https://github.com/cloudfoundry-community/docker-registry-boshrelease
Run your own private Docker Registry in standalone mode (without requiring the public index) on AWS, OpenStack or vSphere with BOSH
https://github.com/cloudfoundry-community/docker-registry-boshrelease
Last synced: 9 months ago
JSON representation
Run your own private Docker Registry in standalone mode (without requiring the public index) on AWS, OpenStack or vSphere with BOSH
- Host: GitHub
- URL: https://github.com/cloudfoundry-community/docker-registry-boshrelease
- Owner: cloudfoundry-community
- License: mit
- Created: 2014-02-12T05:47:38.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2022-10-03T19:16:43.000Z (almost 4 years ago)
- Last Synced: 2024-04-14T22:47:40.096Z (about 2 years ago)
- Language: Shell
- Homepage:
- Size: 224 KB
- Stars: 13
- Watchers: 17
- Forks: 21
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Private Docker Registry deployed with BOSH
Run your own private Docker Registry in standalone mode (without requiring the public index).
## Simple deployment with internal DNS
The default deployment manifest will create an internal DNS hostname `docker-registry.bosh` for clients to use.
```plain
bosh -d docker-registry deploy manifests/docker-registry.yml
```
Now fetch the self-signed root CA, and the admin basic-auth password, and store in local files:
```plain
credhub get -n /bucc/docker-registry/docker_registry_certificate -j \
| jq -r ".value.ca" > registry-ca.pem
credhub get -n /bucc/docker-registry/docker_registry_password -j \
| jq -r ".value" > registry-password
```
We can test out our registry from within the registry's own instance. First, upload our secrets:
```plain
bosh scp registry-ca.pem registry-password docker-registry:/tmp/
```
Next, SSH into the instance:
```plain
bosh -d docker-registry ssh
```
We can now interact with the Registry via its API and its DNS alias `docker-registry.bosh`:
```plain
$ curl https://docker-registry.bosh/v2/_catalog -u "admin:$(cat /tmp/password)" --cacert /tmp/ca.pem
{"repositories":[]}
```
## Expose Docker Registry via Static IP
Delete the TLS certificate for the Docker Registry, so that a new one will be generated that includes both the new static IP, and the `docker-registry.bosh` hostname:
```plain
credhub delete -n /bucc/docker-registry/docker_registry_certificate
```
Select an available static IP from the Cloud Config. We'll use 10.244.0.34 below, and re-deploy the Docker Registry with the `manifests/operators/static-ip.yml` operator file:
```plain
bosh -d docker-registry deploy manifests/docker-registry.yml \
-o manifests/operators/static-ip.yml \
-v ip=10.244.0.34
```
Now add `registry-ca.pem` to system CA (please let use know if there's a way for `docker login` to consume a local self-signed CA). For example, in Keychain it may look like:

We can now `docker login` to our registry, tag `ubuntu:latest` as `10.244.0.34/ubuntu` and push it to our registry:
```bash
docker login -u admin -p "$(cat registry-password)" 10.244.0.34
docker tag ubuntu 10.244.0.34/ubuntu
docker push 10.244.0.34/ubuntu
```
Our registry API confirms it now has the `ubuntu` image:
```plain
$ curl https://10.244.0.34/v2/_catalog -u "admin:$(cat registry-password)"
{"repositories":["ubuntu"]}
```