Operations grimoire/Docker registry

From Nasqueron Agora

📕📁📜 Old technical information :: content warning

⌛ This Nasqueron Operations Grimoire page hasn't been updated for a long time.

☣ As our infrastructure evolves quickly, there is a good chance this information is outdated or now inaccurate. Be careful and consider update it.

➡️ To assert the information is still up-to-date or not, you can check the history of the relevant role in our Operations repository.

The private Docker registry is currently deployed on Equatower.

FAQ

What it contains?

The content can be inspected at https://infra.nasqueron.org/docker/registry. This page uses a small API in Rust, deployed also on Equatower (docker-registry-api container).

Allow or restrict an IP

The IPs allowed to connect to the registry to pull and push containers are configured at nginx level.

  1. Edit rOPS: pillar/paas/docker.sls to adjust the list of IPs under allowed_ips key.
  2. Update nginx configuration with salt equatower state.sls_id /etc/nginx/vhosts/registry/registry.conf roles/paas-docker/nginx/config
  3. Reload nginx on Equatower sudo nginx -t && sudo nginx -s reload