Docker registry
-
@mario This looks good ! Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
We would just have to slap a basic web interface on that and it would be perfect
-
fbartels App Devreplied to mario on Nov 26, 2020, 7:53 PM last edited by fbartels Nov 26, 2020, 7:55 PM
@mario would you mind me making an attempt of adding https://github.com/Joxit/docker-registry-ui/ to your app? Or would you rather do it yourself, or choose a different ui?
Another solution could be the reg cli utility. A simple docker binary that can also expose a ui.
@robi after you installed to Cloudron cli (should be on a Linux machine with docker installed) you just need to run
cloudron build && cloudron install
and then follow the prompts. -
mario App Devreplied to fbartels on Nov 26, 2020, 9:01 PM last edited by mario Nov 26, 2020, 9:08 PM
@fbartels honestly, I'd prefer UI as a separate app and would attempt Portus - possibly together with you. What are your thoughts?
An alternative would indeed be, if people prefer, to have Registry + UI together -> but in any case I'd strongly prefer Portus to anything else.
-
@mario Oh wow, this is awesome. I had no idea one could run a registry this way. I thought one has to make some use of the docker addon! This way is so much simpler and nicer.
I forked the code to https://git.cloudron.io/cloudron/docker-registry-app/ and gave you permissions. It just worked (tm). Do you think you can put in a LICENSE file and keep developing there? It's a holiday for thanksgiving here, but I will look into this soonish.
-
@mario TIL portus does not implement it's own registry, but simply uses the official one.
Yes, having them separate can have it's benefits. Would need to refresh my knowledge in regards to portus first before I know if I could be of much help.
-
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
-
@fbartels said in Docker registry:
@mario TIL portus does not implement it's own registry, but simply uses the official one.
Yes, having them separate can have it's benefits. Would need to refresh my knowledge in regards to portus first before I know if I could be of much help.
Indeed It basically takes advantage of the official registry support for token-auth, giving you a nice UI, permissions, etc.
When you get a moment to check it out, let's talk!
-
@girish said in Docker registry:
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
The only problem here is that this would not work for me - we basically only have admins on Cloudron itself, and this would limit Registry access to them alone.
Edit: this is because we do auth via Azure AD/SAML for pretty much everything in the company.
-
@mario said in Docker registry:
The only problem here is that this would not work for me
Good point. I forgot to add the
optionalSso
flag to manifest. With that flag, you can install the app without Cloudron Directory integration (like you do with other apps) and then we can have the default admin/admin setup that you have when LDAP is disabled. Would that work? -
@girish great ! I was 90% sure it would work, I'm glad I got it right
About interfaces, Portus indeed looks really great. However, I really don't see how it would work as a separate app. I really think it makes sense to bundle them together.
-
-
I am both excited about this and confused about where it is at. My endgame is using GitLab to manage containers, but I need to point it at a registry. Would this ultimately work? And is there a way to have auth go through gitlab for this?
20/65