Article Image

Docker Swarm Registry and Auto Garbage Collection on NFS

Blog Logo
on
read

After moving Traefik to v2, I also updated the common registry infrastructure. Namely, this stack has a UI infront of the registry, hosts the registry volume on an NFS store, and has an auto-garbage-collection image that runs once every 24 hours (With nothing fancier than some swarm config!)

Docker Swarm Stack

Please note that there are several variables in the below config I use to abstract secrets/hosts/etc. You'll need to fill in these before they can work.

Also note that you can replace the NFS volume with a normal volume, but if you do, make sure to pin the two containers that use the volume to the node that contains the volume.

version: "3.3"
services:
  # This registry is ONLY on the local net
  # and will be fronted by the registryui
  registry:
    image: registry:2
    environment:
      REGISTRY_HTTP_SECRET: some-secret-to-be-used-here
    volumes:
      - registry-data:/var/lib/registry
    environment:
      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
    deploy:
      replicas: 1
      restart_policy: { condition: on-failure }
      resources:
        limits: { cpus: '0.2', memory: '48M' }
        reservations: { cpus: '0.05', memory: '32M' }

  registry-cleanup:
    image: registry:2
    command: garbage-collect /etc/docker/registry/config.yml
    volumes:
      - registry-data:/var/lib/registry
    deploy:
      replicas: 1
      restart_policy:
        delay: 24h
      resources:
        limits: { cpus: '0.1', memory: '32M' }
        reservations: { cpus: '0.025', memory: '16M' }

  registryui:
    image: joxit/docker-registry-ui:static
    networks:
      - default
      - traefik-net
    environment:
      REGISTRY_TITLE: 'Registry'
      DELETE_IMAGES: 'true'
      REGISTRY_URL: http://registry:5000
    depends_on:
      - registry
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik-net"
        - "traefik.http.routers.registry.rule=Host(`registry.${HOST}`)"
        - "traefik.http.services.registry.loadbalancer.server.port=80"
        - "traefik.http.routers.registry.entrypoints=websecure"
        - "traefik.http.routers.registry.middlewares=registry-auth"
        - "traefik.http.middlewares.registry-auth.basicauth.users=${GLOBAL_HTPASSWD}"
      resources:
        limits: { cpus: '0.2', memory: '32M' }
        reservations: { cpus: '0.05', memory: '16M' }

networks:
  traefik-net:
    external:
      name: 'traefik-net'

volumes:
  registry-data:
    driver_opts:
      type: "nfs"
      o: "addr=${NFS},nolock,soft,rw"
      device: "${NFS_BASE}/registry"
Written by
Blog Logo

Christopher LaPointe

Published

Supported by

Interested in Related Posts from this Site?

Virtual PDF Network Printer

May 04, 2023: For my [paperless-ngx](https://github.com/paperless-ngx/paperless-ngx) install, I wanted to be able to easily "print" to it from...

Set up your own mailserver with Maddy

February 10, 2022: About a year ago I wanted to expand beyond namecheap's simple "email forwarding" service and...

Extracting a Certificate from Traefik/acme.json

February 04, 2022: It's a fairly common need to extract a certificate and key from traefik to use...

Docker Samba / CIFS Volume (Photoview)

July 12, 2021: Recently I had a need to mount a CIFS volume as a docker volume: The...

Self-Hosted Analytics: Docker & Privacy-First

July 02, 2021: I have a lot of little sites. Probably too many. Includes various personal sites, sites...

Image

Chris LaPointe

Another site of Code

Back to Overview