker Registry is an open source platform for storing and retrieving container images. You can avoid using Docker Hub by running a local instance of Docker Registry.

Docker Registry is also used by Docker Hub. However, from a user’s point of view, Docker Hub consists of the following components:

The user interface (UI)

The part that is accessed by users using a browser. The UI provides an easy way to browse the contents of Docker Hub, either manually or using a search feature. It can be used to create organizations by different users. This component is closed source.

The authentication component

This component is used to protect the images stored in Docker Hub. It validates all push, pull, and search requests. The component is closed source.

The storage back-end

A place that images are uploaded to and downloaded from. It is provided by Docker Registry. This component is open source.

8.2 Running a Docker Registry

 

The SUSE Registry provides a container image that makes it possible to run a local Docker Registry as a container. Before you start a container, create a config.yml file with the following example configuration:

version: 0.1
log:
  level: info
storage:
  filesystem:
    rootdirectory: /var/lib/docker-registry
http:
  addr: 0.0.0.0:5000

Also create an empty directory to map the /var/lib/docker-registry directory outside the container. This directory is used for storing container images.

Run the following command to pull the registry container image from the SUSE Registry and start a container that can be accessed on port 5000:

podman run -d --restart=always --name registry -p 5000:5000 \
-v /PATH/config.yml:/etc/docker/registry/config.yml \
-v /PATH/DIR:/var/lib/ \ docker-registry registry.suse.com/sles12/registry:2.6.2

To make it easier to manage the registry, create a corresponding system unit:

> sudo podman generate systemd registry >  \
 /etc/systemd/system/suse_registry.service

Enable and start the registry service, then verify its status:

> sudo systemctl enable suse_registry.service
> sudo systemctl start suse_registry.service
> sudo systemctl status suse_registry.service

For more details about Docker Registry and its configuration, see the official documentation at https://docs.docker.com/registry/.

8.3 Limitations

 

Docker Registry has two major limitations:

  • It lacks any form of authentication. That means everybody with access to Docker Registry can push and pull images to it. That includes overwriting existing images.

  • It is not possible to see which images have been pushed to Docker Registry. You need to keep a record of what is being stored on it. There is also no search functionality.