I do not have production experience with docker and have several questions regarding a local registry:
A dockerfile is the description (=recipe) of how an image is built(=cooked, e.g. FROM alpine:3.5)
If the image on my Docker Host isn't present, it is pulled from a docker registry. As far as I know is Dockerhub regarding the "offical" images of the distributions "safe":
-
say, I can pull safely the alpine image and indeed get the official image? Or put in another way:
-
As long, as my images are only based on the "official" images, I do not need a local registry?
Additionally:
-
What is the advantage of having a (local) registry with ready images in a deployment scenario over building the image on the host off the baseimage (e.g. alpine) and create a new one on the host with few additional git checkouts of code to deploy? or
-
When does it make sense to pull full images from a (local) registry instead of building on the host? And then: why not using dockerhub private repositories for that?
Is a local registry only a thing of reliability/fallback or is there a gain of "trust" too?
Edit:
Perhaps a split answer makes sense regarding "small setups" (few images in parallel on a single host, "releases" once a week) vs "cloud scale" ( many images in parallel, many hosts, several releases a day) where the reasons are more obvious.
Best Answer
A Docker image is identified by:
When you get an official image from Docker Hub, the owner is not required.
Example:
So,
I can pull safely the alpine image and indeed get the official image?
When you pull from the Docker Hub (Official Repository) you will get the official Alpine image.
My images are only based on the "official" images, I do not need a local registry?
Images are just layers. If all your images are based on official public images you will not need use a repository (Docker Hub or on-premise). But, a good practice is create a base image. This image is created from a Official Image plus your enterprise customizations.
Example:
In this particular case, if you want to keep your image private and on-premise. You can use a internal registry. If you want to keep your image private, but on the cloud, Docker Hub private is also an option.
What is the advantage of having a (local) registry with ready images in a deployment scenario over building the image on the host off the baseimage (e.g. alpine) and create a new one on the host with few additional git checkouts of code to deploy?
When a application is ready for deployment, you create a package with all dependencies. You build the application before releasing. Is the same principle. It is better to have a static image prepared to production. It deploys faster and has less chance to download an incompatible dependency version or have a network failure.
When does it make sense to pull full images from a (local) registry instead of building on the host? And then: why not using dockerhub private repositories for that?
The chose between cloud or on-premise repository evolves aspects like: security, performance, reliability, costs, network availability, etc. Each scenario has its own particularities. Usually use DockerHub private is OK for majority of scenarios.
For instance:
Is good to thing about the Container Workflow:
Layer one:
Layer two:
Deployment: