Docker Swarm Registry

@skupr April 14, 2023 #docker #docker swarm #docker registry

Docker Swarm is a container orchestration platform that allows you to deploy and manage multiple containers across a cluster of machines. A Docker registry is a centralized place to store and manage Docker images, which are the packaged applications that run inside Docker containers.

In a Docker Swarm environment, the Docker registry is important for several reasons. First, it enables you to easily distribute and share your Docker images across the cluster, ensuring that all nodes have access to the latest version of the application. Second, it helps you to manage container versions and maintain consistency across the cluster. By using a registry, you can easily roll back to previous versions of the application if needed. Finally, it provides a way to authenticate and authorize access to the images, ensuring that only authorized users have access to the container images.

In summary, the Docker registry is an essential component of a Docker Swarm environment, providing a centralized and secure way to manage and distribute container images across the cluster.

One drawback of the installation example from the official docs is that we need to manage SSL certificates manually. Here is an example of how to automate it by using Traefik and Let's Encrypt in Docker Swarm with a docker-compose.yaml file:

version: "3.8"

networks:
  # Should be created before
  traefik-public:
    external: true

services:
  registry:
    image: registry:2
    networks:
      - traefik-public
    deploy:
      replicas: 1
      placement:
        constraints:
          # Use some constraints
          - node.role == registry
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        # `registry` is a stack that this service is deployed to
        - traefik.http.routers.registry-http.rule=Host(`your-registry-host`)
        - traefik.http.routers.registry-http.entrypoints=http
        - traefik.http.routers.registry-http.middlewares=https-redirect
        - traefik.http.routers.registry-https.rule=Host(`your-registry-host`)
        - traefik.http.routers.registry-https-https.entrypoints=https
        - traefik.http.routers.registry-https.tls=true
        - traefik.http.routers.registry-https.tls.certresolver=le
        - traefik.http.services.registry.loadbalancer.server.port=5000
        # https://doc.traefik.io/traefik/middlewares/http/basicauth/
        - traefik.http.middlewares.test-auth.basicauth.users=<user>:<password>

It can be deployed like this:

docker stack deploy -c docker-compose.yaml registry

Back to top