Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# docker private registry #

step1: run registry

sudo docker run -d -p 5000:5000 --restart=always --name registry registry:2

step2: build your local image and push to your registry

  docker tag ubuntu remote.ip.com:5000/ubuntu
  docker push remote.ip.com:5000/ubuntu

Other: With your selef config file

$ cat config.yml
root@ip-172-20-61-78:/home/admin# cat config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
storage:
  s3:
    region: us-east-1
    bucket: xxxx.xxx.xxx.xxxx
    accesskey: awsaccesskey
    secretkey: awssecretkey
    keyid: mykeyid
    secure: true
    v4auth: true

$ docker run -d -p 5000:5000 --name registry --restart always  -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2

# Or Just With Command below this 

$ docker run -d -p 5000:5000 \
    -e "REGISTRY_STORAGE=s3" \
    -e "REGISTRY_STORAGE_S3_REGION=us-east-1" \
    -e "REGISTRY_STORAGE_S3_BUCKET=BUCKETNAME" \ 
    -e "REGISTRY_STORAGE_S3_ACCESSKEY=ACCESSKEY" \ 
    -e "REGISTRY_STORAGE_S3_SECRETKEY=ACCESSSECRETKEY" \ 
    registry:2

with s3, s3 setting policy you get your iam role arn, you can use aws iam get-user --user-name xxx to get it and then


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT_ID:user/USERNAME"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": "arn:aws:s3:::BUCKET_NAME"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT_ID:user/USERNAME"
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload"
            ],
            "Resource": "arn:aws:s3:::BUCKET_NAME/*"
        }
    ]
}

FAQ:

  • http: server gave HTTP response to HTTPS client change your local setting to allow this registry with { "insecure-registries":["api.useast1.k8s.btcc.shop:5000"] }, if you use mac, just add your remote ip with Perfences->Daemon->Add Insecure Registries.

Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment