Docker Getting Started Tutorial (iv) Docker Registry

Docker Getting Started Tutorial (iv) Docker Registry "Editor's note" dockerone organization translated FLUX7 's Docker starter tutorial, this is the fourth in a series of introductory tutorials that describes Docker Registry, which is an important component in Docker. This paper introduces the way of scene deduction, and it is highly recommended for readers to read.

In the previous article in the Docker Series tutorial, we discussed the importance of Dockerfile and provided a series of DOCKERFILE commands to make it easier to build images automatically. In this article, we'll cover an important component of Docker: Docker Registry. It is the central registry of all warehouses (both shared and private) as well as workflows. Before going into Docker registry, let's take a look at some common terminology and warehouse-related concepts.

1. Repositories (warehouses) can be labeled like or tagged like bookmarks.
2. Users can comment under the warehouse.
3. A private warehouse is similar to a shared warehouse, except that it is not displayed in search results and does not have permission to access it. Only users who are set up as collaborators can access the private warehouse.
4. Configure webhooks after successful push.

The Docker Registry has three roles, the index, the registry, and the registry client, respectively.

Role 1--Index

indexResponsible for and maintaining information about user accounts, mirrored checksums, and common namespaces. It maintains this information using the following components:

• Web UI
• Meta data storage
• Certification Services
• Symbolized

This also breaks down the longer URLs to facilitate the use and validation of the user repository.

Role 2--registry

registryis the repository for mirrors and graphs. However, it does not have a local database and does not provide user authentication, which is supported by S3, cloud files, and local file systems. In addition, the identity is authenticated through the token method of the index Auth service. Registries can have different types. Now let's analyze several of these types:

1. Sponsor Registry: Third-party Registry for use by customers and the Docker community.
2. Mirror Registry: Third party Registry, only for customers to use.
3. Vendor Registry: Registry provided by the vendor who released the Docker image.
4. Private Registry: Registry provided by private entities that have firewalls and additional layers of security.

Role 3--registry Client
Docker acts as a registry client for the task of maintaining push and pull, as well as the authorization of the client.

Docker Registry Workflow Details Now let's discuss five scenarios to get a better understanding of Docker Registry.

Scenario A: The user wants to get and download the image. The steps involved are as follows:

1. The user sends a request to index to download the image.
2. Index emits a response that returns three related pieces of information:
   
   • The image is located in the registry
   • This image includes a checksum for all layers
   • Token for authorization > Note: Tokens are returned when a x-docker-token is requested in the header. Private warehouses require Basic authentication, which is not mandatory for public warehouses.
3. The user communicates with the token and registry returned after the response, Registry is solely responsible for mirroring, which is used to store basic images and inherited layers.
4. Registry now has to confirm with index that the token is authorized.
5. Index sends "true" or "false" to registry, thus determining whether the user is allowed to download the required image.

Scenario B: The user wants to push the image to registry. The steps involved are as follows:

1. The user sends a request with a certificate to the index requirement to assign the library name.
2. After the authentication succeeds, the name space is available, and the library names are also assigned. Index sends a response to return a temporary token.
3. The mirrored tokens are pushed together into the registry.
4. Registry and index confirm that token is authorized and then start reading the push stream after index validation.
5. The index is updated by the image of the Docker checksum.

Scenario C: The user wants to remove the image from index or registry:

1. Index receives a signal from Docker to delete the library.
2. If index succeeds in validating the library, it deletes the library and returns a temporary token.
3. The registry now receives a delete signal with the token.
4. Registry and Index Verify the token, and then delete the library and all information related to it.
5. Docker now notifies you about the deleted index, and then index removes all records from the library.

Scenario D: The user wants to use registry in standalone mode without index.
Using registry without index, which is completely controlled by Docker, is best suited for storing images in a private network. The registry is running in a special mode that restricts the communication between registry and Docker index. All information about security and authentication requires the user's own attention.

Scenario E: The user wants to use Registry in standalone mode with index.
In this case, a custom index is created in the private network to store and access the mirror's problem. However, it is time-consuming to notify Docker about the custom index. Docker provides an interesting concept chaining registries, which allows for load balancing and registry allocations specified for specific requests. In the next series of Docker tutorials, we'll discuss how to use the Docker Registry API in each of these scenarios, and get an insight into Docker Security.

Original link: Part 4:registry & Workflows (translation: Tian vast review: Li Yingjie)

Docker Getting Started Tutorial (iv) Docker Registry