docker registry #0
Description
The Docker registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images.
docker-registry-charm
Docker registry charm for Juju, to be used with the Canonical Distribution of Kubernetes (CDK) on Ubuntu Xenial:
Build the charm (until it is published to the charm store) with:
charm build
Deploy it locally with:
juju deploy ./builds/docker-registry
If you cannot pull upstream images to install the registry, you can use a resource:
docker pull registry:2.6.0
docker save -o /tmp/registry.tar registry:2.6.0
juju deploy ./builds/docker-registry --resource registry=/tmp/registry.tar
Verify the Docker registry responds after deploying it:
juju expose docker-registry
curl -X GET http://<docker_registry_ip_address>:5000/v2/_catalog
Optionally, hook your Docker registry to HAProxy and Apache units so you have a front-end:
juju deploy cs:haproxy
juju deploy cs:apache2
Once deployed, set up Apache configs before adding relations and exposing it:
juju config apache2 servername=<apache_ip_address>
juju config apache2 "enable_modules=proxy rewrite proxy_http proxy_balancer lbmethod_byrequests ssl headers"
juju config apache2 "vhost_https_template=$(cat example/server.https | base64 -w 0)"
juju config apache2 "vhost_http_template=$(cat example/server.http | base64 -w 0)"
juju config apache2 "ssl_key=$(cat example/server.key | base64 -w 0)"
juju config apache2 "ssl_cert=$(cat example/server.crt | base64 -w 0)"
juju config apache2 "ssl_keylocation=server.key"
juju config apache2 "ssl_certlocation=server.crt"
Finally, wrap it up:
juju add-relation docker-registry:website haproxy:reverseproxy
juju add-relation haproxy:website apache2:balancer
juju unexpose docker-registry
juju expose apache2
Verify the whole proxying is now working with TLS termination:
curl -X GET https://<apache_ip_address>/v2/_catalog
Push a test image to the new Docker registry using HTTPS:
docker pull busybox:latest
docker tag busybox:latest <apache_ip_address>:443/busybox:latest
docker push <apache_ip_address>:443/busybox:latest
Please note that you will need an actual signed certificate for this to work properly. The files inside the example/ directory are, well, an example of the settings only.
Configuration
- docker-opts
- (string) Extra options to pass to the docker daemon. e.g. --insecure-registry
- enable-cgroups
- (boolean) Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services
- extra_packages
- (string) Space separated list of extra deb packages to install.
- http_proxy
- (string) URL to use for HTTP_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
- https_proxy
- (string) URL to use for HTTPS_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
- install_from_upstream
- (boolean) Force it to workaround Server/Client API mismatches
- True
- install_keys
- (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
- install_sources
- (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
- nagios_context
- (string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
- juju
- nagios_servicegroups
- (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
- no_proxy
- (string) Comma-separated list of destinations (either domain names or IP addresses) that should be directly accessed, by opposition of going through the proxy defined above.
- package_status
- (string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
- install
- registry_port
- (int) Host port to bind the Docker registry
- 5000
- registry_tag
- (string) Registry tag to run
- 2.6.0