AIOps - Private registry setup with Podman
Article ID: 374524
Updated On:
Products
Issue/Introduction
We are using Podman without docker, but we are unsure about the private registry.
What are the best private registry setup with Podman
Environment
- DX Platform 24.x
- DX AIOps 24.x
Resolution
Below is a summary of the steps to take: (NOTE: replace the hostname with your FQDN and certs path accordingly to your setup)
rm -rf /var/registry_certs /var/registrydata
mkdir -p /var/registry_certs /var/registrydata
rm -rf /etc/containers/certs.d/hostname:5000
openssl req -newkey rsa:4096 -nodes -sha256 -subj "/C=country/ST=sate/L=Location=Orgname/" -addext "subjectAltName = DNS:hostname" -keyout /var/registry_certs/domain.key -x509 -days 1095 -out /var/registry_certs/domain.crt
podman run -d -p 5000:5000 -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry -v /var/registrydata:/var/lib/registry:Z -v /var/registry_certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --security-opt label:disable --restart=always --name registry registry:2
podman run -d -p 5000:5000 -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry -v /var/registrydata:/var/lib/registry:Z -v /var/registry_certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --security-opt label:disable --restart=always --name registry registry:2
sudo mkdir -p /etc/containers/certs.d/hostname:5000
sudo cp -rf /var/registry_certs/domain.crt /etc/containers/certs.d/hostname:5000/ca.crt
curl -k https://hostname:5000/v2/_catalog
Additional Information
Feedback
