Run Docker on a GCE Container Optimized VM

These instructions will walk you step-by-step through:

Creating a bucket on Google Cloud Storage to hold your docker images
Provisioning a Container-Optimized VM on Google Compute Engine to run both the Docker daemon and a Docker registry
Configuring the Docker daemon to allow for remote HTTP invocations
Instructing the Docker daemon to launch a Docker registry container configured to use GCS to store images

Prerequisites:

A Google Cloud Platform project with the following APIs enabled (use the Developers Console to manage your projects):
- Google Cloud Storage
- Google Compute Engine
- (To enable these APIs, navigate in the Developers Console to: Projects->{your-project-name}->APIs & auth->APIs. If any of the required APIs are missing from the Enabled APIs list find them in the Browse APIs panel and enable them.)
The gcloud tool installed on your local workstation

Set some environment variables to save us some typing:

# Replace both of these values with values that make sense for your use case.
# The project must already exist, and the instance must not. The instance
# will be created in a subsequent step.
# Note: This is the GCP Project ID, not the Project Name.
export GCP_PROJECT_ID=your-project-id
export GCE_INSTANCE_NAME=my-docker-instance

Create GCS bucket for use by docker registry (the bucket name you select must be globally unique):

gsutil mb -p $GCP_PROJECT_ID gs://my-unique-docker-registry-bucket

Create GCE instance for docker daemon and docker registry:

gcloud compute instances create \
    --project $GCP_PROJECT_ID \
    --zone us-central1-a \
    --machine-type n1-standard-1 \
    --boot-disk-size 500GB \
    --image container-vm \
    --scopes=storage-rw \
    $GCE_INSTANCE_NAME

SSH into newly-created GCE instance:

gcloud compute ssh \
    --project $GCP_PROJECT_ID \
    --zone us-central1-a \
    $GCE_INSTANCE_NAME

Edit docker configuration to allow us to use the Docker Remote API:

sudo vi /etc/default/docker

Note: Make sure you thoroughly understand the implications of the following change before you make it. Using 0.0.0.0:7104 effectively allows any ip on the same network to connect to port 7104 and issue Docker commands. Read more here about binding Docker to particular host/port combinations.

Replace the existing DOCKER_OPTS line with a line similar to the following (taking into account the security requirements of your particular situation):

DOCKER_OPTS="-H tcp://0.0.0.0:7104 -H unix:///var/run/docker.sock -r=false"

Restart docker daemon (to reflect the configuration change we just made):

sudo service docker restart

Verify docker daemon is running and reachable via port 7104:

curl localhost:7104/images/json

Retrieve and run google/docker-registry (Docker registry with Google Cloud Storage driver):

sudo docker run -d \
    -e GCS_BUCKET=my-unique-docker-registry-bucket \
    -p 5000:5000 \
    google/docker-registry

Verify docker registry is running and reachable via port 5000:

curl localhost:5000

Exit back out to local workstation:

(If you are working through each of the wiki pages one after the next, no need to exit out here.)

exit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly