Skip to content

Latest commit

 

History

History
74 lines (51 loc) · 2.47 KB

README.md

File metadata and controls

74 lines (51 loc) · 2.47 KB

Private Docker Registry deployed with BOSH

Run your own private Docker Registry in standalone mode (without requiring the public index).

Simple deployment with internal DNS

The default deployment manifest will create an internal DNS hostname docker-registry.bosh for clients to use.

bosh -d docker-registry deploy manifests/docker-registry.yml

Now fetch the self-signed root CA, and the admin basic-auth password, and store in local files:

credhub get -n /bucc/docker-registry/docker_registry_certificate -j \
    | jq -r ".value.ca" > registry-ca.pem
credhub get -n /bucc/docker-registry/docker_registry_password -j \
    | jq -r ".value" > registry-password

We can test out our registry from within the registry's own instance. First, upload our secrets:

bosh scp registry-ca.pem registry-password docker-registry:/tmp/

Next, SSH into the instance:

bosh -d docker-registry ssh

We can now interact with the Registry via its API and its DNS alias docker-registry.bosh:

$ curl https://docker-registry.bosh/v2/_catalog -u "admin:$(cat /tmp/password)" --cacert /tmp/ca.pem
{"repositories":[]}

Expose Docker Registry via Static IP

Delete the TLS certificate for the Docker Registry, so that a new one will be generated that includes both the new static IP, and the docker-registry.bosh hostname:

credhub delete -n /bucc/docker-registry/docker_registry_certificate

Select an available static IP from the Cloud Config. We'll use 10.244.0.34 below, and re-deploy the Docker Registry with the manifests/operators/static-ip.yml operator file:

bosh -d docker-registry deploy manifests/docker-registry.yml \
    -o manifests/operators/static-ip.yml \
    -v ip=10.244.0.34

Now add registry-ca.pem to system CA (please let use know if there's a way for docker login to consume a local self-signed CA). For example, in Keychain it may look like:

keychain

We can now docker login to our registry, tag ubuntu:latest as 10.244.0.34/ubuntu and push it to our registry:

docker login -u admin -p "$(cat registry-password)" 10.244.0.34
docker tag ubuntu 10.244.0.34/ubuntu
docker push 10.244.0.34/ubuntu

Our registry API confirms it now has the ubuntu image:

$ curl https://10.244.0.34/v2/_catalog -u "admin:$(cat registry-password)"
{"repositories":["ubuntu"]}