1
00:00:05,170 --> 00:00:06,010
‫...

2
00:00:06,320 --> 00:00:10,230
‫Now we're going to start the actual registry. We've been talking about it for a while,

3
00:00:10,370 --> 00:00:12,680
‫so let's actually do something with it.

4
00:00:12,950 --> 00:00:17,180
‫The registry is actually really just an HTTPS server like we've talked about.

5
00:00:17,180 --> 00:00:19,910
‫It runs on port 5000 by default.

6
00:00:19,910 --> 00:00:24,980
‫What we're going to do is we're going to start it and then we're going to re-tag an existing image

7
00:00:24,980 --> 00:00:29,840
‫that we have, that we actually got from Docker Hub. That's how you actually change where the registry,

8
00:00:30,380 --> 00:00:35,420
‫which registry is going to be used rather, is you're actually going to re-tag existing images. Then

9
00:00:35,450 --> 00:00:39,290
‫we're going to remove that image from our local cache and we're going to pull it down from the registry

10
00:00:39,370 --> 00:00:45,410
‫after we pushed it up there. Then we're going to actually stop and recreate the registry to show how

11
00:00:45,410 --> 00:00:46,980
‫you can change the storage.

12
00:00:47,060 --> 00:00:48,910
‫In our case, we're just going to use local storage,

13
00:00:48,920 --> 00:00:54,650
‫but there are lots of storage options that we'll talk about. I want to make a real quick note on

14
00:00:54,920 --> 00:01:02,030
‫the registry and how it prefers TLS. Out of the box, Docker will not talk to any registry unless

15
00:01:02,030 --> 00:01:05,720
‫it's running proper HTTPS security.

16
00:01:05,720 --> 00:01:05,990
‫Right?

17
00:01:05,990 --> 00:01:10,730
‫It wants to make sure that your authentication is encrypted and that anything else that's passed is

18
00:01:10,730 --> 00:01:11,420
‫trusted.

19
00:01:11,630 --> 00:01:13,190
‫So we call this Secure by Default.

20
00:01:13,220 --> 00:01:18,680
‫Right? You've probably heard that before. It actually won't talk with the registry we're going to create

21
00:01:18,740 --> 00:01:21,580
‫unless we're creating it on the local hosts, which we are.

22
00:01:21,620 --> 00:01:24,090
‫That's how we're going to do it, is just running on our local host.

23
00:01:24,170 --> 00:01:24,860
‫So that's easy.

24
00:01:24,860 --> 00:01:29,330
‫We don't actually have to worry about TLS just to test this thing out of the box because, like most

25
00:01:29,330 --> 00:01:33,080
‫websites, registry doesn't come with TLS built in.

26
00:01:33,080 --> 00:01:35,260
‫You have to usually create your own certificate.

27
00:01:35,480 --> 00:01:40,220
‫But, if you're going to do self-signed certificates for your registry or maybe you're going to run it

28
00:01:40,220 --> 00:01:42,030
‫remotely without

29
00:01:42,040 --> 00:01:46,670
‫TLS, which I don't encourage you to do but in case you need to, there's actually an insecure-registry

30
00:01:46,670 --> 00:01:49,230
‫option that you would have to enable in the engine.

31
00:01:49,280 --> 00:01:51,510
‫We're not going to cover that here.

32
00:01:51,620 --> 00:01:56,350
‫But just to know, that in production, if you ever need to do a self-signed certificate, that you would

33
00:01:56,390 --> 00:02:00,350
‫just need to enable that. You'll get a good error back from Docker, it'll say: "I can't talk to this registry

34
00:02:00,350 --> 00:02:01,910
‫because I don't trust it." kind of thing,

35
00:02:02,030 --> 00:02:03,250
‫if you try to do that.

36
00:02:03,350 --> 00:02:09,790
‫Today, we're just going to run it with regular HTTP on port 5000.

37
00:02:09,840 --> 00:02:18,210
‫Back to my local machine and do a docker container run -d -p 5000, and it defaults to 5000 in

38
00:02:18,210 --> 00:02:19,820
‫the container,

39
00:02:20,310 --> 00:02:27,240
‫and I'll just call it registry. Then we're using an image registry.

40
00:02:27,420 --> 00:02:33,810
‫If I do a docker container ls, you'll see that it's running. In order to use it,

41
00:02:33,840 --> 00:02:35,760
‫we actually use tags.

42
00:02:35,760 --> 00:02:43,980
‫If you remember with our images with Docker Hub, we had to put them in the format of account name

43
00:02:44,010 --> 00:02:49,640
‫and repository name but that's for Docker Hub. For any other registry,

44
00:02:49,680 --> 00:02:54,660
‫we actually need to label it with the host in there as well.

45
00:02:54,660 --> 00:03:02,470
‫I'm actually going to pull something called hello-world, because it's nice and small. When we run it,

46
00:03:05,260 --> 00:03:09,790
‫it just spits out some text that basically validates that that container ran, perfect for this nice

47
00:03:09,790 --> 00:03:16,570
‫little example. What I need to do in order to push it to my local registry is I need to give it another tag

48
00:03:16,810 --> 00:03:19,290
‫that tells my daemon where it needs to send it.

49
00:03:19,300 --> 00:03:26,170
‫We use docker tag and then the image I need to tag and then where I want to tag it to.

