If you have been following along, you know that I started a series of posts aimed at identifying IPv6 support for the various Docker components/services.
The first blog post was focused on Docker Engine, which has pretty reasonable support for basic IPv6.
The second blog post was focused on Docker Hub, which has zero IPv6 support. This is due to it being hosted on AWS and no IPv6-enabled front-end is deployed.
This blog post will focus on Docker Registry.
As I stated in the past two blog entries, I am not here to teach you Docker (what it is, how to deploy it, etc..). I am simply showing basic functionality of various Docker components/services when used with IPv6.
For information on setting up your own Docker Registry, check out:
I am using Docker version 1.8.3, Docker Compose version 1.4.2 and Docker Registry version 2.
I am using the same Ubuntu 14.04.3 hosts that I have used in the last two blog posts.
My setup uses two hosts with the following configuration:
- Role: Docker Registry
- IPv6 Address: fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848/64
- Role: Docker Host/Client
- IPv6 Address: fd15:4ba5:5a2b:1009:20c:29ff:febb:cbf8/64
My Docker Registry (running on ‘docker-v6-1’) uses self-signed cert and is started using either the ‘docker run’ syntax or Docker Compose. I show both examples below:
docker run -d -p 5000:5000 --restart=always --name registry \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2
Use Docker Compose to run Docker Registry
I am using a file named “docker-compose.yml” to launch my registry.
registry: restart: always image: registry:2 ports: - 5000:5000 environment: REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt REGISTRY_HTTP_TLS_KEY: /certs/domain.key volumes: - /certs:/certs
Run Docker Compose:
docker-compose up -d
On the Docker host/client (“docker-v6-2”), verify that the Docker Registry host (“docker-v6-1”) can be reached over IPv6:
root@docker-v6-2:~# ping6 -n docker-v6-1.example.com PING docker-v6-1.example.com(fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848) 56 data bytes 64 bytes from fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848: icmp_seq=1 ttl=64 time=0.402 ms 64 bytes from fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848: icmp_seq=2 ttl=64 time=0.367 ms
Docker Registry Push/Pull Verification
Now that connectivity to the Docker Registry host is working, tag a local Docker image and then push it (over IPv6) to the Docker Registry:
root@docker-v6-2:~# docker tag ubuntu docker-v6-1.example.com:5000/ubuntu root@docker-v6-2:~# docker push docker-v6-1.example.com:5000/ubuntu The push refers to a repository [docker-v6-1.example.com:5000/ubuntu] (len: 1) a005e6b7dd01: Image successfully pushed 002fa881df8a: Image successfully pushed 66395c31eb82: Image successfully pushed 0105f98ced6d: Image successfully pushed latest: digest: sha256:167f1c34ead8f1779db7827a55de0d517b7f0e015d8f08cf032c7e5cd6979a84 size: 6800
A tcpdump on the Docker Registry shows traffic between docker-v6-1 and docker-v6-2 for the ‘push’ using the previously defined port 5000:
root@docker-v6-1:~# tcpdump -n -vvv ip6 -i eth0 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 19:36:09.283820 IP6 (hlim 64, next-header TCP (6) payload length: 40) fd15:4ba5:5a2b:1009:20c:29ff:febb:cbf8.56066 > fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848.5000: Flags [S], cksum 0x65b1 (correct), seq 2754754540, win 28800, options [mss 1440,sackOK,TS val 645579 ecr 0,nop,wscale 7], length 0 19:36:09.283930 IP6 (hlim 64, next-header TCP (6) payload length: 40) fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848.5000 > fd15:4ba5:5a2b:1009:6540:bb36:2e23:f5a2.56066: Flags [S.], cksum 0xcd92 (incorrect -> 0x50bd), seq 1577491031, ack 2754754541, win 28560, options [mss 1440,sackOK,TS val 859496 ecr 645579,nop,wscale 7], length 0