Deploying a Private Docker Registry to Cycle
Secure access to your own private registry helps control who has access to your images. Compared to usage-based services such as Docker Hub and Quay, a Cycle hosted private registry only consumes the resources you give it access to, yielding a more cost-effective deployment.
Let’s take a look at how simple it is to deploy a private Docker registry on Cycle. If you haven’t had the chance to make a Cycle account, don’t worry, I’ll include plenty of images to show the full process.
If you do want to follow along on your Cycle account, log into a hub, and I’ll get us going from a new environment, for those that wish to follow along but need to make an account, follow this guide to get up to speed in just a few minutes.
1. Create a new environment
Head over to the “Environments” tab and select “Add New Environment” from the top right.
Once you’re there, name your environment, select a cluster, and “Create Environment”.
2. Pull in the registry image and deploy it to the environment.
Click the “Deploy Container” button from your newly created environments, dashboard. This brings up the deploy container wizard.
With the deploy container wizard, we can do two things at once.
First, the wizard will import the image from Docker Hub, and then we will create a container from the image with the settings we put into the wizard.
I named my container registry. Per standards, I like to name my containers in lowercase and in line with the name of the image I’m using to create them.
We will choose:
Scrolling down, you’ll see that we have the option to import a new image. Select this option.
Select “Docker Hub” and put in
registry as the image name and “2” as the tag, then “Import”.
After importing, Cycle will import the image. During this time, move on to the Network Settings. For this container setting Public Network to enabled will be necessary. Also, make sure that the hostname is also “registry” ( Cycle should have filled this in automatically )
When the image is finished downloading:
- A dropdown menu will become available.
- Open the dropdown and select the registry image from the list.
- Choose the size of your volume.
- Create Container
3. Add Environment Variables and Set Ports
Now that the container has been imported into the environment, environment variables need to be set. One of the nice parts about working with containers on Cycle is the environment variables and other configuration settings can be set, changed, and updated after the container has been created through a graphical interface.
Nav to “Config” on the top menu of the new containers dashboard.
After navigating to the containers config page:
- Select the “Runtime” tab
- Enter the environment variable (seen below)
- “Add Variable” after entering each variable
- Select the “Network” tab
- Enter the ports
443:5000(pressing tab after the entry)
- Click “Save Config” at the bottom.
Navigate back to the environment dashboard and hold the “start” button on the top right of the screen to start all of the containers in the environment. This will start the discovery service, load balancer, and registry containers.
4. Create a user and password for the registry
Open a new window and search for a htpasswd generator or use this link.
Make sure to copy down the user name and password you make somewhere safe. The only way that the encryption will work is if you use bCrypt. Select bCrypt from the list of possible encryptions before hashing the password.
5. Use the two-way console to add your user to the htpasswd file
Updating the htpasswd file through the two-way console is a snap.
To find the two-way console start on the environment dashboard > Containers > registry > Instances > the registry instance. This is the instance console page. It has information about the instance, a stream of the console output, volume information ( if the remote connection is enabled ), IP, and ssh access credentials.
Press “Request Access” to reveal temporary credentials.
After revealing the credentials, copy and paste the ssh credentials into a terminal. This creates a secure ssh connection where the container files can be debugged and modified. Copy the user and password information created earlier. Go to /var/lib/registry:
- vi htpasswd
- from normal mode type “dd” to delete the docker user
- press “i” to enter insert mode
This enters into insert mode paste your username and password credentials in the same format as the example.
- press “esc” to exit insert mode
- save and quit the editor (:wq)
After entering the new user, exit the connection and use a linked record to point your domain at the registry container.
For more information on how to set up DNS on Cycle, check this guide.
6. Tag a docker image, push it to your registry, and import it to Cycle.
Open a terminal and pull down an image to work with from docker. I use alpine for this guide.
- Tag the image: docker tag image:tag subdomain.domain.tld/image:tag
- Log into the new registry
docker login subdomain.domain.tld
- Push the image to the registry docker push subdomain.domain.tld/image:tag
- Import it to Cycle.
- Select the images tab and then “Import Image”
Choose “Docker Registry” and enter the registry credentials into the import form and “Import”. (Be sure to enter the image that was just pushed to the new registry)
After the image finishes importing, congratulations, you have successfully imported your image from your private registry.
Still Have Questions?
If you want to dive in and learn more, head over to our slack channel. Our community is growing, and our team hangs out there daily. Feel free to shoot us a message any time with your questions and we’ll be sure to respond!
Of course, for a more in-depth look at how to use Cycle, check out our documentation.