Docker Registry
Watchgrid includes a built-in private Docker registry for storing and distributing container images across your fleet.
Overview
The registry runs as a registry:2 container alongside the Watchgrid server. It's accessible:
- From the server host:
localhost:5000 - From any VPN-connected device:
registry.wg:5000(via Magic DNS)
Pushing Images
Tag your images with the registry address and push:
# Build your image
docker build -t myapp:latest .
# Tag for the Watchgrid registry
docker tag myapp:latest registry.wg:5000/myapp:latest
# Push
docker push registry.wg:5000/myapp:latest
Before a device has joined the VPN, use localhost:5000 instead of registry.wg:5000.
Pulling Images
From any device on the VPN:
K3s devices pull from the registry automatically when image names start with registry.wg:5000/.
Web UI
The registry is browsable through the Watchgrid dashboard:
- Go to System → Registry
- The page shows:
- Registry status — online/offline indicator
- Total image count
- Image list — repository names, tags, and sizes
- Actions per image:
- Copy the pull command
- Delete a specific tag
- Click Push Instructions for a quick reference on how to tag and push
Tenant Filtering
Toggle Show all tenants to see images from all tenants, or filter to only the current tenant's images (images prefixed with the tenant ID).
Authentication
Registry authentication is optional. When enabled:
| Variable | Description |
|---|---|
REGISTRY_USERNAME |
Registry login username |
REGISTRY_PASSWORD |
Registry login password |
Set these environment variables in your docker-compose.yml to require authentication for push/pull operations.
Garbage Collection
The registry doesn't automatically clean up deleted image layers. To reclaim disk space:
Run this periodically or after deleting many images.