Solved How to authenticate in gitlab pipline?
-
Hey,
I've set up the registry and the gitlab connection as described in the documentation.
How do I now set up my pipline to be able to push to the registry?
Do I need to login first using docker login? What credentials do I need to use there? -
@klawitterb What I'm doing, on a non-cloudron setup, is that I created a service user allowed only on the registry, added its credentials to the secret CI variables on the gitlab project configuration, then in the
.gitlab-ci.ymlI do :docker login -u $CI_USER -p $CI_USER_PASSWORD my.registry.url.com -
See this article also - https://about.gitlab.com/blog/2016/05/23/gitlab-container-registry/
-
@girish That's only if you use the integrated container registry in gitlab Omnibus image, not an external one like on Cloudron
-
@mehdi Ah, I was just refering to the "Start using it" section. It has some examples on how to use with a
CI_BUILD_TOKEN -
Out of curiosity, why don’t we try the omnibus image on cloudron? Is it a lack of visibility or control into stuff like LDAP or something? Or just complexity of packaging
-
@girish Yeah, but the authentication using CI_BUILD_TOKEN only works when it's the integrated registry
-
@mehdi Ah, got it, I misunderstood the original question entirely.
-
Using pipeline variables to login to docker.io is working without problems for me. But I can't get the authentication to the cloudron registry to work.
I've set up the auth part as described in the documentation using tokens. Do I now need to acquire a token first before I can login?
Also tried changing the auth to htpasswd on the docker registry without success. It still wont let me in, rejecting the request with a 403. -
- which documentation are you talking about ?
- have you tried logging in from your local machine ? Does that work ?
-
@mehdi I'm referring to the documentation on the cloudron docs: https://docs.cloudron.io/apps/docker-registry/
I'm not even seeing log entries when trying to connect. Shouldn't it at least tell me about the failed login?
-
Stupid me, just read the docs again that I only need to set this up for gitlab integration. Removed the auth config and was now able to successfully login using cloudron credentials.
-
Weird... it just keeps timing out for me when I try a docker push
-
Nevermind... got it working just fine.
-
@atrilahiji What did you do here? it seems this might be the source of the update issue which you mention in the other thread...
-
@girish oh I reinstalled making sure it used the apps user management. This was before my update issue
-
@girish The new update with the UI helped a lot. Reinstalled a version thats is standalone using proxyAuth and a version to integrate with GitLab. Works perfectly. I'll be doing some more extensive testing.
-
@atrilahiji Write up a post on it and we can get it into the docs I bet!
-
If I understand it correctly the gitlab integration makes gitlab the authority for docker registry submitting jwt tokens for authentication. To create these tokens you either make a access token deploy token or a personal token (especially if you are using 2fa) and one should be able to authenticate to the registry, correct?
I've tried all sorts of tokens and changing the docker-client in authproxy and nginxconfig without success.
Has anyone manged to get this working? ><
-
@caleno
I removed the auth token config from the docker registry and used the normal docker login cmd in my pipeline using my normal cloudron account name + an app password. -
I have token auth activated or at least configured and I can still log inn with Cloudron username and password + 2fa.
I'd like the token auth to work via Gitlab and maybe the case above points to a configuration issue.
I have to investigate further.
-
@caleno said in How to authenticate in gitlab pipline?:
I have token auth activated or at least configured and I can still log inn with Cloudron username and password + 2fa.
I'd like the token auth to work via Gitlab and maybe the case above points to a configuration issue.
I have to investigate further.
BTW. Maybe it is just working for the UI.
