README (1463B)
1 DOCKER REGISTRY ON NOMAD 2 ------------------------ 3 4 Add a host network "private" to expose the registry on the loopback of the Nomad clients: 5 https://www.nomadproject.io/docs/configuration/client#host_network-stanza 6 7 # client.hcl 8 client { 9 host_network "private" { 10 cidr = "127.0.0.1/32" 11 } 12 } 13 14 15 PUSHING IMAGES 16 -------------- 17 18 - Login to any client 19 - docker image tag $NAME:$TAG 127.0.0.1:5000/$NAME:$TAG 20 - docker push 127.0.0.1:5000/$NAME:$TAG 21 22 LIST IMAGES 23 ----------- 24 25 - curl http://127.0.0.1:5000/v2/_catalog 26 - https://docs.docker.com/registry/spec/api/#listing-repositories 27 28 LIST TAGS 29 --------- 30 31 - curl http://127.0.0.1:5000/v2/$NAME/tags/list 32 - https://docs.docker.com/registry/spec/api/#listing-image-tags 33 34 PUBLIC REGISTRY WITH BASIC AUTH AND TLS 35 --------------------------------------- 36 37 Ensure prerequisites for Vault integration in Nomad: 38 https://www.nomadproject.io/docs/integrations/vault-integration 39 40 Add htpasswd to the Vault secret in kv/registry: 41 42 vault kv put kv/registry htpasswd='admin:bcrypt-hash' 43 44 Create Vault policy public-registry.hcl: 45 46 path "kv/data/registry*" { 47 capabilities = ["read"] 48 } 49 50 Create a Nomad variable "registry/host" with the public name of the registry in 51 plain-text. For example: 52 53 hub.docker.com 54 55 GARBAGE COLLECTION 56 ------------------ 57 58 TODO: add job for gc 59 60 /bin/registry garbage-collect /etc/docker/registry/config.yml 61 62 https://docs.docker.com/registry/garbage-collection/#run-garbage-collection