Skip to main content

Blogs

Creating a local Docker registry

This document explains how to create a local registry to store container images locally.
It can also be used to make Kubernetes use container images only from this registry.


Contents

  • A simple registry
  • Docker Registry with restricted access
  • For AirGap environments

 

Disclaimer

Anything bracketed in greater than or less than characters is to be assigned by the user.

For example:

--name <registry>

 

If you now want to name the registry e.g. k8s.registry, replace this with the following:

--name k8s.registry

 

Everything else should only be modified when you know what you are doing! Further, everything what was bracketed as clearly as a placeholder selected. So if it reappears somewhere, in this example, you have to replace it with k8s.registry.

 

A simple registry

The following command is sufficient

docker run -d -p 5000:5000 --restart=always --name registry:2

 

The images, which are needed, have to be pulled now

docker pull <nginx>

and now tag the images as you want them to be named with

docker tag localhost:5000/<k8s.nginx>

To have the images now in the local registry, you have to push accordingly

docker push localhost:5000/<k8s.nginx>

and remove as follows

docker image remove localhost:5000/<k8s.nginx>

With the command

curl localhost:5000/v2/_catalog

it is now possible to see all images that are in the local registry.

 

Docker Registry with restricted access

First you need to create a user and a corresponding password for the registry:

mkdir /etc/docker-registry/

docker run \

--entrypoint htpasswd \

registry:2.7.0 -Bbn <testuser> <testpassword> > /etc/docker-registry/ htpasswd

 

Note that now registry:2.7.0 is needed not registry:2!

Further, if a registry already exists, this must be stopped for it first and is not accessible then also in this time!

 

docker stop <registry>

Now the registry is started again, but with authentication:

docker run -d \

-p 5000:5000 \

--restart=always \

--name <registry>\

-v /etc/docker-registry/:/auth \

-e "REGISTRY_AUTH=htpasswd" \

-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \

-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \

registry:2

 

Lastly, log in with the following command for the registry:

docker login localhost:5000

Now user and password must be entered. These are the entries in
<user> and <testpwd>.

 

You can now populate images into the registry like in section 1, but to see the images you now have to use the command

curl -u <user>:<testpwd> localhost:5000/v2/_catalog

must be executed.

 

In some cases the error code X509 may appear.

Then the daemon.json in the /etc/docker/ directory must be extended as follows

"insecure-registries" : ["localhost:5000"]

 

AirGap environments

The daemon.json in the /etc/docker/ directory needs the following additional line:

"allow-nondistributable-artifacts" : ["localhost:5000"]

At the end, docker needs to be restarted and possibly the registry container as well.

 

Check out our latest blogpost


Kubernetes 1.32 is here! With enhancements in scalability, security, and network performance, this release takes your clusters to the next level. Support up to 20,000 nodes, secure sensitive data with TLS 1.3, and leverage optimized storage and routing features.