4 Storing Images #
Prior to creating your own images, you should decide where you will store the images. The easiest solution would be to push these images to the Docker Hub. By default all images pushed to the Docker Hub are public. This is probably fine as long as this does not violate your company's policy and your images do not contain sensitive data or proprietary software.
If you need to restrict access to your Docker images, there are two options:
Get a subscription on Docker Hub that unlocks the feature to create private repositories.
Run an on-site Docker Registry where to store all the Docker images used by your organization or company and combine them with Portus to secure the registry.
This chapter describes how to set up an on-site Docker Registry and how to combine it with Portus.
4.1 What is a Docker Registry? #
The Docker Registry is an open source project created by Docker Inc. It allows the storage and retrieval of Docker images. By running a local instance of the Docker Registry it is possible to completely avoid usage of the Docker Hub.
The Docker Registry is also used by the Docker Hub. However, the Docker Hub, as seen from the user perspective, is made of the following parts at least:
The user interface (UI): The part that is accessed by users with their browser. The UI provides a nice and intuitive way to browse the contents of the Docker Hub either manually or by using a search feature. It also allows to create organizations made by different users.
This component is closed source.
The authentication component: This is used to protect the images stored inside of the Docker Hub. It validates all push, pull and search requests.
This component is closed source.
The storage back-end: This is where the Docker images are sent and downloaded from. It is provided by the Docker Registry.
This component is open source.
4.2 Installing and Setting Up Docker Registry #
Install the
docker-distribution-registrypackage:sudo zypper install docker-distribution-registry
To automatically start the Docker Registry at boot time:
sudo systemctl enable registry
Start the Docker Registry:
sudo systemctl start registry
The Docker Registry configuration is defined inside of
/etc/registry/config.yml.
With the default configuration the registry listens on ports
5000 and stores the Docker images under
/var/lib/docker-registry.
Docker Registry version 2.3 is not compatible with Docker Registry versions older than 1.10, because v2 manifests were only introduced with Docker Open Source Engine 1.10. As Docker Open Source Engine and Docker Registry can be installed on different boxes, the versions might be incompatible. If you experience communication errors between between Docker Open Source Engine and Docker Registry, update both to the latest versions.
For more details about Docker Registry and its configuration, see the official documentation at: https://docs.docker.com/registry/.
4.3 Limitations #
The Docker Registry has two major limitations:
It lacks any form of authentication. That means everybody with access to the Docker Registry can push and pull images to it. That also includes the possibility to overwrite already existing images.
There is no way to see which images have been pushed to the Docker Registry. You can manually take notes of what is being stored inside of it. There is also no search functionality, which makes collaboration harder.
The next section is going to introduce Portus, the solution to all of the problems above.
4.4 Portus #
Portus is an authentication service and user interface for the Docker Registry. It is an open source project created by SUSE to address all the limitations faced by the local instances of Docker Registry. By combining Portus and Docker Registry, it is possible to have a secure and enterprise ready on-premise version of the Docker Hub.
Portus is available for SLES customers as a Docker image from
SUSE Container Registry. For example, to pull the
2.4.0 tag, run the following command:
tux >docker pull registry.suse.com/sles12/portus:2.4.0
In addition to the official version of the Portus image from SUSE Container Registry, there is a community version that can be found on Docker Hub. However, as a customer of SLES, we strongly suggest you use the official Portus image instead. The Portus image for SLES customers has the same code as the one from the community. Therefore, the setup instructions from http://port.us.org/docs/deploy.html apply for both images.
Portus was previously also available as an RPM package. To migrate from the RPM package to the Docker image, follow the instructions at http://port.us.org/docs/migrate-from-rpm.html.