docker registry

  • By jacekn
  • Latest version (#0)
  • xenial, trusty
  • Stable

Description

The Docker registry is a stateless, highly scalable server side application
that stores and lets you distribute Docker images.


docker-registry-charm

Docker registry charm for Juju, to be used with the Canonical Distribution of Kubernetes (CDK) on Ubuntu Xenial:

Build the charm (until it is published to the charm store) with:

charm build

Deploy it locally with:

juju deploy ./builds/docker-registry

If you cannot pull upstream images to install the registry, you can use a resource:

docker pull registry:2.6.0
docker save -o /tmp/registry.tar registry:2.6.0
juju deploy ./builds/docker-registry --resource registry=/tmp/registry.tar

Verify the Docker registry responds after deploying it:

juju expose docker-registry
curl -X GET http://<docker_registry_ip_address>:5000/v2/_catalog

Optionally, hook your Docker registry to HAProxy and Apache units so you have a front-end:

juju deploy cs:haproxy
juju deploy cs:apache2

Once deployed, set up Apache configs before adding relations and exposing it:

juju config apache2 servername=<apache_ip_address>
juju config apache2 "enable_modules=proxy rewrite proxy_http proxy_balancer lbmethod_byrequests ssl headers"
juju config apache2 "vhost_https_template=$(cat example/server.https | base64 -w 0)"
juju config apache2 "vhost_http_template=$(cat example/server.http | base64 -w 0)"
juju config apache2 "ssl_key=$(cat example/server.key | base64 -w 0)"
juju config apache2 "ssl_cert=$(cat example/server.crt | base64 -w 0)"
juju config apache2 "ssl_keylocation=server.key"
juju config apache2 "ssl_certlocation=server.crt"

Finally, wrap it up:

juju add-relation docker-registry:website haproxy:reverseproxy
juju add-relation haproxy:website apache2:balancer
juju unexpose docker-registry
juju expose apache2

Verify the whole proxying is now working with TLS termination:

curl -X GET https://<apache_ip_address>/v2/_catalog

Push a test image to the new Docker registry using HTTPS:

docker pull busybox:latest
docker tag busybox:latest <apache_ip_address>:443/busybox:latest
docker push <apache_ip_address>:443/busybox:latest

Please note that you will need an actual signed certificate for this to work properly. The files inside the example/ directory are, well, an example of the settings only.

Configuration

nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
registry_tag
(string) Registry tag to run
2.6.0
registry_port
(int) Host port to bind the Docker registry
5000
no_proxy
(string) Comma-separated list of destinations (either domain names or IP addresses) that should be directly accessed, by opposition of going through the proxy defined above.
install_from_upstream
(boolean) Force it to workaround Server/Client API mismatches
True
http_proxy
(string) URL to use for HTTP_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
https_proxy
(string) URL to use for HTTPS_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install
extra_packages
(string) Space separated list of extra deb packages to install.
docker-opts
(string) Extra options to pass to the docker daemon. e.g. --insecure-registry
enable-cgroups
(boolean) Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.