Ports for the Docker registry service registry are declared with ports, which exposes them to the host [1]. This is obviously a security issue and should not be recommended anywhere at all. More so, to not let users carelessly export unauthenticated HTTP registries, I believe recommending running two registries - one properly secured for general usage, and one unsecured as service exclusive to bag-db. Only the general registry must be "writable" (as I understand, nothing in bag-database will ever try to submit new images?) as otherwise write conflicts are not guaranteed to be avoided.
The registry service is not part of the bagdb network. This is incompatible with the usage of registry:5000 later in the same documentation, as the registry host name is not published in any other fashion (and no other container is part of the default network).
The following refers to the documentation "Installation - Docker - With a Private Registry" (available at https://github.com/swri-robotics/bag-database/blob/master/docs/installation/docker/with-a-private-registry.md, and https://swri-robotics.github.io/bag-database/installation/docker/with-a-private-registry).
registryare declared withports, which exposes them to the host [1]. This is obviously a security issue and should not be recommended anywhere at all. More so, to not let users carelessly export unauthenticated HTTP registries, I believe recommending running two registries - one properly secured for general usage, and one unsecured as service exclusive tobag-db. Only the general registry must be "writable" (as I understand, nothing in bag-database will ever try to submit new images?) as otherwise write conflicts are not guaranteed to be avoided.registryservice is not part of thebagdbnetwork. This is incompatible with the usage ofregistry:5000later in the same documentation, as theregistryhost name is not published in any other fashion (and no other container is part of the default network).[1] https://docs.docker.com/compose/compose-file/compose-file-v3/#ports