Set Up and Configure the Private Docker Registry

This section provides the following information:
dxp10
A docker registry is a storage and distribution system for named docker images. The DX Platform installation requires a docker registry. You can have the installer create a registry for you or you can use your own docker registry. This section describes how to set up and configure a private docker registry:
Set Up the Private Docker Registry
The private docker registry installation on a separate host requires:
  • The port 5000 accessible from all of the nodes.
  • Docker installed on the host.
  • 200-GB space available on the host to store images.
To use your own registry, ensure that this registry is accessible to the Kubernetes cluster by allowing connections to port 5000. The installer tests your registry by pushing and pulling a test image. The installer also checks if all the nodes can pull the image. 
Follow these steps:
 
  1. Create a directory named 
    registry_certs
     under root to store the certificates.
    $ mkdir /root/registry_certs
  2. Navigate to the root directory and run the following commands to generate the certificate and key.
    $ cd /root $ openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry_certs/domain.key -x509 -days 1095 -out registry_certs/domain.crt
    When you run these commands, you are prompted to provide additional information. Accept all defaults except the 
    Common Name
    . When prompted for Common Name, enter your server hostname.
  3. Verify that the 
    domain.crt
     and 
    domain.key
     exist.
    $ ls /root/registry_certs/*
  4. Run the following command to create a folder that is named 
    registrydata
    :
    $ mkdir /root/registrydata
  5. Run the Docker registry container as follows:
    Before you run the Docker registry, ensure that option to start the container is enabled.
    --security-opt label:disable
    docker run -d -p 5000:5000 \ -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \ -v /root/registrydata:/var/lib/registry:Z \ -v /root/registry_certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart=always --name registry registry:2
Configure the Docker Service with the Private Registry
Perform the following steps to configure the docker service when using your own registry.
 
Follow these steps:
 
  1. On each of the Kubernetes nodes, navigate to the 
    /etc/docker/certs.d
     directory.
  2. Create a directory named 
    <private-registry-hostname>:5000.
     
    mkdir /etc/docker/certs.d/<private-registry-hostname>:5000
  3. Copy the 
    domain.crt
     file from the registry host to the
     /tmp
     directory on the Kubernetes node.
  4. Copy the 
    domain.crt
     file from the 
    /tmp
     directory to the /
    etc/docker/certs.d/
     directory. Rename the certificate file to 
    ca.crt
    .
    cp /tmp/domain.crt/etc/docker/certs.d/<private-registry-hostname>:5000/ca.crt
  5. Restart the docker.
    systemctl restart docker
  6. Repeat the steps on every node in the Kubernetes cluster. 
  7. (Optional) You can verify that the registry is accessible by executing the following command on each of the nodes:
    curl -k https://<private-registry-hostname>:5000/v2/_catalog