Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15 SP2

5 Configuring Image Storage Edit source

Before creating custom images, decide where you want to store images. The easiest solution is to push images to Docker Hub. By default, all images pushed to Docker Hub are public. Make sure not to publish sensitive data or software not licensed for public use.

You can restrict access to custom container images with the following:

  • Docker Hub allows creating private repositories for paid subscribers.

  • An on-site Docker Registry allows storing all the container images used by your organization. This can be combined with Portus to secure the registry.

This chapter describes the second option: setting up an on-site Docker Registry and combining it with Portus.

5.1 What is Docker Registry? Edit source

Docker Registry is an open-source platform for storing and retrieving container images. Running a local instance of Docker Registry, it is possible to completely avoid using Docker Hub.

Docker Registry is also used by Docker Hub. However, from a user's point of view, Docker Hub consists of the following components:

The user interface (UI)

The part that is accessed by users using a browser. The UI provides an easy way to browse the contents of Docker Hub, either manually or using a search feature. It can be used the create organizations by different users.

This component is closed-source.

The authentication component

This component is used to protect the images stored in Docker Hub. It validates all push, pull, and search requests.

This component is closed-source.

The storage back-end

A place that images are uploaded to and downloaded from. It is provided by Docker Registry.

This component is open-source.

5.2 Running a Docker Registry Edit source

The SUSE Registry provides a container image that makes it possible to run a local Docker Registry as a container. Before you start a container, create a config.yml file with the following example configuration:

version: 0.1
log:
  level: info
storage:
  filesystem:
    rootdirectory: /var/lib/docker-registry
http:
  addr: 0.0.0.0:5000

Also create an empty directory necessary to map the /var/lib/docker-registry directory outside the container. This directory is used for storing container images.

Run the following command to pull the registry container image from the SUSE Registry and start a container that can be accessed on port 5000:

podman run -d --restart=always --name registry -p 5000:5000 \
-v /PATH/config.yml:/etc/docker/registry/config.yml \
-v /PATH/DIR:/var/lib/ \ docker-registry registry.suse.com/sles12/registry:2.6.2

To make it easier to manage the registry, create a corresponding system unit:

root #  podman generate systemd registry >  \
 /etc/systemd/system/suse_registry.service

Enable and start the registry service, then verify its status:

root # systemctl enable suse_registry.service
root # systemctl start suse_registry.service
root # systemctl status suse_registry.service

For more details about Docker Registry and its configuration, see the official documentation at https://docs.docker.com/registry/.

5.3 Limitations Edit source

Docker Registry has two major limitations:

  • It lacks any form of authentication. That means everybody with access to Docker Registry can push and pull images to it. That includes overwriting existing images.

  • There is no way to see which images have been pushed to Docker Registry. You need to manually take notes of what is being stored on it. There is also no search functionality. These limitations are resolved by installing Portus.

5.4 Portus Edit source

Portus is an authentication service and user interface for Docker Registry. It is an open-source project created by SUSE to address limitations of local instances of Docker Registry. By combining Portus and Docker Registry, it is possible to have a secure and enterprise ready on-premises version of Docker Hub.

Portus is available for SUSE Linux Enterprise Server customers as a container image from SUSE Container Registry. For example, to pull the 2.4.3 tag of the SUSE Linux Enterprise Server 12 image, run the following command:

tux > podman pull registry.suse.com/sles12/portus:2.4.3

In addition to the official version of the Portus image from SUSE Container Registry, there is a community version that can be found on Docker Hub. However, as a SUSE Linux Enterprise Server customer, we strongly suggest you use the official Portus image. The Portus image for SUSE Linux Enterprise Server customers has the same code as the one from the community. Therefore, the setup instructions from http://port.us.org/docs/deploy.html apply for both images.

Print this page