How to authenticate in gitlab pipline?

klawitterb

Hey,
I've set up the registry and the gitlab connection as described in the documentation.
How do I now set up my pipline to be able to push to the registry?
Do I need to login first using docker login? What credentials do I need to use there?

mehdi

@klawitterb What I'm doing, on a non-cloudron setup, is that I created a service user allowed only on the registry, added its credentials to the secret CI variables on the gitlab project configuration, then in the .gitlab-ci.yml I do :

docker login -u $CI_USER -p $CI_USER_PASSWORD my.registry.url.com

girish

See this article also - https://about.gitlab.com/blog/2016/05/23/gitlab-container-registry/

mehdi

@girish That's only if you use the integrated container registry in gitlab Omnibus image, not an external one like on Cloudron

girish

@mehdi Ah, I was just refering to the "Start using it" section. It has some examples on how to use with a CI_BUILD_TOKEN

A Former User

Out of curiosity, why don’t we try the omnibus image on cloudron? Is it a lack of visibility or control into stuff like LDAP or something? Or just complexity of packaging

mehdi

@girish Yeah, but the authentication using CI_BUILD_TOKEN only works when it's the integrated registry

girish

@mehdi Ah, got it, I misunderstood the original question entirely.

klawitterb

Using pipeline variables to login to docker.io is working without problems for me. But I can't get the authentication to the cloudron registry to work.
I've set up the auth part as described in the documentation using tokens. Do I now need to acquire a token first before I can login?
Also tried changing the auth to htpasswd on the docker registry without success. It still wont let me in, rejecting the request with a 403.

mehdi

@klawitterb :

• which documentation are you talking about ?
• have you tried logging in from your local machine ? Does that work ?

klawitterb

@mehdi I'm referring to the documentation on the cloudron docs: https://docs.cloudron.io/apps/docker-registry/

I'm not even seeing log entries when trying to connect. Shouldn't it at least tell me about the failed login?

klawitterb

Stupid me, just read the docs again that I only need to set this up for gitlab integration. Removed the auth config and was now able to successfully login using cloudron credentials.

A Former User

Weird... it just keeps timing out for me when I try a docker push

A Former User

Nevermind... got it working just fine.

girish

@atrilahiji What did you do here? it seems this might be the source of the update issue which you mention in the other thread...

A Former User

@girish oh I reinstalled making sure it used the apps user management. This was before my update issue

A Former User

@girish The new update with the UI helped a lot. Reinstalled a version thats is standalone using proxyAuth and a version to integrate with GitLab. Works perfectly. I'll be doing some more extensive testing.

doodlemania2

@atrilahiji Write up a post on it and we can get it into the docs I bet!

caleno

@klawitterb @girish

If I understand it correctly the gitlab integration makes gitlab the authority for docker registry submitting jwt tokens for authentication. To create these tokens you either make a access token deploy token or a personal token (especially if you are using 2fa) and one should be able to authenticate to the registry, correct?

I've tried all sorts of tokens and changing the docker-client in authproxy and nginxconfig without success.

Has anyone manged to get this working? ><

klawitterb

@caleno
I removed the auth token config from the docker registry and used the normal docker login cmd in my pipeline using my normal cloudron account name + an app password.