Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Unsolved Gitlab how to run container registry

    GitLab
    gitlab
    11
    31
    1467
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      parhelium last edited by girish

      Hi,

      I would like to build and store docker images using Gitlab for deploying my projects to gitlab instance managed by cloudron.

      Gitlab Container Registry must be installed and turn on.

      Have anybody did that ?
      https://docs.gitlab.com/ee/administration/container_registry.html

      Thanks in advance

      P 1 Reply Last reply Reply Quote 3
      • P
        pedrofernandez @parhelium last edited by

        @parhelium nope but im interested too, hope someone can help asap! thanks

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          Sorry for the delay, but we are looking into this.

          1 Reply Last reply Reply Quote 4
          • A
            atzen last edited by

            I'm looking forward to it. This would help me a lot

            1 Reply Last reply Reply Quote 0
            • eyecreate
              eyecreate last edited by

              Now with Docker this year mentioning no long term storage of docker images for free accounts, this will be even more valuable to have in gitlab.

              1 Reply Last reply Reply Quote 1
              • robi
                robi last edited by

                Installation

                There is no “installation” to speak of, as it’s integrated into GitLab itself. You rather need to activate it, and it’s easy.

                If you have a GitLab omnibus there is only one line to edit in your gitlab.rb:

                registry_external_url 'https://gitlab.example.com:4443'
                

                Life of Advanced Technology

                1 Reply Last reply Reply Quote 0
                • subven
                  subven last edited by

                  Pushing this because I want to use the registry feature and it shouldn't be that hard to implement it. Has nobody solved this so far?

                  @robi can you further explain how this could be done in the current cloudron gitlab app? AFAIK gitlab.yml is read only and I don't think it's usefull to mess around with the templates.

                  Official documentation: https://docs.gitlab.com/omnibus/settings/configuration.html
                  Registry config at Cloudron template: https://git.cloudron.io/cloudron/gitlab-app/-/blob/master/config_templates/gitlab.yml#L427

                  robi 1 Reply Last reply Reply Quote 0
                  • robi
                    robi @subven last edited by

                    @subven It looks like it's already enabled as a feature, but not configured in the ~/gitlab/config/gitlab.yml

                    You can uncomment the relevant lines and try it.
                    Remember to keep it bound to the container & domain.

                    I'll let @girish chime in if it's been tested.

                    Life of Advanced Technology

                    1 Reply Last reply Reply Quote 1
                    • mehdi
                      mehdi App Dev last edited by

                      It will not work. The gitlab container registry needs another domain (or another port).

                      robi 1 Reply Last reply Reply Quote 0
                      • robi
                        robi @mehdi last edited by

                        @mehdi so it might work as a sub.subdomain in a wildcard DNS config.

                        As for the port, that would be a manual adjustment of nginx and simpler.

                        Life of Advanced Technology

                        1 Reply Last reply Reply Quote 0
                        • subven
                          subven last edited by subven

                          Although using a own subdomain for the registry would be a better approach, it is sufficient to use another port as described here.

                          Guide what has to be edited can be found --> https://dev.to/zaptic/how-to-gitlab-and-docker-registry-2moh

                          Edit: Full package documentation --> https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/administration/packages/container_registry.md

                          1 Reply Last reply Reply Quote 1
                          • girish
                            girish Staff last edited by

                            Trying to understand what kind of deployment people are interested in:

                            • Registry stores the images locally on the server itself. If so, we have to figure out how this will get backed up. Is there an interest in backing these things up or are people OK if these container images are "lost" (maybe since it's only used for building things in CI/CD).

                            • Registry is in another non-cloudron server. My understanding is this deployment is already possible but I have to try.

                            • Some external service is used as registry (for example, DO recently announced it's managed docker registry). Not sure if GitLab supports this.

                            M 1 Reply Last reply Reply Quote 0
                            • M
                              msbt App Dev @girish last edited by

                              The reason for my private docker registry: I want to keep my things on my own infrastructure and not somewhere public on docker hub. That's why I'm currently running my own docker registry from where I push the images to my cloudrons.

                              I migrated most of my custom apps to official cloudron apps (used to do custom WordPress and LAMPs for various reasons and some apps made it to the store), so only a few that aren't released yet (and some probably never will) are left, but those need to be available at all times - did a cloudron version update the other day and realized that the ssl cert of the registry needed a refresh, else the apps couldn't get reconfigured and would be in an erronous state. Would be nice to have a solution on some dev cloudron which handles those images so I don't have to run that single vm with the docker registry.

