Podman : Use Registry2019/11/19 |
|
Install Registry to build Private Registry for Container Images.
|
|
| [1] |
On The Host the Registry Container runs, Get SSL Certificates, refer to here.
This example is based on the case that SSL certificates are gotten under the [/etc/letsencrypt/live/dlp.srv.world] and set the [Common Name] as [dlp.srv.world]. |
| [2] | Copy Certificates and pull Registry Image (v2). Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage. |
|
[root@dlp ~]#
[root@dlp ~]# mkdir -p /etc/containers/certs.d/dlp.srv.world:5000 [root@dlp ~]# cp -p /etc/letsencrypt/live/dlp.srv.world/cert.pem /etc/containers/certs.d/dlp.srv.world:5000/ca.crt
podman pull registry:2 [root@dlp ~]# mkdir /var/lib/containers/registry [root@dlp ~]# podman run --privileged -d -p 5000:5000 \
[root@dlp ~]# -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \ -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \ -v /etc/letsencrypt/live/dlp.srv.world:/certs \ -v /var/lib/containers/registry:/var/lib/registry \ registry:2 podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4ca421e1ddc6 docker.io/library/registry:2 /etc/docker/regis... 9 seconds ago Up 9 seconds ago 0.0.0.0:5000->5000/tcp naughty_mclaren |
| [3] | If Firewalld is running, allow mapped port. |
|
[root@dlp ~]# firewall-cmd --add-port=5000/tcp --permanent success [root@dlp ~]# firewall-cmd --reload success |
| [4] | For pushing local image to Registry Container, set like follows. |
|
# list images on Registry container [root@dlp ~]# curl https://dlp.srv.world:5000/v2/_catalog {"repositories":[]} podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/nginx_server latest 0311ace27400 18 minutes ago 991 MB srv.world/fedora_httpd latest bb6f86826d3f 25 minutes ago 622 MB docker.io/library/fedora latest f0858ad3febd 2 weeks ago 201 MB docker.io/library/registry 2 f32a97de94e1 8 months ago 26.4 MB # set a tag and push [root@dlp ~]# podman tag srv.world/nginx_server dlp.srv.world:5000/nginx_server [root@dlp ~]# podman push dlp.srv.world:5000/nginx_server Getting image source signatures Copying blob 2ae3cee18c8e done Copying blob 87d1869c5532 done Copying blob 45624da6267b done Copying config 0311ace274 done Writing manifest to image destination Storing signatures[root@dlp ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE srv.world/nginx_server latest 0311ace27400 19 minutes ago 991 MB dlp.srv.world:5000/nginx_server latest 0311ace27400 19 minutes ago 991 MB srv.world/fedora_httpd latest bb6f86826d3f 26 minutes ago 622 MB docker.io/library/fedora latest f0858ad3febd 2 weeks ago 201 MB docker.io/library/registry 2 f32a97de94e1 8 months ago 26.4 MB[root@dlp ~]# curl https://dlp.srv.world:5000/v2/_catalog {"repositories":["nginx_server"]} |
| [5] | For getting images from Registry Container on a Podman node, set like follows. |
|
# get certificate from Registry Container [root@node01 ~]# mkdir -p /etc/containers/certs.d/dlp.srv.world:5000 [root@node01 ~]# cd /etc/containers/certs.d/dlp.srv.world:5000 [root@node01 dlp.srv.world:5000]# scp dlp.srv.world:"/etc/containers/certs.d/dlp.srv.world:5000/ca.crt" ./
podman pull dlp.srv.world:5000/nginx_server Trying to pull dlp.srv.world:5000/nginx_server... Getting image source signatures Copying blob 73f1c0b667c0 done Copying blob c7d0a09b8e0f done Copying blob 315e857f93fb done Copying config 0311ace274 done Writing manifest to image destination Storing signatures 0311ace27400d80a643591ce434d7fae0b9d8dea43cb1363540a5d6918e6020c[root@node01 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/nginx_server latest 0311ace27400 26 minutes ago 991 MB |
| Sponsored Link |