Docker registry
-
@mario This looks good ! Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
We would just have to slap a basic web interface on that and it would be perfect
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
-
@mario TIL portus does not implement it's own registry, but simply uses the official one.
Yes, having them separate can have it's benefits. Would need to refresh my knowledge in regards to portus first before I know if I could be of much help.
@fbartels said in Docker registry:
@mario TIL portus does not implement it's own registry, but simply uses the official one.
Yes, having them separate can have it's benefits. Would need to refresh my knowledge in regards to portus first before I know if I could be of much help.
Indeed
It basically takes advantage of the official registry support for token-auth, giving you a nice UI, permissions, etc.When you get a moment to check it out, let's talk!
-
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
@girish said in Docker registry:
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
The only problem here is that this would not work for me - we basically only have admins on Cloudron itself, and this would limit Registry access to them alone.
Edit: this is because we do auth via Azure AD/SAML for pretty much everything in the company.
-
@girish said in Docker registry:
@mehdi said in Docker registry:
Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !
I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec
The only problem here is that this would not work for me - we basically only have admins on Cloudron itself, and this would limit Registry access to them alone.
Edit: this is because we do auth via Azure AD/SAML for pretty much everything in the company.
@mario said in Docker registry:
The only problem here is that this would not work for me
Good point. I forgot to add the
optionalSsoflag to manifest. With that flag, you can install the app without Cloudron Directory integration (like you do with other apps) and then we can have the default admin/admin setup that you have when LDAP is disabled. Would that work? -
@mario said in Docker registry:
The only problem here is that this would not work for me
Good point. I forgot to add the
optionalSsoflag to manifest. With that flag, you can install the app without Cloudron Directory integration (like you do with other apps) and then we can have the default admin/admin setup that you have when LDAP is disabled. Would that work? -
@mario Ha ha, possibly. I only hacked it up quickly and checked if proxyAuth code in 6.0 will work before I make the release.
-
-
I am both excited about this and confused about where it is at. My endgame is using GitLab to manage containers, but I need to point it at a registry. Would this ultimately work? And is there a way to have auth go through gitlab for this?
-
I am both excited about this and confused about where it is at. My endgame is using GitLab to manage containers, but I need to point it at a registry. Would this ultimately work? And is there a way to have auth go through gitlab for this?
-
@atrilahiji it's currently working as a stand-alone registry via basic auth powered by htpasswd file. It'll also support Cloudron SSO shortly, after that I'll work on making it work with GitLab.
-
-
@mario Fantastic news. So, all we need is docs to make it work with GitLab registry or does it need any packages changes to gitlab app or docker registry app ?
-
I take that back, I did add some package changes. Had no time to test, but things seem to be working ok from the initial glimpse at it:
https://git.cloudron.io/cloudron/docker-registry-app/-/merge_requests/1
Please test and report back @girish and others
-
Might be useful to add auto deletion of old images:
https://github.com/jeffstephens/retention-manager -
Might be useful to add auto deletion of old images:
https://github.com/jeffstephens/retention-manager -
@mario Just looking into this now.
Wondering, what is the best way forward. The app has no UI, but can have a login screen (via proxyAuth). So, when they login, they see a blank screen. Not ideal. Does it make sense to bundle any of the docker uis like https://github.com/Joxit/docker-registry-ui/ ? Seems quite easy to do. I can look into it.
So let's make sure we fix that too.