My current Rancher setup has one host running the Rancher server stack inside an nginx reverse-proxy and some Let’s Encrypt goodness, and another host running the Rancher host stack plus all my orchestrated stacks.
My current workflow involves running Circle CI on merges to master and having Circle run simple tests on images before pushing them to Docker’s hub and finally using rancher-compose to trigger an upgrade.
I would like to substitute a private registry in place of Docker’s hub, and I would like to place this private registry on the same host which is running the Rancher server. Is anyone else doing this?
Docker’s registry:2 container insists on TLS which should not represent much of an issue. Are there any other concerns or warnings folks want to give me?
We use a private registry which is populated by Jenkins, running on the same host as the server. It works pretty well (especially with the more recent versions of the registry).
We lost the registry at one point as it was initially storing images in a Docker volume and I forgot to turn off a ‘clean up’ job whilst doing an upgrade. We use a volume mount now to avoid such (stupid) mistakes having a real impact.
Looking ahead, I will probably change this for two reasons;
During upgrades, the host suffers from high resource demand processing both Rancher requests and Registry pulls
I really don’t like the idea the host could run out of disk thanks to an errant dev or Jenkins job or simply frequent deployments
Yeah, if this were for work, I would have the budgetary authority to have a few more droplets. The disk space issue is a good one, but monitoring can help keep that under control, at least in my situation. For some reason I thought the load issue would be better if it’s on the same host, but I could be wrong.
What role does Jenkins play in your registry? Does it check pushes to master on some repo, build, and push successful builds to the registry, or something else?
It’s getting easier but truly deleting images from the Docker Registry is still a bit hard.
We’re using Jenkins manually where Rancher and Docker is concerned, for now, but yes it pulls from Git, builds, tags, labels and pushes to the registry. We do this about once a week with 30 odd images. It works well but we do suffer from annoying issues, mostly around disk space on the Jenkins server or connectivity to Maven or Docker Hub. We had to switch from RancherOS to CentOS due to issues reclaiming space when using overlayFS. I’m no expert in that regard so quite possibly something simple.
We’re doing work to, where possible, roll our own instead of use images from Docker Hub and also hopefully implement Nexus as a Docker image cache/mirror where we can. It’ll also do the same for Maven which is a big plus.