Skip to content
/ docker-registry-boshrelease Public

Run your own private Docker Registry in standalone mode (without requiring the public index) on AWS, OpenStack or vSphere with BOSH

License

MIT license
13 stars 20 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cloudfoundry-community/docker-registry-boshrelease

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

175 Commits
.final_builds
.final_builds
 
 
ci
ci
 
 
config
config
 
 
jobs
jobs
 
 
manifests
manifests
 
 
packages
packages
 
 
releases
releases
 
 
src/common
src/common
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Private Docker Registry deployed with BOSH

Run your own private Docker Registry in standalone mode (without requiring the public index).

Simple deployment with internal DNS

The default deployment manifest will create an internal DNS hostname docker-registry.bosh for clients to use.

bosh -d docker-registry deploy manifests/docker-registry.yml

Now fetch the self-signed root CA, and the admin basic-auth password, and store in local files:

credhub get -n /bucc/docker-registry/docker_registry_certificate -j \
    | jq -r ".value.ca" > registry-ca.pem
credhub get -n /bucc/docker-registry/docker_registry_password -j \
    | jq -r ".value" > registry-password

We can test out our registry from within the registry's own instance. First, upload our secrets:

bosh scp registry-ca.pem registry-password docker-registry:/tmp/

Next, SSH into the instance:

bosh -d docker-registry ssh

We can now interact with the Registry via its API and its DNS alias docker-registry.bosh:

$ curl https://docker-registry.bosh/v2/_catalog -u "admin:$(cat /tmp/password)" --cacert /tmp/ca.pem
{"repositories":[]}

Expose Docker Registry via Static IP

Delete the TLS certificate for the Docker Registry, so that a new one will be generated that includes both the new static IP, and the docker-registry.bosh hostname:

credhub delete -n /bucc/docker-registry/docker_registry_certificate

Select an available static IP from the Cloud Config. We'll use 10.244.0.34 below, and re-deploy the Docker Registry with the manifests/operators/static-ip.yml operator file:

bosh -d docker-registry deploy manifests/docker-registry.yml \
    -o manifests/operators/static-ip.yml \
    -v ip=10.244.0.34

Now add registry-ca.pem to system CA (please let use know if there's a way for docker login to consume a local self-signed CA). For example, in Keychain it may look like:

keychain

We can now docker login to our registry, tag ubuntu:latest as 10.244.0.34/ubuntu and push it to our registry:

docker login -u admin -p "$(cat registry-password)" 10.244.0.34
docker tag ubuntu 10.244.0.34/ubuntu
docker push 10.244.0.34/ubuntu

Our registry API confirms it now has the ubuntu image:

$ curl https://10.244.0.34/v2/_catalog -u "admin:$(cat registry-password)"
{"repositories":["ubuntu"]}

About

Run your own private Docker Registry in standalone mode (without requiring the public index) on AWS, OpenStack or vSphere with BOSH

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

17 watching

Forks

20 forks
Report repository

Releases 12

docker-registry v3.6.0 Latest
Oct 3, 2022
+ 11 releases

Packages

No packages published

Contributors 20
+ 6 contributors

Languages