Skip to content

Docker registry in the Management System

You can use the Docker registry within the Nerve Management System. The benefit of using this functionality is to manage and store images in layered format. This gives you the opportunity to share and re-use the images. Also, you can pull and push layers independently – not the whole image. This functionality allows you to share and reuse images efficiently. This feature enables faster deployment of Docker and Docker Compose workloads, and fully supports Continuous Integration and Deployment (CI/CD).

Note

Your workstation must support Docker. It is recommended to use Docker 20.10.x and beyond. Check your Docker version before you start.
Check, if you have a user account on the Management System with all needed permissions.

The following sections give you an overview of the steps that are needed to work with the Docker registry.

Login to the Docker registry

Use your console to log in to the Docker registry. For Linux environments, you might use a command-line interface like Bash, while for Windows environments, you might use PowerShell or Command Prompt. Additionally, Docker Desktop on Windows supports Docker registries, allowing you to log in, push, and pull images seamlessly.

Use your specific Management System <cloudname>.nerve.cloud and Username/email to log in. Note that the <name> of the Management System in the following steps is a placeholder.

  1. Login to your Management System. docker login <cloudname>.nerve.cloud

  2. Enter Username: and Password: Use your personal credentials to log in to the Management System.

    If the login was successful, a corresponding message is displayed.
    Login Succeeded

Pushing images to Docker registry

Log in to the Docker registry using your specific Management System credentials before you start pushing images (refer to the information above).

Note that the <username> and <cloudname> are placeholders for your specific Management System. Also <name> and <tag> are placeholders for the name and tag of the image you want to push.

To utilize the Management System registry, you can either pull or create an existing image, retag it appropriately, and then push it to the registry.

Here are the steps to pull an image from a registry, retag it on your workstation, and push it to the Management System registry:

  1. Pull the image from the default registry: 
    $ docker pull <name>:<tag>
  2. Retag the image to fit the Management System registry format: 
    $ docker tag <name>:<tag> <cloudname>.nerve.cloud/registry/<name>:<tag>
  3. Verify the image has been retagged properly: 
    ~$ docker image list
REPOSITORY                                  TAG     IMAGE ID        CREATED         SIZE
<name>                                      <tag>   41f21cabaf80    5 days ago      226MB
<cloudname>.nerve.cloud/registry/node   <tag>   41f21cabaf80    5 days ago      226MB
  4. Push the image to the Management System registry: 
    $ docker push <cloudname>.nerve.cloud/registry/<name>:<tag>

Registry menu

Images that are pushed to the Docker registry are listed in the Registry menu, as shown below. Users can view Docker images along with their associated tags and digests.

Registry menu

The following table provides information on the data given in the list and its meaning.

Item Description
Image name (1) Selecting the image name will display the list of the associated tags, if available.
Image tag (2) Tags of the selected image.
Digest (3) The SHA (Secure Hash Algorithm) digest of an image serves as a unique identifier that ensures the image’s integrity. Multiple tags can reference the same SHA digest, meaning different tags can point to the same image.
Each SHA digest is unique within the repository to maintain consistency.
The SHA digest is crucial because it ensures the integrity of workloads, enhances security within the Management System, and protects the workloads from tampering. By using the SHA digest, you can be sure that the image has not been altered and that it matches the expected content.
Consider, the SHA digest will be the same on your workstation as it is on all other PCs for the given image.

Removing images from Docker registry

If you want to delete an image from the Docker registry, follow these steps:

  1. Navigate to the Registry menu.
  2. Select the delete icon delete icon.

Note

If the image is used in a released workload version (refer to Settings for Docker workloads and Settings for Docker Compose workloads), the delete icon delete icon will be grayed out, and you will not be able to delete the image.

Note

The garbage collector cleans up the Docker registry by default each Saturday at 3 a.m. All images that are not referenced by any workload are removed. If there are any changes needed, contact a sales representative or write an issue through the TTTech Industrial support portal.

Cleanup function on the node

You can cleanup a node from unused images by using the cleanup function.

Unused images, are images on the node that are still present on the node after the workload was undeployed and are not used by any other workload. (for more information refer to Workload control).

  1. Navigate to Nodes menu (see Managing nodes in the node tree).

  2. Select the Node in the node tree you want to clean up.

    node tree

  3. Select the clean up icon delete node.
    Unused images on the node are deleted.

DNA hash and Docker registry

When you use workloads in the DNA target configuration that involve a registry, it’s crucial to follow proper tagging practices. Keep in mind that using the :latest tag can lead to significant consequences, such as overwriting existing images, lack of version control, deployment issues, and security risks. When you use the :latest tag for a Docker image, the DNA hash can change for the following reasons:

  • Mutable Tag: The :latest tag is mutable, meaning it can point to different image versions over time. Whenever a new image is pushed with the :latest tag, it replaces the previous image tagged as :latest.

  • Image Updates: If the Docker image is updated (e.g., new features, bug fixes, security patches) and pushed to the Docker registry with the :latest tag, the hash will change to reflect the new image.

  • Rebuilds: Even if the source code hasn't changed, rebuilding the Docker image can result in a different hash due to changes in the build environment, timestamps, or other metadata. Using specific version tags instead of :latest can help ensure consistency and avoid unexpected changes in the image hash.