cancel
Showing results for 
Search instead for 
Did you mean: 
ipa
Cadet
Cadet
  • 1,368 Views

Creating and maintaining an Isolated Docker Registry

I'm looking for information about maintaining an isolated docker registry. Any good advice on how to stand it up initially (without building it first on an internet connected machine and then moving the whole machine over).

I would also like to know how to populate the isolated registry. For example, if I wanted the postgres image copied over from https://store.docker.com/images/postgres to my isolated registry what exactly do I need and how would I go about getting it from the internet registry and putting it in my local isolated registry? Do I have use docker to initiate a pull to acquire the image or can I simply go the webpage and download it and then move it over?

Looking at it, it seems like there isn't just an image but a bunch of "things" that get combined together to make the image. Is there a good document describing what makes a docker image?

0 Kudos
1 Reply
beelandc
Flight Engineer Flight Engineer
Flight Engineer
  • 1,360 Views

Unfortunately, answers to a lot of the questions you've asked are going to depend on your specific environment, However, in regards to populating the isolated registry with a particular image or set of images, you likely want the following two docker cli commands:

docker save
docker load

Docker save will export a given image or set of images as a tar file, which can then be migrated to a different host that has the docker daemon running. In particular, you can save an image with specific tag information by referring to the image by a specific tag. For example:

 docker save -o ./image_v25.tar registry.example.com:5000/repo/image:v2.5

Here is another command that will create a single .tar file containing every image currently stored in docker, preserving the repository and tags:

docker save -o ./dockerImages.tar $(docker images | grep -v REPOSITORY | awk '{print $1":"$2}')

Once you have the docker image(s) on a host with docker daemon that is in your disconnected environment, you can tag the image to your local disconnected registry and push to the registry.

docker load < image_v25.tar
docker push registry.example.com:5000/repo/image:v2.5

To summarize, here's a simple example workflow:

  1. On an internet-connected host, pull the image you want to the local docker daemon
  2. Add an additional tag of the image pointing to your local registry
  3. Use docker save to export the image w/ related metadata as a tar file
  4. Migrate the image file into your disconnected/semi-disconnected environment & load into a local docker daemon
  5. Push the image from the docker daemon into your local registry

You could build some variation of this scenario above using these commands. You can build scripts around the commands to automate things to the point where you have a manageable workflow. You might also be able to use additional software, such as scripts, a CI tool like Jenkins, or features of your docker registry to achieve the same ends, but that will depend on what is allowed and/or available in your particular environment.

References:

- https://docs.docker.com/engine/reference/commandline/save/

- https://docs.docker.com/engine/reference/commandline/load/

Join the discussion
You must log in to join this conversation.