50
00:03:26,470 --> 00:03:31,350
‫So 127.0.0.1:5000,

51
00:03:31,350 --> 00:03:33,460
‫I have to put the port in there and then

52
00:03:33,460 --> 00:03:35,280
‫hello-world.

53
00:03:36,160 --> 00:03:42,260
‫This would be the equivalent of making my own official image at the root of my local registry.

54
00:03:42,460 --> 00:03:51,310
‫If I do a docker image ls, you see the hello-world here has two tags and it's the same image ID because

55
00:03:51,310 --> 00:03:52,920
‫all I did was give it another tag.

56
00:03:53,080 --> 00:03:59,350
‫But then if I do a docker push, it won't actually push to Docker Hub, it will see that there is an IP

57
00:03:59,350 --> 00:04:02,590
‫and port there and push up to my local registry.

58
00:04:02,590 --> 00:04:13,630
‫Now let's remove our local copies so docker image remove and docker image.

59
00:04:13,690 --> 00:04:14,390
‫OK.

60
00:04:14,760 --> 00:04:15,520
‫Oh. Right.

61
00:04:15,520 --> 00:04:18,720
‫Can't remove the image because we've got to get rid of that container first.

62
00:04:18,760 --> 00:04:24,710
‫So docker container rm, and that's the container that ran hello-world,

63
00:04:24,970 --> 00:04:27,560
‫now I can remove the image.

64
00:04:27,570 --> 00:04:28,280
‫There we go.

65
00:04:28,510 --> 00:04:34,000
‫OK so now if I do a docker image ls, I'm sure that I don't have it, right? I don't have that image.

66
00:04:34,180 --> 00:04:40,390
‫Now I can do a docker pull from that same location.

67
00:04:43,800 --> 00:04:44,550
‫There we go.

68
00:04:44,690 --> 00:04:46,300
‫I pull down that image.

69
00:04:46,360 --> 00:04:50,020
‫The first thing, if you're going to run your own registry for your own reasons,

70
00:04:50,170 --> 00:04:53,330
‫the first thing you want to do is use a volume to store the data.

71
00:04:53,440 --> 00:04:57,670
‫In this case, we could delete the registry and use a volume to do the same thing.

72
00:04:57,670 --> 00:05:05,410
‫If I was in this directory where I'm registry-sample-1, I could do a docker container kill registry,

73
00:05:07,340 --> 00:05:08,850
‫docker container

74
00:05:12,310 --> 00:05:13,750
‫rm registry.

75
00:05:13,930 --> 00:05:14,170
‫All right.

76
00:05:14,170 --> 00:05:22,720
‫So we've cleaned up our registry container. Let's make it again docker container run d port 5000,

77
00:05:26,650 --> 00:05:32,350
‫call it registry again. This time we're gonna give it a volume, and we're going to use the pwd trick

78
00:05:33,010 --> 00:05:35,260
‫to give our current working directory,

79
00:05:35,530 --> 00:05:42,520
‫and then I'm going to put a subdirectory in here of registry data. That needs to go to var lib registry.

80
00:05:42,790 --> 00:05:45,770
‫The last part is we're using the registry image.

81
00:05:45,820 --> 00:05:48,580
‫This is technically a new registry with a new database.

82
00:05:48,580 --> 00:05:55,690
‫If you did an ll on the registry data, there wouldn't be anything there yet, but if I took the image

83
00:05:55,690 --> 00:05:59,980
‫we just did a while ago and pulled it back down,

84
00:05:59,980 --> 00:06:01,930
‫you'll see we have the hello-world still there.

85
00:06:01,930 --> 00:06:06,220
‫If I do a docker push again, it should push it right back up there.

86
00:06:06,250 --> 00:06:15,610
‫Now if I do an ll and the registry data directory, you'll see some information in there. I just

87
00:06:15,610 --> 00:06:16,760
‫did a tree command

88
00:06:16,810 --> 00:06:22,540
‫that may not be on your operating system but you don't actually have to run if you don't want. It's a common

89
00:06:22,540 --> 00:06:27,730
‫Linux tool that would show me all the different paths here. You'll see that it actually breaks things

90
00:06:27,730 --> 00:06:33,970
‫down into the data, or blobs, which is the actual binaries that are inside the image, then the

91
00:06:34,060 --> 00:06:40,750
‫metadata around it, which is the manifest, and the tags and such. Everything is in their own SHA directories

92
00:06:40,780 --> 00:06:42,990
‫because you've got multiple layers going on here.

93
00:06:43,210 --> 00:06:48,060
‫It's not really particularly useful for us to dig around in there but it's interesting to see.

94
00:06:48,100 --> 00:06:48,850
‫So there you go.

95
00:06:48,880 --> 00:06:52,390
‫That's the basics of running a registry on your local machine.

96
00:06:52,390 --> 00:06:57,910
‫Then next, we'll need to secure it with some TLS and then enable some authentication.

97
00:06:57,910 --> 00:07:01,180
‫All right. That's the basics of running a Docker registry.

98
00:07:01,210 --> 00:07:06,700
‫Here are the major commands that we ran in this lecture. You might want to pause here if you wanted

99
00:07:06,700 --> 00:07:10,210
‫to write any down or make sure that yours are correct.

100
00:07:10,240 --> 00:07:13,870
‫Now that you're done with this lecture, remember to clean up so you can start with a fresh slate

101
00:07:13,900 --> 00:07:14,890
‫on the next lecture.