Name: corpus-dockerregistry
Owner: Makina Corpus
Description: null
Created: 2015-10-04 17:02:38.0
Updated: 2015-10-04 17:03:03.0
Pushed: 2015-11-12 14:22:50.0
Homepage: null
Size: 384
Language: SaltStack
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
This provides a docker distribution (registry v2) docker image based on makina-states.
This registry embeds a daemon that implements registry V2 tokens, (cesanta/docker_auth).
The registry won't allow any anonymous configuration.
You will certainly need to read the official documentation around the docker registry.
Pay attention that you need to access your registry with a DNS name and a valid SSL certificate.
This certicate must be signed by an authority (even if you generates this authority).
Other setup will make you go in troubles.
You can of course follow the SSL certificate generation snippet bellow.
This registry is based via makina-states, a deployment framework based on saltstack.
Please read this documentation FIRST
We separate the project codebase from any persistent data that is needed to be created along any container.
For this we use two root separates folders:
Specific to this image:
${DATA}/ca
any ssl generated certificates
${DATA}/go
if binary are built: build results
${DATA}/docker-auth
if binary are built: cesenta/docker-auth codebase
${DATA}/registry
if binary are built: registry codebase
${VOLUME}/data/images
where the images are stored (autocreated)
${VOLUME}/data/www_dir
reverse proxy docroot (autocreated)
${VOLUME}/data/images
where the images are stored (autocreated)
${VOLUME}/data/www_dir
reverse proxy docroot (autocreated)
rt REPO_URL="https://github.com/makinacorpus/corpus-dockerregistry.git"
rt PROJECT="${WORKSPACE}/myproject" # where you want to put the code
rt DATA="${PROJECT}_data" # where you want to put the data
rt VOLUME="${DATA}/volume" # where you want to put the docker volume
r -p "${DATA}" "${VOLUME}"
clone "${REPO_URL}" "${PROJECT}"
You need then to fill the pillar to:
r -p "${VOLUME}/configuration"
salt/PILLAR.sample "${VOLUME}/configuration/pillar.sls"
-re "s/makina-projects.projectname/makina-projects.registry/g"\
"${VOLUME}/configuration/pillar.sls"
TOR "${VOLUME}/configuration/pillar.sls" # Adapt to your needs
Edit at least:
Example configuration/pillar.sls
na-projects.registry:
ta:
users:
admin:
password: test1
readonly:
password: test2
acl:
# Admin has full access to everything.
- {match: {account: "admin"}, actions: ["*"]}
# User "readonly" can pull stuff.
- {match: {account: "readonly"}, actions: ["pull"]}
# Access is denied by default.
# the domain serving your registry
domain: "registryh.docker.tld"
# the SSL certicate(incuding the intermediaries)
ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIDMjCCAhoCCQDvVm1SttCzxTANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJG
...
ugItmnXoVCkHHrZvydXC/zxah21lfVtA05xB8zsieLyLmsy8lH2exftnpM3QgMAp
G9S8ZWex
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIJAKWNQ8MgC28RMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
...
S17wzmffRktued3rJ+efBUvegdnbJG1nxT51znLy5mlLAD37OCf2DgqlGyL1UcEr
XhidyUpZcJ4Fr2koosQZ8z20j2tXDanhbSi1osJ6yQi8rjRdJZeCMwA=
-----END CERTIFICATE-----
# the relevant SSL key
ssl_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzzBVPJvbMXFBN1mErd+T3QDUpvI6YvJt3JJjBptvcke1X9Si
...
fFwSDE8arfpgbAfrtYgWjd0248GRV46iE1BuE4uuZ41XQ9J9DILzjMk=
-----END RSA PRIVATE KEY-----
Be sure to have completed the initial configuration (SSL, PILLAR) before launching the container. You may not need to build the image, you can directly download it from the docker-hub.
er pull makinacorpus/registry
docker build -t makinacorpus/registry .
Run
er run -ti -v "${VOlUME}":/srv/projects/registry/data makinacorpus/registry
The image exposes some volumes that you may want to attach In production mode:
See: