Introduction to Docker Trusted Registry

Picture of ITGix Team
ITGix Team
Passionate DevOps & Cloud Engineers
Reading time: 4 mins.
Last Updated: 08.01.2024

Table of Contents

Introduction to Docker Trusted Registry

What is Docker Trusted Registry?

Since you are here, you have probably heard of Docker. When you search it in Google the first result is: “Docker – Build, Ship, and Run Any App, Anywhere” – don’t believe me, try it yourself. That sounds great but in the means of Privacy and protecting your intellectual property, it doesn’t. This is because of the question “Ship to where?”, to Docker hub where the whole world can just do a simple pull and have all your work at his disposal?

In this blog post, I will introduce you to the Docker Trusted Registry and its benefits. It is a registry service that you can run on-premise or in a virtual private cloud, where it is safe behind your company firewall. From here it is easy to store and manage your Docker images, which are the building blocks of your application stack. Trusted Registry is available in conjunction with a commercially supported Docker Engine to provide you with the peace of mind and support needed for your application environment. It is part of the Docker Datacenter Subscription which also includes a Universal Control Panel. The Docker Trusted Registry is easy to install and integrate with your existing infrastructure.

Docker benefits:

• Supports a wide range of storage drivers like S3, Azure, Swift, and local systems which of course can also be a network drive. They come in handy when you are considering a cluster installation and all of the cluster members need access to a certain file system.
    • LDAP/AD integration which means all users will authenticate with your company’s directory service. With it, you can configure various role-based access levels like admin, user, or read-only access. Sure if you are a small company you can rely on the manual user control and the kind of access you provide. In both cases, you have user auditing which can be used to track any user activities.
    • Trusted registry gets you started fast with an intuitive and easy-to-use GUI. There you can apply for non-disruptive patches and releases. Upgrading to the latest minor, patch, or major release is just a one-button click within the application.
The table below describes what you get in more detail from the Docker Datacenter Subscription:

Docker Datacenter

Let’s jump to the interesting part!

    – Make sure your machine has the minimum of:
        • Linux kernel version 3.10 or higher
        • CS Docker Engine version 1.13.0 or higher
        • 4.00 GB of RAM
        • 3.00 GB of available disk space
    – And your hosts are running one of these operating systems:
        • CentOS 7.1 or 7.2
        • Red Hat Enterprise Linux 7.0, 7.1, 7.2, or 7.3
        • Ubuntu 14.04 LTS or 16.04 LTS
        • SUSE Linux Enterprise 12

    – Make sure you have installed the Docker engine on your host.

Since DTR requires Docker Universal Plane (UCP), you need to install it first, here is how to do that:

Install Docker Universal Plane (UCP)

    – Create a volume folder “/var/lib/docker/volumes/ucp-controller-server-certs/_data/”. Therе you will put your external certificates. “ca.pem” -Your root CA certificate; “cert.pem” – Your signed certificate, followed by any intermediate certificates; “key.pem” – Your private key. Friendly advise, do not change the certificate file names.
    – Install the UCP controller. The command below is just an example, make sure to change them before executing.

$docker run --rm -it --name ucp 
     -v /var/run/docker.sock:/var/run/docker.sock 
    docker/ucp install -i 
    --host-address                                                                  #Specify the visible IP for this node
    --controller-port 8443                                                                        #Port on which UCP will be accessible
    --disable-tracking                                                                            #Disable anonymous tracking and analytics
    --disable-usage                                                                               #Disable anonymous usage reporting
    --admin-username admin                                                                        #Admin user credentials
    --admin-password MakeUpGoodPassPlease            
    --external-server-cert                                                                        #flag if you’re using server certificates signed by an external CA

– Reboot the whole machine, this is experience talking.
    – Check if the UCP application is accessible, if not, check what docker processes are running “docker ps -a”
    – If you decided to have AD authentication, log in to UCP with admin credentials and configure LDAP/AD authentication. When we install DTR, the configuration will be automatically transferred.

Time for the actual Docker Trusted Registry installation:

$curl -k > ucp-ca.pem #Get the signed certificate for next step

  – To install DTR use the docker/dtr image

$docker run -it --rm docker/dtr:2.2.4 install 
    --ucp-url                                                        #The UCP URL including domain and port
    --ucp-node                                                                 #The hostname of the target UCP node. Set to empty string or “random” to pick one at random.
    --dtr-external-url                                                #URL of the host or load balancer clients use to reach DTR. Format https://host[:port]
    --ucp-username admin                                                                     #Admin user credentials
    --ucp-password MakeUpGoodPassPlease 
    --ucp-ca "$(cat ucp-ca.pem)"                                                              #External signed certificate

    – Again I would recommend rebooting the machine.
    – Check if the DTR application is accessible, if not, check what docker processes are running “docker ps -a”

The next steps are to configure backend storage for DTR. Make sure you provide enough disk space whether you choose S3, Azure, Swift, or a local system.
Make a quick push and pull test. Remember that you first have to do a ‘docker login <DTR-url>’ so when you do a ‘docker push/pull’ it knows there is an additional repo to search for images.

Start a conversation now!

Any comments and questions are most certainly welcome. It would be really interesting for me to have a discussion on the subject of the Docker Trusted Registry!

Leave a Reply

Your email address will not be published. Required fields are marked *

More Posts

In late February, the cybersecurity world uncovered a highly sophisticated attempt to compromise Linux systems by exploiting vulnerabilities in open-source software. Unlike typical attacks that seek out security flaws or...
This guide will walk you through deploying multiple AWS Lambda functions using Pulumi, an infrastructure as code tool that allows you to define and manage cloud resources using familiar programming...
Get In Touch
ITGix provides you with expert consultancy and tailored DevOps services to accelerate your business growth.
Newsletter for
Tech Experts
Join 12,000+ business leaders and engineers who receive blogs, e-Books, and case studies on emerging technology.