| layout | title | categories | author | lang |
|---|---|---|---|---|
post |
Getting started with your private Docker registry |
docker |
devatoria |
en |
Docker Registry is a system that lets you store and distribute your Docker images. The mainly known Docker Registry is the official Docker Hub, where you can find official public images such as Alpine, Golang or Debian.
Today, OVH allows you to use its own authenticated Docker Registry where you can privately store your Docker images. This is the best way to use your private images with our Docker with Mesos/Marathon offer without exposing them to everyone.
First, order a new registry. The beta is totally free. Once your account is created, you can manage it with the OVH Sunrise Manager.
A registry account can have multiple users. Different users can have different access rights on namespaces and images (as detailed further along). You can create a user in the manager "Users" tab.
Be careful, the description of the user IS NOT its username. The username and the password will be randomly generated by our system. The description is only useful to easily retrieve an user from other tabs.
Before pushing an image, you need to create a new namespace from the manager. To understand what a namespace is, let's detail the composition of a Docker image URI:
[registry_url/]namespace/image:tag
- The registry URL, if not specified, is the official Docker Hub (docker.io). Otherwise, it indicates to Docker where to find the registry you want to contact.
- The namespace is like a folder where you will put multiple images
- The image is the name of your image
- The tag is like a version of your image (by default,
latest) and allows you to easily deploy a precise version of an image
Namespaces can be created from the Namespaces/Images tab. You only have to provide a name which will be further used to push and pull images.
Once your namespace is created, you can select it from the dropdown list and inspect the images it contains, and manage its access permissions.
Just add the previously created user as admin (for example) and this user will be able to pull/push images on the entire namespace.
Now, you can login (authenticate) to our registry. It will generate a token used each time you will communicate with the registry and with our authentication system, so we will be able to retrieve the rights you have!
$ docker login registry.containers.ovh.net
Username: wsbq5k5ysqyt
Password:
Login SucceedYou can finally push your first image into our registry! For this, you need to tag the image you want. Let's say that you want to push the official nginx image in our registry:
$ docker pull nginx # Pull official nginx image from Docker Hub
$ docker tag nginx registry.containers.ovh.net/devatoria/nginx # Rename image and add registry information
$ docker push registry.containers.ovh.net/devatoria/nginx # Push it!After a few minutes (waiting for synchronization), you will be able to see your namespace images, tags and details. You can also manage permissions directly on images.
By default, pushed images are private. It means that the image will be pullable/pushable only by users with authorizations on the image namespace. You can easily set your image as public (pullable by everyone, but pushable by authorized users only) by using the visibility switch.
You can know check out how to use a private registry with our Docker on Mesos/Marathon offer, to link your registry account to your Docker Stack.
That's all!