Skip to main content

Private Docker Registry

Feature release status badge: PriPrev
PriPrev

Using private Docker registry for Docker setup

By default, the DataOps Docker runner will pull from the standard Docker Hub registry (at index.docker.io). However, this requires a broad set of outbound IP addresses to be allowlisted. For some customers, a tighter configuration is required.

This page describes the setup for using a private Docker Registry hosted on the same set of IP addresses that already need to be allowlisted for the DataOps.live data product platform itself. It has been written for Ubuntu, and some file paths may need to be modified for other operating systems.

To confirm your network connectivity to registry.dataops.live run the following telnet command.

telnet registry.dataops.live 443

If you see the message Connected to registry.dataops.live. you have network connectivity, and it's safe to continue.

If the command halts at Trying 3.9.0.146 or similar, your host does not have network connectivity, and you will need to resolve this with your network team before continuing.

To exit telnet, use the ctrl+] and then ctrl+d shortcut keys to close the connection.

Follow these instructions AFTER Docker has been installed. Still, BEFORE the DataOps Runner installation itself, edit (or more likely create since it won't be there) the file /etc/docker/daemon.json to contain the following:

{
  "registry-mirrors": ["https://registry.dataops.live"]
}

And then run:

sudo service docker restart

The command will tell docker to use https://registry.dataops.live as a primary and only fail back to docker.io if this is unavailable.

Confirm that docker has picked up this change with docker info, which should contain:

docker info
<snip>
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://registry.dataops.live/
 Live Restore Enabled: false

Then you need to set up ~/.docker/config.json to look exactly like:

{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "ZGF0YW9wc3JlYWQ6ZGNrcl9wYXRfODJGUTRPNk40eWI2ZlhKYzE1a0l2WDRRcnRn"
    },
    "registry.dataops.live": {
      "auth": "ZGF0YW9wc3JlYWQ6ZGNrcl9wYXRfODJGUTRPNk40eWI2ZlhKYzE1a0l2WDRRcnRn"
    }
  }
}

Note that this specifies the same credentials for two registries - due to a Docker peculiarity, this is required.

Using a private Docker registry for Kubernetes

Don't hesitate to contact Support for assistance.

Last updated on