Set Up and Configure the Private Docker Registry
This section provides the following information:
A docker registry is a storage and distribution system for named docker images. The DX Platform installation requires a docker registry. You can have the installer create a registry for you or you can use your own docker registry. This section describes how to set up and configure a private docker registry:
Set Up the Private Docker Registry
The private docker registry installation on a separate host requires:
- The port 5000 accessible from all of the nodes.
- Docker installed on the host.
- 200-GB space available on the host to store images.
To use your own registry, ensure that this registry is accessible to the Kubernetes cluster by allowing connections to port 5000. The installer tests your registry by pushing and pulling a test image. The installer also checks if all the nodes can pull the image.
Follow these steps:
- Create a directory namedregistry_certsunder root to store the certificates.$ mkdir /root/registry_certs
- Navigate to the root directory and run the following commands to generate the certificate and key.$ cd /root $ openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry_certs/domain.key -x509 -days 1095 -out registry_certs/domain.crtWhen you run these commands, you are prompted to provide additional information. Accept all defaults except theCommon Name. When prompted for Common Name, enter your server hostname.
- Verify that thedomain.crtanddomain.keyexist.$ ls /root/registry_certs/*
- Run the following command to create a folder that is namedregistrydata:$ mkdir /root/registrydata
- Run the Docker registry container as follows:Before you run the Docker registry, ensure that option to start the container is enabled.--security-opt label:disabledocker run -d -p 5000:5000 \ -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \ -v /root/registrydata:/var/lib/registry:Z \ -v /root/registry_certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart=always --name registry registry:2
Configure the Docker Service with the Private Registry
Perform the following steps to configure the docker service when using your own registry.
Follow these steps:
- On each of the Kubernetes nodes, navigate to the/etc/docker/certs.ddirectory.
- Create a directory named<private-registry-hostname>:5000.mkdir /etc/docker/certs.d/<private-registry-hostname>:5000
- Copy thedomain.crtfile from the registry host to the/tmpdirectory on the Kubernetes node.
- Copy thedomain.crtfile from the/tmpdirectory to the /etc/docker/certs.d/directory. Rename the certificate file toca.crt.cp /tmp/domain.crt/etc/docker/certs.d/<private-registry-hostname>:5000/ca.crt
- Restart the docker.systemctl restart docker
- Repeat the steps on every node in the Kubernetes cluster.
- (Optional) You can verify that the registry is accessible by executing the following command on each of the nodes:curl -k https://<private-registry-hostname>:5000/v2/_catalog