Skip to main content

Decoding Docker - Part 2


                                            Docker Remote Registry

Continuing the blog series on my trysts with docker, in this installment we will look into the details of how to set up a docker remote registry. Hope now you have an idea on how to get Docker up and running , if not go ahead and read the first part of my blog series here

Now that we have docker engine up and running, and  few containers spinned up in it we might very well think about a centralized docker image repository. Of course we have Docker hub, and you could  save your images there. But what if you want to have a bit more privacy and would like to save all your hard work in house?That is where Docker remote registry comes in handy.

Docker remote registry can be set up in a local machine for centralized storage of docker images. You can pull and push images just like you do in Docker hub.It allows centralized collaboration of people working on docker containers in your firm. For eg: a developer working on a project can save the current status of his container as an image and push it to the remote registry . His fellow team mate could download the image and spin up and container and continue the work. This is just one of the use cases, the functionality is somewhat similar to an SVN repository. However, one major drawback I noticed was the lack of a search/list functionality.

Here is how you can set it up:

Server side configuration:

To start with, you will need a certificate for connecting to the remote registry. Lets create one using openssl in the machine where you plan to set up your docker remote registry:

mkdir -p certs && openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout /certs/domain.key \
  -x509 -days 365 -out /certs/domain.crt

This command will create a domain.key and domain.crt file and store it in /certs . The domain.crt file is required for the client side configuration 

During the certificate creation process, it would ask for a domain name. You can give the name as your server hostname or any other name that you find suitable. For this example , lets assume that the name is "" . If you have a DNS in your network should point to the IP of the machine where the registry is hosted, so that docker engines can connect to it. Otherwise you will have to create an entry in the hostfile pointing to your registry server IP.

Docker registry in this case will be running from within a docker container. To get it up and running, use the following command:

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

 This command will download the registry image and run it as a docker container exposing registry at port 5000 of the host. You can check the status by running the "docker ps" command

Client side configuration:

To clarify the terminology, client means the docker engine which will connect to the docker remote registry.If you want to connect to the docker remote registry from another machine that has docker engine installed, some prerequisite configurations should be in place.

Remember the domain.crt file we created using ssl during the server side configuration? You need to copy it over to the client machine to the following location: /etc/docker/certs.d/

Note: You will have to create the certs.d and the sub folders at /etc/docker , it will not be present by default

Restart the docker engine and we are good to go!!

Now lets see how we can use the remote registry to store your images.First, lets start with pulling an image from the docker hub

docker pull ubuntu

 You could very well create an image of your own from a container that you are working on using the commit command. For eg:

docker commit <container name>  <new-image-name>

for eg: docker commit ubuntuvm ubuntu-image

Please note that the images that you create using the process is stored locally and is accessible only from your local docker engine. It will be listed once you run the "docker images" command locally. However once you commit it to registry, it can be pulled by other docker engines in your network.

In the next step, lets tag the image that we created  using commit or pulled from docker hub

docker tag ubuntu

Push the image to the registry, and we are done!!

docker push

Now if you want to pull the docker image from another docker engine in your network, you could do that using the following command  provided the domain.crt file is copied over to the machine.

docker pull


Post a Comment

Popular posts from this blog

Windows server 2012: where is my start button??

If you have been using Windows Server OS for a while, the one thing that will strike you most when you login to a Windows server 2012 is that there is no start button!!.. What??..How am I going to manage it?? Microsoft feels that you really dont need a start button, since you can do almost everything from your server  manager or even remotely from your desktop. After all the initial configurations are done, you could also do away with the GUI and go back to server core option.(In server 2012, there is an option to add and remove GUI). So does that mean, you need to learn to live without a start button. Actually no, the start button is very much there .Lets start looking for it. Option 1: There is "charms" bar on the side of your deskop, where you will find a "start" option. You can use the "Windows +C" shortcut to pop out the charms bar Option 2: There is a hidden "start area"in  the bottom left corner of your desktop

Use Diskpart to make drives online

Issue: In disk management, disk is shown as missing or Offline in Windows Resolution: The disks can be made online by using diskpart utility - Open a command prompt->type diskpart -Inorder to list the disks in the system type: list disk -Note down the number of the disk that you want to make online -Select that disk to operate upon, For eg:, if the disk number is 1, type: Select disk 1 -Now that particular disk will be selected as teh active disk. If you type "list disk" command once more, you can see a * symbol on the left side of the selected disk -Inorder to make the selected disk online type : online disk - If the disk is made online, you will get a message that the operation is completed successfully

Kubernetes best practices in Azure: AKS name space isolation and AAD integration

Once you have decided to run your workloads in AKS service in Azure, there are certain best practices to be followed during design and implementation. In this blog we will discuss two of these recommended practices and the practical aspects of their implementation- Azure AD integration and name space isolation While AAD helps to authenticate users to your AKS cluster using the existing users and groups in your Azure AD, name space isolation provides logical isolation of resources used by them. It is useful in multi tenant scenarios where the same cluster is being used by different teams/departments to run their workloads. It is also useful in running say a dev, test and QA environment for organization in the same cluster. Combining AAD integration with name spaces allow users to login to their namespace using their Azure AD credentials AAD integration with AKS : The following Microsoft document will get you started  with AAD integration of AKS cluster.: https://docs.microsof