Using a Private Docker Registry

Using a Private Docker Registry

To supply credentials to pull from a private Docker registry, create an archive of your Docker credentials, then add it as a URI in your application definition.

Step 1: Compress Docker credentials

  1. Log in to the private registry manually. Login creates a .docker folder and a .docker/config.json file in your home directory.

       docker login some.docker.host.com
       Username: foo
       Password:
       Email: foo@bar.com
    
  2. Compress the .docker folder and its contents.

     cd ~
     tar -czf docker.tar.gz .docker
    
  3. Verify that both files are in the archive.

       tar -tvf ~/docker.tar.gz
    
       drwx------ root/root         0 2015-07-28 02:54 .docker/
       -rw------- root/root       114 2015-07-28 01:31 .docker/config.json
    
  4. Put the archive file in a location that is accessible to your application definition.

     cp docker.tar.gz /etc/
    

Important: The URI must be accessible by all nodes that will start your application. You can distribute the file to the local filesystem of all nodes, for example via RSYNC/SCP, or store it on a shared network drive like Amazon S3. Consider the security implications of your chosen approach carefully.

Step 2: Add URI path to app definition

  1. Add the path to the archive file login credentials to your app definition.

     "uris": [
        "file:///etc/docker.tar.gz"
     ]
    

    For example:

     {  
       "id": "/some/name/or/id",
       "cpus": 1,
       "mem": 1024,
       "instances": 1,
       "container": {
         "type": "DOCKER",
         "docker": {
           "image": "some.docker.host.com/namespace/repo",
           "network": "HOST"
         }
       },
       "uris":  [
           "file:///etc/docker.tar.gz"
       ]
     }
    
  2. The Docker image will now pull using the security credentials you specified.