-
Trying to understand what kind of deployment people are interested in:
-
Registry stores the images locally on the server itself. If so, we have to figure out how this will get backed up. Is there an interest in backing these things up or are people OK if these container images are "lost" (maybe since it's only used for building things in CI/CD).
-
Registry is in another non-cloudron server. My understanding is this deployment is already possible but I have to try.
-
Some external service is used as registry (for example, DO recently announced it's managed docker registry). Not sure if GitLab supports this.
The reason for my private docker registry: I want to keep my things on my own infrastructure and not somewhere public on docker hub. That's why I'm currently running my own docker registry from where I push the images to my cloudrons.
I migrated most of my custom apps to official cloudron apps (used to do custom WordPress and LAMPs for various reasons and some apps made it to the store), so only a few that aren't released yet (and some probably never will) are left, but those need to be available at all times - did a cloudron version update the other day and realized that the ssl cert of the registry needed a refresh, else the apps couldn't get reconfigured and would be in an erronous state. Would be nice to have a solution on some dev cloudron which handles those images so I don't have to run that single vm with the docker registry.
-
-
The reason for my private docker registry: I want to keep my things on my own infrastructure and not somewhere public on docker hub. That's why I'm currently running my own docker registry from where I push the images to my cloudrons.
I migrated most of my custom apps to official cloudron apps (used to do custom WordPress and LAMPs for various reasons and some apps made it to the store), so only a few that aren't released yet (and some probably never will) are left, but those need to be available at all times - did a cloudron version update the other day and realized that the ssl cert of the registry needed a refresh, else the apps couldn't get reconfigured and would be in an erronous state. Would be nice to have a solution on some dev cloudron which handles those images so I don't have to run that single vm with the docker registry.
-
@mehdi yes, but it seems one can also configure them to use S3 and the likes. I was just wondering what people usually do.
@girish mainly I just want an all-in-one solution that works out of the box. Since registry comes (in most cases) bundled with Gitlab itself, this should be no problem. A crucial thing to look into would be container registry garbage collection since registry data can pile up easily. Basically it would be totally okay if the registry data were saved and backed up on the server itself. For small environments this would be fine and If you run a larger Gitlab instance you should be prepared anyways.
If Gitlab Registry is a seperate service, you could already use Cloudrons ability to configure backup bevavior and storage location. This would be nice for some use cases but not a basic requirement.
PS: For external/cloud storage you could already use MinIO which is available on Cloudron ^^
-
@girish mainly I just want an all-in-one solution that works out of the box. Since registry comes (in most cases) bundled with Gitlab itself, this should be no problem. A crucial thing to look into would be container registry garbage collection since registry data can pile up easily. Basically it would be totally okay if the registry data were saved and backed up on the server itself. For small environments this would be fine and If you run a larger Gitlab instance you should be prepared anyways.
If Gitlab Registry is a seperate service, you could already use Cloudrons ability to configure backup bevavior and storage location. This would be nice for some use cases but not a basic requirement.
PS: For external/cloud storage you could already use MinIO which is available on Cloudron ^^
-
I went down the container registry rabbit hole. In the end, it seems that it provides gitlab's authentication layer for the docker registry i.e users/groups/projects have same permissions in the registry as of gitlab. It has a limitation that the registry and the gitlab have to be on the same server. There is some strange path sharing requirement that I don't completely understand - https://docs.gitlab.com/ce/administration/packages/container_registry.html#use-file-system
I think an alternate approach is get Harbor working. It looks simple enough to deploy since it's a Go app and also has LDAP. This will then work with GitLab CI/CD (nice article). This won't bring in gitlab's auth into the registry though. Are people looking for something like that? (it seems something for big enterprises).
-
I went down the container registry rabbit hole. In the end, it seems that it provides gitlab's authentication layer for the docker registry i.e users/groups/projects have same permissions in the registry as of gitlab. It has a limitation that the registry and the gitlab have to be on the same server. There is some strange path sharing requirement that I don't completely understand - https://docs.gitlab.com/ce/administration/packages/container_registry.html#use-file-system
I think an alternate approach is get Harbor working. It looks simple enough to deploy since it's a Go app and also has LDAP. This will then work with GitLab CI/CD (nice article). This won't bring in gitlab's auth into the registry though. Are people looking for something like that? (it seems something for big enterprises).
-
I went down the container registry rabbit hole. In the end, it seems that it provides gitlab's authentication layer for the docker registry i.e users/groups/projects have same permissions in the registry as of gitlab. It has a limitation that the registry and the gitlab have to be on the same server. There is some strange path sharing requirement that I don't completely understand - https://docs.gitlab.com/ce/administration/packages/container_registry.html#use-file-system
I think an alternate approach is get Harbor working. It looks simple enough to deploy since it's a Go app and also has LDAP. This will then work with GitLab CI/CD (nice article). This won't bring in gitlab's auth into the registry though. Are people looking for something like that? (it seems something for big enterprises).
@girish I definitely have a use case for this despite not being a super-huge enterprise, which is why I'm trying to get it done. And I will - it's just a matter of time
I'm not against Harbor, etc. but I do need this to work which is why I'm on it
-
@girish I definitely have a use case for this despite not being a super-huge enterprise, which is why I'm trying to get it done. And I will - it's just a matter of time
I'm not against Harbor, etc. but I do need this to work which is why I'm on it
-
@mario You left me a note somewhere on how to use the docker registry app with GitLab but I cannot find it anymore. Where did you put it?
