Set Up and Configure the Private Docker Registry

This section provides the following information:
A docker registry is a storage and distribution system for named docker images. The DX Platform installation requires a docker registry. You can have the installer create a registry for you or you can use your own docker registry. This section describes how to set up and configure a private docker registry:
Set Up the Private Docker Registry
The private docker registry installation on a separate host requires:
  • The port 5000 accessible from all of the nodes.
  • Docker installed on the host.
  • 200-GB space available on the host to store images.
To use your own registry, ensure that this registry is accessible to the Kubernetes cluster by allowing connections to port 5000. The installer tests your registry by pushing and pulling a test image. The installer also checks if all the nodes can pull the image. 
Follow these steps:
  1. Create a directory named 
     under root to store the certificates.
    $ mkdir /root/registry_certs
  2. Navigate to the root directory and run the following commands to generate the certificate and key.
    $ cd /root $ openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry_certs/domain.key -x509 -days 1095 -out registry_certs/domain.crt
    When you run these commands, you are prompted to provide additional information. Accept all defaults except the 
    Common Name
    . When prompted for Common Name, enter your server hostname.
  3. Verify that the 
    $ ls /root/registry_certs/*
  4. Run the following command to create a folder that is named 
    $ mkdir /root/registrydata
  5. Run the Docker registry container as follows:
    Before you run the Docker registry, ensure that option to start the container is enabled.
    --security-opt label:disable
    docker run -d -p 5000:5000 \ -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \ -v /root/registrydata:/var/lib/registry:Z \ -v /root/registry_certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart=always --name registry registry:2
Configure the Docker Service with the Private Registry
Perform the following steps to configure the docker service when using your own registry.
Follow these steps:
  1. On each of the Kubernetes nodes, navigate to the 
  2. Create a directory named 
    mkdir /etc/docker/certs.d/<private-registry-hostname>:5000
  3. Copy the 
     file from the registry host to the
     directory on the Kubernetes node.
  4. Copy the 
     file from the 
     directory to the /
     directory. Rename the certificate file to 
    cp /tmp/domain.crt/etc/docker/certs.d/<private-registry-hostname>:5000/ca.crt
  5. Restart the docker.
    systemctl restart docker
  6. Repeat the steps on every node in the Kubernetes cluster. 
  7. (Optional) You can verify that the registry is accessible by executing the following command on each of the nodes:
    curl -k https://<private-registry-hostname>:5000/v2/_catalog