Getting started with your private Docker registry
Docker Registry is a system that lets you store and distribute your Docker images. The mainly known Docker Registry is the official Docker Hub, where you can find official public images such as Alpine, Golang or Debian.
Today, OVH allows you to use its own authenticated Docker Registry where you can privately store your Docker images. This is the best way to use your private images with our Docker with Mesos/Marathon offer without exposing them to everyone.
Create a registry account
Create a user
A registry account can have multiple users. Different users can have different access rights on namespaces and images (as detailed further along). You can create a user in the manager “Users” tab.
Be careful, the description of the user IS NOT its username. The username and the password will be randomly generated by our system. The description is only useful to easily retrieve a user from other tabs.
Create a namespace
Before pushing an image, you need to create a new namespace from the manager. To understand what a namespace is, let’s detail the composition of a Docker image URI:
- The registry URL, if not specified, is the official Docker Hub (docker.io). Otherwise, it indicates to Docker where to find the registry you want to contact.
- The namespace is like a folder where you will put multiple images
- The image is the name of your image
- The tag is like a version of your image (by default,
latest) and allows you to easily deploy a precise version of an image
Namespaces can be created from the Namespaces/Images tab. You only have to provide a name which will be further used to push and pull images.
Configure your namespace permissions
Once your namespace is created, you can select it from the dropdown list and inspect the images it contains, and manage its access permissions.
Just add the previously created user as admin (for example) and this user will be able to pull/push images on the entire namespace.
Login into our registry
Now, you can log in (authenticate) to our registry. It will generate a token used each time you will communicate with the registry and with our authentication system, so we will be able to retrieve the rights you have!
$ docker login registry.containers.ovh.net Username: wsbq5k5ysqyt Password: Login Succeed
Push your first image
You can finally push your first image into our registry! For this, you need to
tag the image you want. Let’s say that you want to push the official nginx image in our registry:
$ docker pull nginx # Pull official nginx image from Docker Hub $ docker tag nginx registry.containers.ovh.net/devatoria/nginx # Rename image and add registry information $ docker push registry.containers.ovh.net/devatoria/nginx # Push it!
After a few minutes (waiting for synchronization), you will be able to see your namespace images, tags, and details. You can also manage permissions directly on images.
By default, pushed images are private. It means that the image will be pullable/pushable only by users with authorizations on the image namespace. You can easily set your image as public (pullable by everyone, but pushable by authorized users only) by using the visibility switch.
You can know check out how to use a private registry with our Docker on Mesos/Marathon offer, to link your registry account to your Docker Stack.