Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Leveraging Docker Registry for your own deployments

Daniel Nashed – 6 March 2022 17:46:28

Sometimes you don't see the most straightforward even it is right in front of you...
I have always used my own registry for deploying Docker images.
Either a very light registry2 ( https://hub.docker.com/_/registry ).
Or a harbor registry ( https://goharbor.io/ ).

The harbor registry is very nice! But requires a separate server.

The own small Docker registry requires a TLS certificate and unless you switch it to port 5000, it might block your HTTPS port -- unless you put NGINX etc in front and use SNI etc ..

Docker HUB

So by coincident I ran again into Docker Hub to host my private image.

Because I am a one person company I don't need a subscription. And this allows me exactly one private repository.
With a $ 60 per year subscription you get unlimited private repositories and more access keys with more granular access.

Access to private repository by token

Using the login information might not be the best solution.
Unless you use a local security helper, the account information is completely unprotected on disk.
[ See https://docs.docker.com/engine/reference/commandline/login/#credentials-store ]

So a best practice would be to create an access token. With a basic account you can only create one full access token.
But that's still much better than using your full account on all your Docker/Podman/K8s deployments.

Creating your access token is a very easy step, returning an access token, used with your user and the token instead of the password.
[ See details her --> https://docs.docker.com/docker-hub/access-tokens/ ]

Here is an example:

docker login docker.io -u nashcom
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


Once your login was successful, you can tag an image and push it up. Don't try to pull my image! It's in a private repo and it will fail!
I am just using it to demonstrate how it would work.

docker tag   hclcom/domino:latest nashcom/domino:latest
docker push nashcom/domino:latest


So even if you are working for a larger company a pro account would be still a very good deal for this functionality only!
And you are entitled to run Docker desktop as well!

Both in combination for $5 per month is a very good deal.



Image:Leveraging Docker Registry for your own deployments



Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]