« Previous 1 2 3
Build and host Docker images
Master Builder
Your Registry
By the way, GitLab offers features that are very similar to GitHub. If you don't want to spend money on GitHub to create your own private repositories, you can switch to a local GitLab instance instead. Also, if you do not want to make your images available to the public, you will need a private registry for your container images.
That said, running the repository is not as easy as you might think at first. Useful software for this task was not available under a free license for a long time. Fortunately, several providers now have suitable offerings on the market, and one of them is Docker itself. The command in Listing 5 launches a local Docker registry. The command details are important.
Listing 5
Local Docker Registry
docker service create --name registry --secret domain.crt --secret domain.key --constraint 'node.labels.registry==true' --mount type=bind,src=/mnt/registry,dst=/var/lib/registry -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/domain.crt -e REGISTRY_HTTP_TLS_KEY=/run/secrets/domain.key --publish published=443,target=443 --replicas 1 registry:2
The example assumes that the /mnt/registry/
folder exists on the host, because it will be mounted to /var/lib/registry/
later in the running container. You also need to create the domain.crt
and domain.key
secrets on the host through Docker. You can do so with the first two commands,
$ docker secret create domain.crt certs/domain.crt$ docker secret create domain.key certs/domain.key$ docker node update --label-add registry=true <hostname>
which also add the contents of the two files as passwords to Docker's metadata. Before adding the Docker service, the last line creates a label for the node running the registry.
Again, this example is very simple. For example, the option to secure access to images with a username and password combination is missing. Technically, this would not be a problem; the Docker documentation contains more information on the subject.
Running a registry with Quay (Figure 4) offers significantly more scope than the standard Docker approach. The service, which was developed by Red Hat to a large extent, not only delivers images to clients but also has comprehensive CI/CD functions on board in the background (Figure 5). The project [3] is available under a free license, but the setup is not very intuitive. The simplest option is to roll out Quay in the form of a prebuilt container in Kubernetes.
Conclusions: Not Too Tricky
As the examples show, building Docker containers is not particularly complicated. Even running a separate registry for containers is quite easy, all told. If you are planning larger workloads that are based on containers, you will inevitably have to square up to the task of building images. The best idea is to use only official Docker Hub images as the basis for your own work. All other approaches involve a huge risk of working blindfolded and can quickly turn into a nightmare. When it comes to the practical process of building containers, CI/CD tools will help make the whole experience more convenient.
Want to learn about Docker’s toolset for container development? Download our new focus guide and go inside the world of Docker. Available free for a limited time.
Infos
- "Running the NGINX Server in a Docker Container" by Haidar Ali, May 2022, Baeldung: https://www.baeldung.com/linux/nginx-docker-container
- "Continuous Integration and Delivery of Microservices Using Jenkins CI, Maven, and Docker Compose" by Gary Stafford, January 2016: https://programmaticponderings.com/2015/06/22/continuous-integration-and-delivery-of-microservices-using-jenkins-ci-maven-and-docker-compose/
- Quay on GitHub: https://github.com/quay/quay
- Quay: https://quay.io
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)