Versions Compared

Old Version 2

changes.mady.by.user Mary Connor

Saved on

compared with

New Version 3

changes.mady.by.user Jamshid Afshar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: example docker-compose.yml with secrets

...

The elements to change are in the storage section.

Replace storage:with S3:


Code Block
storage: 
    cache: 
        blobdescriptor: inmemory 
    filesystem: 
        rootdirectory: /var/lib/registry



Code Block
  s3:
    accesskey: awsaccesskey
    secretkey: awssecretkey
    region: us-west-1
    regionendpoint: http://myobjects.local
    bucket: bucketname
    encrypt: true
    keyid: mykeyid
    secure: true
    v4auth: true
    chunksize: 5242880
    multipartcopychunksize: 33554432
    multipartcopymaxconcurrency: 100
    multipartcopythresholdsize: 33554432
    rootdirectory: /s3/object/name/prefix




Example of a full config.yml:

...

Info
titleImportant

The config file example shows how to interact with the storage and is sufficient only for a small lab environment. To put the registry into production, more configuration is required.

Follow the Docker registry guidance:

Option 3: Configure with YAML file

Here is a docker-compose.yml for our internal registry, of course with a Swarm S3 backend.

Code Block
# /var/permanent/s3-registry/docker-compose.yml
#
# $ cd /var/permanent/s3-registry
# $ docker-compose --compatibility up -d
# $ docker-compose --compatibility ps
# $ docker-compose --compatibility logs -f
#
# Assumes directory /var/permanent/certs exists on the docker
# server containing a valid cert for the docker server hostname.

version: '3.7'

services:

  s3registry:
    restart: always
    image: registry:2
    deploy:
      resources:
        limits:
          memory: 2g
    ports:
      - "3333:5000"
    secrets:
      - docker-repo.tx.caringo.com.crt
      - docker-repo.tx.caringo.com.key
      - s3_accesskey
      - s3_secretkey
    entrypoint: ["sh", "-xc", "REGISTRY_STORAGE_S3_ACCESSKEY=`cat /run/secrets/s3_accesskey` REGISTRY_STORAGE_S3_SECRETKEY=`cat /run/secrets/s3_secretkey` registry serve /etc/docker/registry/config.yml"]
    environment:
      - REGISTRY_LOG_LEVEL=debug
      - REGISTRY_LOG_FIELDS_SERVICE=registry
      - REGISTRY_LOG_FIELDS_ENVIRONMENT=development
      
      - REGISTRY_STORAGE_DELETE_ENABLED=true
      - REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/docker-repo.tx.caringo.com.crt
      - REGISTRY_HTTP_TLS_KEY=/run/secrets/docker-repo.tx.caringo.com.key
      
      - REGISTRY_STORAGE=s3
      - REGISTRY_STORAGE_S3_SECURE=true
      - REGISTRY_STORAGE_S3_REGION=generic
      - REGISTRY_STORAGE_S3_REGIONENDPOINT=https://registry-blobs.cloud.caringo.com
      - REGISTRY_STORAGE_S3_ENCRYPT=false
      - REGISTRY_STORAGE_S3_SKIPVERIFY=false
      - REGISTRY_STORAGE_S3_BUCKET=docker-repo
      - REGISTRY_STORAGE_S3_ROOTDIRECTORY=
      - REGISTRY_STORAGE_S3_ACCESSKEY
      - REGISTRY_STORAGE_S3_SECRETKEY

      - REGISTRY_STORAGE_S3_CHUNKSIZE=104857600
      - REGISTRY_HTTP_HOST=https://docker-repo.tx.caringo.com:3333

secrets:
  s3_accesskey:
    file: /home/build/s3-access-key.txt
  s3_secretkey:
    file: /home/build/s3-secret-key.txt
  docker-repo.tx.caringo.com.crt:
    file: /var/permanent/certs/docker-repo.tx.caringo.com.crt
  docker-repo.tx.caringo.com.key:
    file: /var/permanent/certs/docker-repo.tx.caringo.com.key

Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@957
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "kb-how-to-article" and type = "page" and space = "KB"
labelskb-how-to-article

...