Private Docker Registry? Yes, Please!

As we all know, container based architectures and applications are here to stay. It is very easy to get started and learn the basics by trying some of the Docker images hosted at Docker Hub. However, at some point after getting tired of Docker tutorials and ready-made images we start wondering: Where can I host my own Docker images? I don't want to use public Docker image registry! Naturally, you can sign-up and start paying to get your private Docker image registry hosting from Docker Hub or Quay. Alternatively you may run your own Docker image registry, but it's a hassle to setup and for many of us it's just too much.

In reality, when working on projects built with container technologies, it is not always possible to use image registry that is public. There might be also concerns with private image registry if hosted by third parties. For that reason, we decided to add private Docker image registry as a built-in feature. It is now very easy to setup a private image registry to your own servers using Kontena.

Here's how to create private image registry:

$ kontena registry create

Once you have VPN access to your grid with image registry, you can push/pull Docker images to your private registry using registry.kontena.local address.

About Security, Future Plans

Registry is not using TLS or authentication by default so you need to allow your local Docker daemon to use it by setting --insecure-registry=registry.kontena.local option. However, registry is only reachable from the grid where it is created. In practice this means that only way to push images to registry is through Kontena VPN. This protects registry from unauthorized access and makes it easy to push images from your development machines (or CI). We are looking ways to improve registry security by adding options to enable TLS/authentication.

Learn more about Kontena's built-in image registry from Kontena Documentation.

Image Credits: Sam Cummings, Locks and Rust