This document explains how to create a local registry to store container images locally.
It can also be used to make Kubernetes use container images only from this registry.
Anything bracketed in greater than or less than characters is to be assigned by the user.
For example:
--name <registry>
If you now want to name the registry e.g. k8s.registry, replace this with the following:
--name k8s.registry
Everything else should only be modified when you know what you are doing! Further, everything what was bracketed as clearly as a placeholder selected. So if it reappears somewhere, in this example, you have to replace it with k8s.registry.
The following command is sufficient
docker run -d -p 5000:5000 --restart=always --name registry:2
The images, which are needed, have to be pulled now
docker pull <nginx>
and now tag the images as you want them to be named with
docker tag localhost:5000/<k8s.nginx>
To have the images now in the local registry, you have to push accordingly
docker push localhost:5000/<k8s.nginx>
and remove as follows
docker image remove localhost:5000/<k8s.nginx>
With the command
curl localhost:5000/v2/_catalog
it is now possible to see all images that are in the local registry.
First you need to create a user and a corresponding password for the registry:
mkdir /etc/docker-registry/
docker run \
--entrypoint htpasswd \
registry:2.7.0 -Bbn <testuser> <testpassword> > /etc/docker-registry/ htpasswd
Note that now registry:2.7.0 is needed not registry:2!
Further, if a registry already exists, this must be stopped for it first and is not accessible then also in this time!
docker stop <registry>
Now the registry is started again, but with authentication:
docker run -d \
-p 5000:5000 \
--restart=always \
--name <registry>\
-v /etc/docker-registry/:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2
Lastly, log in with the following command for the registry:
docker login localhost:5000
Now user and password must be entered. These are the entries in
<user> and <testpwd>.
You can now populate images into the registry like in section 1, but to see the images you now have to use the command
curl -u <user>:<testpwd> localhost:5000/v2/_catalog
must be executed.
In some cases the error code X509 may appear.
Then the daemon.json in the /etc/docker/ directory must be extended as follows
"insecure-registries" : ["localhost:5000"]
The daemon.json in the /etc/docker/ directory needs the following additional line:
"allow-nondistributable-artifacts" : ["localhost:5000"]
At the end, docker needs to be restarted and possibly the registry container as well.
Please feel free to contact us for any question that is not answered yet.
We are looking forward to get in contact with you!
KubeOps GmbH
Hinter Stöck 17
72406 Bisingen
Germany
+49 7433 93724 00