How to authenticate in gitlab pipline?
-
Hey,
I've set up the registry and the gitlab connection as described in the documentation.
How do I now set up my pipline to be able to push to the registry?
Do I need to login first using docker login? What credentials do I need to use there? -
@klawitterb What I'm doing, on a non-cloudron setup, is that I created a service user allowed only on the registry, added its credentials to the secret CI variables on the gitlab project configuration, then in the
.gitlab-ci.yml
I do :docker login -u $CI_USER -p $CI_USER_PASSWORD my.registry.url.com
-
Out of curiosity, why don’t we try the omnibus image on cloudron? Is it a lack of visibility or control into stuff like LDAP or something? Or just complexity of packaging
-
Using pipeline variables to login to docker.io is working without problems for me. But I can't get the authentication to the cloudron registry to work.
I've set up the auth part as described in the documentation using tokens. Do I now need to acquire a token first before I can login?
Also tried changing the auth to htpasswd on the docker registry without success. It still wont let me in, rejecting the request with a 403. -
- which documentation are you talking about ?
- have you tried logging in from your local machine ? Does that work ?
-
@mehdi I'm referring to the documentation on the cloudron docs: https://docs.cloudron.io/apps/docker-registry/
I'm not even seeing log entries when trying to connect. Shouldn't it at least tell me about the failed login?
-
Stupid me, just read the docs again that I only need to set this up for gitlab integration. Removed the auth config and was now able to successfully login using cloudron credentials.
-
Weird... it just keeps timing out for me when I try a docker push
-
Nevermind... got it working just fine.
-
@atrilahiji Write up a post on it and we can get it into the docs I bet!
-
If I understand it correctly the gitlab integration makes gitlab the authority for docker registry submitting jwt tokens for authentication. To create these tokens you either make a access token deploy token or a personal token (especially if you are using 2fa) and one should be able to authenticate to the registry, correct?
I've tried all sorts of tokens and changing the docker-client in authproxy and nginxconfig without success.
Has anyone manged to get this working? ><