                              girish 1 Reply Last reply Reply Quote 0
                              • girish
                                girish Staff @msbt last edited by

                                @msbt how do you handle backups for the registry right now?

                                M mehdi 2 Replies Last reply Reply Quote 0
                                • M
                                  msbt App Dev @girish last edited by

                                  I don't, since those images can easily be rebuilt. It's a proxmox host and I've backed up the vm itself, it the server dies at some point, I'll just migrate to a different one.

                                  1 Reply Last reply Reply Quote 1
                                  • mehdi
                                    mehdi App Dev @girish last edited by

                                    @girish The registry container just stores the images on its filesystem, doesn't it?

                                    girish 1 Reply Last reply Reply Quote 0
                                    • girish
                                      girish Staff @mehdi last edited by

                                      @mehdi yes, but it seems one can also configure them to use S3 and the likes. I was just wondering what people usually do.

                                      subven 1 Reply Last reply Reply Quote 0
                                      • subven
                                        subven @girish last edited by

                                        @girish mainly I just want an all-in-one solution that works out of the box. Since registry comes (in most cases) bundled with Gitlab itself, this should be no problem. A crucial thing to look into would be container registry garbage collection since registry data can pile up easily. Basically it would be totally okay if the registry data were saved and backed up on the server itself. For small environments this would be fine and If you run a larger Gitlab instance you should be prepared anyways.

                                        If Gitlab Registry is a seperate service, you could already use Cloudrons ability to configure backup bevavior and storage location. This would be nice for some use cases but not a basic requirement.

                                        PS: For external/cloud storage you could already use MinIO which is available on Cloudron ^^

                                        mario 1 Reply Last reply Reply Quote 0
                                        • mario
                                          mario App Dev @subven last edited by

                                          @subven GitLab registry is basically "just" a configuration to use the registry api through GitLab. It's a regular Docker product - https://docs.docker.com/registry/

                                          1 Reply Last reply Reply Quote 1
                                          • girish
                                            girish Staff last edited by

                                            I went down the container registry rabbit hole. In the end, it seems that it provides gitlab's authentication layer for the docker registry i.e users/groups/projects have same permissions in the registry as of gitlab. It has a limitation that the registry and the gitlab have to be on the same server. There is some strange path sharing requirement that I don't completely understand - https://docs.gitlab.com/ce/administration/packages/container_registry.html#use-file-system

                                            I think an alternate approach is get Harbor working. It looks simple enough to deploy since it's a Go app and also has LDAP. This will then work with GitLab CI/CD (nice article). This won't bring in gitlab's auth into the registry though. Are people looking for something like that? (it seems something for big enterprises).

                                            robi mario 2 Replies Last reply Reply Quote 0
                                            • robi
                                              robi @girish last edited by

                                              @girish I just really need a private registry within cloudron.

                                              Have private code waiting to become a private app and this is a show stopper road block.

                                              Life of Advanced Technology

                                              1 Reply Last reply Reply Quote 1
                                              • mario
                                                mario App Dev @girish last edited by

                                                @girish I definitely have a use case for this despite not being a super-huge enterprise, which is why I'm trying to get it done. And I will - it's just a matter of time 🙂

                                                I'm not against Harbor, etc. but I do need this to work which is why I'm on it 🙂

                                                girish 1 Reply Last reply Reply Quote 1
                                                • girish
                                                  girish Staff @mario last edited by

                                                  @mario You left me a note somewhere on how to use the docker registry app with GitLab but I cannot find it anymore. Where did you put it?

                                                  mario 1 Reply Last reply Reply Quote 0
                                                  • mario
                                                    mario App Dev @girish last edited by

                                                    @girish README inside the repo: https://git.cloudron.io/cloudron/docker-registry-app

                                                    girish 1 Reply Last reply Reply Quote 0
                                                    • girish
                                                      girish Staff @mario last edited by

                                                      @mario 🤦 Sorry I missed the most obvious place, I was looking all over.

                                                      arshsahzad 1 Reply Last reply Reply Quote 0
                                                      • Referenced by  N niels 
                                                      • arshsahzad
                                                        arshsahzad @girish last edited by

                                                        Need Help: Has anyone enabled container registry in the cloudron gitlab, I'm getting error 500 when making changes to the gitlab.yml file.

