Docker registry
-
@mario Oh wow, this is awesome. I had no idea one could run a registry this way. I thought one has to make some use of the docker addon! This way is so much simpler and nicer.
I forked the code to https://git.cloudron.io/cloudron/docker-registry-app/ and gave you permissions. It just worked (tm). Do you think you can put in a LICENSE file and keep developing there? It's a holiday for thanksgiving here, but I will look into this soonish.
-
@mario TIL portus does not implement it's own registry, but simply uses the official one.
Yes, having them separate can have it's benefits. Would need to refresh my knowledge in regards to portus first before I know if I could be of much help.
-
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
-
@fbartels said in Docker registry:
@mario TIL portus does not implement it's own registry, but simply uses the official one.
Yes, having them separate can have it's benefits. Would need to refresh my knowledge in regards to portus first before I know if I could be of much help.
Indeed It basically takes advantage of the official registry support for token-auth, giving you a nice UI, permissions, etc.
When you get a moment to check it out, let's talk!
-
@girish said in Docker registry:
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
The only problem here is that this would not work for me - we basically only have admins on Cloudron itself, and this would limit Registry access to them alone.
Edit: this is because we do auth via Azure AD/SAML for pretty much everything in the company.
-
@mario said in Docker registry:
The only problem here is that this would not work for me
Good point. I forgot to add the
optionalSso
flag to manifest. With that flag, you can install the app without Cloudron Directory integration (like you do with other apps) and then we can have the default admin/admin setup that you have when LDAP is disabled. Would that work? -
-
I am both excited about this and confused about where it is at. My endgame is using GitLab to manage containers, but I need to point it at a registry. Would this ultimately work? And is there a way to have auth go through gitlab for this?
-
I take that back, I did add some package changes. Had no time to test, but things seem to be working ok from the initial glimpse at it:
https://git.cloudron.io/cloudron/docker-registry-app/-/merge_requests/1
Please test and report back @girish and others
-
Might be useful to add auto deletion of old images:
https://github.com/jeffstephens/retention-manager