DevOps

An Introduction to the Docker Trusted Registry

Many of us start our Docker journey pulling images from the Docker Hub with the time-honored docker pull command.

Lots of these images are “official” and have passed through Docker’s series of best practice and security checks. But the Docker Hub is also full of unofficial images that are unreliable in reliability and security.

Enterprises often require more control over their assets and workflow, preferring a repository they control and supervise. For Docker images, enter the Docker Trusted Registry (DTR). Designed for Enterprise, the Registry is a part of Docker’s paid tier, but you can sign up for a trial first

The first step is to upgrade your account, and thankfully no payment is required during the trial.

Next you need to setup your hardware. DTR is available for:

  • CentOS 7.1/7.2
  • RHEL 7.0/7.1
  • Ubuntu 14.04
  • SUSE Linux Enterprise 12

For this example, I will use Ubuntu 14.04.

Add the keys, sources, and packages needed to install the commercially supported Docker Engine (CS Engine), a prerequisite for installing DTR.

wget -qO- 'https://pgp.mit.edu/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e' | sudo apt-key add --import
sudo apt-get update && sudo apt-get install apt-transport-https
sudo apt-get install -y linux-image-extra-virtual
echo "deb https://packages.docker.com/1.10/apt/repo ubuntu-trusty main" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update && sudo apt-get install docker-engine

Next install the registry:

sudo bash -c "$(sudo docker run docker/trusted-registry install)"

Visit the IP address of your server. You may get an “unsafe site” warning. This is expected and you can feel safe to continue as normal.

trusted_reg_ov

Download your license file and add it to the settings section.

upload_license

DTR will warn you of any other settings that need your attention with red dialogue boxes. The first step is to create some user accounts or use an LDAP server for authentication in the Settings -> Auth section of the dashboard. Of course there are far more configuration options — read further details here.

!New Call-to-action

Submitting an Image

With DTR installed, it’s time to host a custom image on it. I will create a simple example to illustrate the process: a custom Ubuntu image for a development business.

Pull the ubuntu image to your DTR host.

docker pull ubuntu

Create a working directory and, inside it, a Dockerfile:

mkdir build && cd build && touch Dockerfile

Next create a placeholder docs folder and Readme.md file. Don’t add anything to them; they are purely for example.

In your favorite editor, add the following to the Dockerfile:

FROM ubuntu:14.04

COPY docs /docs
RUN apt-get update
RUN apt-get install -y php5   php5-mcrypt

For this fictional example, you are creating an Ubuntu image for a company that specializes in PHP development; in other words, you’re setting up the image with all the tools needed for developers to get straight to work.

Some of the official DTR documentation is a bit vague on what the steps to push a repository are and in which order they should happen. You may also receive a variety of authentication errors. The following steps are what worked for me, but depending on your setup, you may find the steps different.

In the admin interface, create a user (Settings -> Authentication) or Organization (Dashboard -> Organizations). For this example, “quick-start” and create a repository to match the image name — in this example, “ubuntu-img.”

trusted_reg_org_users

Returning to the build directory, run the Docker build command to build your custom image:

docker build -t SERVER_IP/quick-start/ubuntu-img .

quick-start is the name of the User/Organization you want to add the image to. ubuntu-img is the image/repository (these two words are interchangeable on DTR) name.

Run the docker images command to list the Docker images available, and you will now see your custom image listed. Push the newly built image from your local Docker daemon to the trusted repository with the docker push command.

docker push SERVER_IP/quick-start/ubuntu-img

Now your image shows listed in the DTR GUI with any details and documentation added:

trusted_reg_repo

trusted_reg_repo_details

From here on, you are in familiar Docker territory. However, instead of using the Docker hub, you use your own trusted repository. So to pull an image to a Docker daemon with access to your DTR:

sudo docker pull SERVER_IP/quick-start/ubuntu-img

And to create an instance of a container:

docker run --name myubuntu SERVER_IP/quick-start/ubuntu-img

There is an overview of your registry resources consumption or problems from the DTR overview and logs sections:

trusted_reg_ov (1)

trusted_reg_logs

Conclusion

The Docker Trusted Registry is a simple tool for anyone looking for more control and security over their Docker images. The initial setup and configuration is a little confusing (and different documents list different steps), but once you’re ready to go, building, pushing, and pulling images is a simple process.

If you want to skip these confusing setup steps, several cloud providers offer DTR as a hosted service, including AWS and Azure.

Reference: An Introduction to the Docker Trusted Registry from our WCG partner Chris Ward at the Codeship Blog blog.

Chris Ward

Chris Ward is a technical writer, speaker, and developer.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Back to top button