                                                          registry:
                                                            enabled: true
                                                            host: registry.git.arsh.dev
                                                            port: 5005
                                                            api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
                                                            key: config/registry.key
                                                            path: shared/registry
                                                            issuer: gitlab-issuer
                                                        
                                                        girish 2 Replies Last reply Reply Quote 0
                                                        • girish
                                                          girish Staff @arshsahzad last edited by

                                                          @arshsahzad said in Gitlab how to run container registry:

                                                          I'm getting error 500 when making changes to the gitlab.yml file

                                                          This most likely means there is an error in the yml syntax. What error do you see in the logs ? You will find more logs in /run/gitlab (via web terminal).

                                                          1 Reply Last reply Reply Quote 0
                                                          • girish
                                                            girish Staff @arshsahzad last edited by

                                                            @arshsahzad Have you seen https://docs.cloudron.io/apps/docker-registry/#gitlab-integration already ?

                                                            arshsahzad 2 Replies Last reply Reply Quote 0
                                                            • arshsahzad
                                                              arshsahzad @girish last edited by arshsahzad

                                                              Hi @girish, I have not yet looked into the document, I will let you know...

                                                              1 Reply Last reply Reply Quote 1
                                                              • arshsahzad
                                                                arshsahzad @girish last edited by arshsahzad

                                                                Hi @girish, From the Docs:

                                                                1. Create a volume named registry-shared.
                                                                
                                                                2. Attach volume name registry-shared to both GitLab and Docker Registry apps. Be sure to uncheck the Read Only checkbox.
                                                                
                                                                3. Create folders containers and certs on the host filesystem inside the path that is assigned to the registry-shared volume.
                                                                
                                                                4. Run the following commands inside the certs folder:
                                                                
                                                                openssl req -nodes -newkey rsa:2048 -keyout registry-auth.key -out registry-auth.csr -subj "/CN=gitlab-issuer"
                                                                openssl x509 -in registry-auth.csr -out registry-auth.crt -req -signkey registry-auth.key -days 365000
                                                                chmod 777 registry-auth.key registry-auth.crt registry-auth.csr
                                                                
                                                                5. Modify the permissions from root to cloudron inside the Docker Registry app for the created folders and files.
                                                                
                                                                chown -R cloudron:cloudron /media/registry-shared/
                                                                
                                                                6. Modify /app/data/config.yml of the Docker Registry app using the File manager by altering or adding the auth part to resemble the following:
                                                                
                                                                auth:
                                                                  token:
                                                                    realm: https://<GITLAB_HOST>/jwt/auth
                                                                    service: container_registry
                                                                    issuer: gitlab-issuer
                                                                    rootcertbundle: /media/registry-shared/certs/registry-auth.crt
                                                                Change the 'rootdirectory' value inside the same config file to:
                                                                
                                                                
                                                                /media/registry-shared/containers
                                                                Save the file and restart the app.
                                                                
                                                                7. Modify /app/data/gitlab.yml of the GitLab app by adding the following lines (some of them might already be there, so skip them):
                                                                
                                                                production:
                                                                  <<: *base
                                                                
                                                                  registry:
                                                                    enabled: true
                                                                    host: <DOCKER_REGISTRY_HOST>
                                                                    port: 443
                                                                    api_url: https://<DOCKER_REGISTRY_HOST>
                                                                    key: /media/registry-shared/certs/registry-auth.key
                                                                    path: /media/registry-shared/containers
                                                                    issuer: gitlab-issuer
                                                                
                                                                1. I have created the directory in the host machine
                                                                /opt/registry-shared
                                                                
                                                                1. Created two other folders (containers & certs) in the registry-shared directory

                                                                2. Generated keys in certs folders using the following cmd

                                                                arshsahzad 1 Reply Last reply Reply Quote 0
                                                                • arshsahzad
                                                                  arshsahzad @arshsahzad last edited by

                                                                  @arshsahzad said in Gitlab how to run container registry:

                                                                  1. Attach volume name registry-shared to both GitLab and Docker Registry apps. Be sure to uncheck the Read Only checkbox.

                                                                  I'm not able to figure out, how to attach the bind mount to the running gitlab container and how to uncheck read only checkbox

                                                                  /opt/registry-shared
                                                                  
                                                                  1 Reply Last reply Reply Quote 0
                                                                  • First post
                                                                    Last post
                                                                  Powered by NodeBB