Defining docker registry inside docker-compose to use in a swarm with stack deploy

Question

For all the experienced DevOps guys, I have a question about deploying a private registry as part of a stack in a swarm.

It seems from docker documentation that registry needs to be first defined and exposed (and also secured) and images pushed into it first. And only then it can be used in a stack.

But I’m wondering if I only want to use this registry container for the specific stack I am deploying, is there a way to define the registry as part of the docker-compose.yml and then define other containers with depends_on -myregistry?

My general container structure is: app, Jenkins, secure Nginx as reverse proxy (this is the only one exposed to the host), and now I want to add the registry container (because I gather this is the only way to run the swarm..or is it?)

What I am trying to achieve here is to have a stack that can be deployed right away with docker stack deploy —compose-file , without having to first create the registry and pushing images into it. Also, in theory if this registry is only accessible to the services that are part of the stack, then it doesn’t really need all that security..is it true?

Any guidance will be greatly appreciated.

Answer 1

You host a registry to give all your swarm nodes access to your images. It's nothing more than a central image store. Swarm mode does not depend on a private registry, just make sure that every node the service will get deployed to has access to the image.

Even if you accomplish to build a stack that contains the registry, you will need to push your images to it. That can't be done with docker stack deploy.

Answer 2

I agree with @mikgne above. My research on this topic rendered the following (answer by one Docker guru on his blog..):

Very theoretically it is possible to create registry and push images into it, as long as the registry service is created first and right after that there is another temporary service that builds/pushes images into it. Then consecutive services can pull from this registry. This apparently goes against the concept of services in Docker, as they aren’t meant to be temporary.

Basically I understand that the registry has to be created first and then images pushed into it. I think that Docker should consider implementing this automatic push.. I don’t know if a drawback to such an approach, please share your ideas if you think it isn’t a good approach and what problems might this cause.