docker registry ^#0

By jacekn
stable

Supports: xenial trusty

Description

The Docker registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images.

Series:
xenial ›
trusty ›

docker-registry-charm

Docker registry charm for Juju, to be used with the Canonical Distribution of Kubernetes (CDK) on Ubuntu Xenial:

Build the charm (until it is published to the charm store) with:

charm build

Deploy it locally with:

juju deploy ./builds/docker-registry

If you cannot pull upstream images to install the registry, you can use a resource:

docker pull registry:2.6.0
docker save -o /tmp/registry.tar registry:2.6.0
juju deploy ./builds/docker-registry --resource registry=/tmp/registry.tar

Verify the Docker registry responds after deploying it:

juju expose docker-registry
curl -X GET http://<docker_registry_ip_address>:5000/v2/_catalog

Optionally, hook your Docker registry to HAProxy and Apache units so you have a front-end:

juju deploy cs:haproxy
juju deploy cs:apache2

Once deployed, set up Apache configs before adding relations and exposing it:

juju config apache2 servername=<apache_ip_address>
juju config apache2 "enable_modules=proxy rewrite proxy_http proxy_balancer lbmethod_byrequests ssl headers"
juju config apache2 "vhost_https_template=$(cat example/server.https | base64 -w 0)"
juju config apache2 "vhost_http_template=$(cat example/server.http | base64 -w 0)"
juju config apache2 "ssl_key=$(cat example/server.key | base64 -w 0)"
juju config apache2 "ssl_cert=$(cat example/server.crt | base64 -w 0)"
juju config apache2 "ssl_keylocation=server.key"
juju config apache2 "ssl_certlocation=server.crt"

Finally, wrap it up:

juju add-relation docker-registry:website haproxy:reverseproxy
juju add-relation haproxy:website apache2:balancer
juju unexpose docker-registry
juju expose apache2

Verify the whole proxying is now working with TLS termination:

curl -X GET https://<apache_ip_address>/v2/_catalog

Push a test image to the new Docker registry using HTTPS:

docker pull busybox:latest
docker tag busybox:latest <apache_ip_address>:443/busybox:latest
docker push <apache_ip_address>:443/busybox:latest

Please note that you will need an actual signed certificate for this to work properly. The files inside the example/ directory are, well, an example of the settings only.

Configuration

docker-opts: (string) Extra options to pass to the docker daemon. e.g. --insecure-registry
enable-cgroups: (boolean) Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services
extra_packages: (string) Space separated list of extra deb packages to install.
http_proxy: (string) URL to use for HTTP_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
https_proxy: (string) URL to use for HTTPS_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
install_from_upstream: (boolean) Force it to workaround Server/Client API mismatches; True
install_keys: (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources: (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
nagios_context: (string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.; juju
nagios_servicegroups: (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
no_proxy: (string) Comma-separated list of destinations (either domain names or IP addresses) that should be directly accessed, by opposition of going through the proxy defined above.
package_status: (string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".; install
registry_port: (int) Host port to bind the Docker registry; 5000
registry_tag: (string) Registry tag to run; 2.6.0