-
@girish README inside the repo: https://git.cloudron.io/cloudron/docker-registry-app
-
N niels referenced this topic on
-
Need Help: Has anyone enabled container registry in the cloudron gitlab, I'm getting error 500 when making changes to the gitlab.yml file.
registry: enabled: true host: registry.git.arsh.dev port: 5005 api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API key: config/registry.key path: shared/registry issuer: gitlab-issuer -
Need Help: Has anyone enabled container registry in the cloudron gitlab, I'm getting error 500 when making changes to the gitlab.yml file.
registry: enabled: true host: registry.git.arsh.dev port: 5005 api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API key: config/registry.key path: shared/registry issuer: gitlab-issuer@arshsahzad said in Gitlab how to run container registry:
I'm getting error 500 when making changes to the gitlab.yml file
This most likely means there is an error in the yml syntax. What error do you see in the logs ? You will find more logs in /run/gitlab (via web terminal).
-
Need Help: Has anyone enabled container registry in the cloudron gitlab, I'm getting error 500 when making changes to the gitlab.yml file.
registry: enabled: true host: registry.git.arsh.dev port: 5005 api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API key: config/registry.key path: shared/registry issuer: gitlab-issuer@arshsahzad Have you seen https://docs.cloudron.io/apps/docker-registry/#gitlab-integration already ?
-
@arshsahzad Have you seen https://docs.cloudron.io/apps/docker-registry/#gitlab-integration already ?
Hi @girish, I have not yet looked into the document, I will let you know...
-
@arshsahzad Have you seen https://docs.cloudron.io/apps/docker-registry/#gitlab-integration already ?
Hi @girish, From the Docs:
1. Create a volume named registry-shared. 2. Attach volume name registry-shared to both GitLab and Docker Registry apps. Be sure to uncheck the Read Only checkbox. 3. Create folders containers and certs on the host filesystem inside the path that is assigned to the registry-shared volume. 4. Run the following commands inside the certs folder: openssl req -nodes -newkey rsa:2048 -keyout registry-auth.key -out registry-auth.csr -subj "/CN=gitlab-issuer" openssl x509 -in registry-auth.csr -out registry-auth.crt -req -signkey registry-auth.key -days 365000 chmod 777 registry-auth.key registry-auth.crt registry-auth.csr 5. Modify the permissions from root to cloudron inside the Docker Registry app for the created folders and files. chown -R cloudron:cloudron /media/registry-shared/ 6. Modify /app/data/config.yml of the Docker Registry app using the File manager by altering or adding the auth part to resemble the following: auth: token: realm: https://<GITLAB_HOST>/jwt/auth service: container_registry issuer: gitlab-issuer rootcertbundle: /media/registry-shared/certs/registry-auth.crt Change the 'rootdirectory' value inside the same config file to: /media/registry-shared/containers Save the file and restart the app. 7. Modify /app/data/gitlab.yml of the GitLab app by adding the following lines (some of them might already be there, so skip them): production: <<: *base registry: enabled: true host: <DOCKER_REGISTRY_HOST> port: 443 api_url: https://<DOCKER_REGISTRY_HOST> key: /media/registry-shared/certs/registry-auth.key path: /media/registry-shared/containers issuer: gitlab-issuer- I have created the directory in the host machine
/opt/registry-shared-
Created two other folders (containers & certs) in the registry-shared directory
-
Generated keys in certs folders using the following cmd
-
Hi @girish, From the Docs:
1. Create a volume named registry-shared. 2. Attach volume name registry-shared to both GitLab and Docker Registry apps. Be sure to uncheck the Read Only checkbox. 3. Create folders containers and certs on the host filesystem inside the path that is assigned to the registry-shared volume. 4. Run the following commands inside the certs folder: openssl req -nodes -newkey rsa:2048 -keyout registry-auth.key -out registry-auth.csr -subj "/CN=gitlab-issuer" openssl x509 -in registry-auth.csr -out registry-auth.crt -req -signkey registry-auth.key -days 365000 chmod 777 registry-auth.key registry-auth.crt registry-auth.csr 5. Modify the permissions from root to cloudron inside the Docker Registry app for the created folders and files. chown -R cloudron:cloudron /media/registry-shared/ 6. Modify /app/data/config.yml of the Docker Registry app using the File manager by altering or adding the auth part to resemble the following: auth: token: realm: https://<GITLAB_HOST>/jwt/auth service: container_registry issuer: gitlab-issuer rootcertbundle: /media/registry-shared/certs/registry-auth.crt Change the 'rootdirectory' value inside the same config file to: /media/registry-shared/containers Save the file and restart the app. 7. Modify /app/data/gitlab.yml of the GitLab app by adding the following lines (some of them might already be there, so skip them): production: <<: *base registry: enabled: true host: <DOCKER_REGISTRY_HOST> port: 443 api_url: https://<DOCKER_REGISTRY_HOST> key: /media/registry-shared/certs/registry-auth.key path: /media/registry-shared/containers issuer: gitlab-issuer- I have created the directory in the host machine
/opt/registry-shared-
Created two other folders (containers & certs) in the registry-shared directory
-
Generated keys in certs folders using the following cmd
@arshsahzad said in Gitlab how to run container registry:
- Attach volume name registry-shared to both GitLab and Docker Registry apps. Be sure to uncheck the Read Only checkbox.
I'm not able to figure out, how to attach the bind mount to the running gitlab container and how to uncheck read only checkbox
/opt/registry-shared
Sorry I missed the most obvious place, I was looking all over.