libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Convert chapter docker registry from securing apps into guides

Browse source 
Closes #31331

Signed-off-by: rmartinc <rmartinc@redhat.com>
This commit is contained in:
rmartinc 2024-07-26 09:31:17 +02:00 committed by Marek Posolda
parent 34f4eeedd8
commit e97ffe7a32
2 changed files with 16 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/documentation/securing_apps/topics.adoc
View file

@ -41,7 +41,6 @@ include::topics/saml/java/java-adapters-product.adoc[]
endif::[] endif::[]
include::topics/saml/saml-errors.adoc[] include::topics/saml/saml-errors.adoc[]
include::topics/docker/docker-overview.adoc[]
include::topics/client-registration.adoc[] include::topics/client-registration.adoc[]
include::topics/client-registration/client-registration-cli.adoc[] include::topics/client-registration/client-registration-cli.adoc[]
ifeval::[{project_community}==true] ifeval::[{project_community}==true]

28
docs/documentation/securing_apps/topics/docker/docker-overview.adoc → docs/guides/securing-apps/docker-registry.adoc
View file

@ -1,5 +1,10 @@
<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/links.adoc" as links>
== Configuring a Docker registry to use {project_name} <@tmpl.guide
title="Docker registry"
priority=40
summary="Configuring a Docker registry to use {project_name}">
NOTE: Docker authentication is disabled by default. To enable see the https://www.keycloak.org/server/features[Enabling and disabling features] {section}. NOTE: Docker authentication is disabled by default. To enable see the https://www.keycloak.org/server/features[Enabling and disabling features] {section}.
@ -7,9 +12,7 @@ This section describes how you can configure a Docker registry to use {project_n
For more information on how to set up and configure a Docker registry, see the link:https://distribution.github.io/distribution/about/configuration/[Docker Registry Configuration Guide]. For more information on how to set up and configure a Docker registry, see the link:https://distribution.github.io/distribution/about/configuration/[Docker Registry Configuration Guide].
== Docker registry configuration file installation
=== Docker registry configuration file installation
For users with more advanced Docker registry configurations, it is generally recommended to provide your own registry configuration file. The {project_name} Docker provider supports this mechanism via the _Registry Config File_ Format Option. Choosing this option will generate output similar to the following: For users with more advanced Docker registry configurations, it is generally recommended to provide your own registry configuration file. The {project_name} Docker provider supports this mechanism via the _Registry Config File_ Format Option. Choosing this option will generate output similar to the following:
@ -17,31 +20,30 @@ For users with more advanced Docker registry configurations, it is generally rec
---- ----
auth: auth:
token: token:
realm: http://localhost:8080{kc_realms_path}/master/protocol/docker-v2/auth realm: http://localhost:8080/realms/master/protocol/docker-v2/auth
service: docker-test service: docker-test
issuer: http://localhost:8080{kc_realms_path}/master issuer: http://localhost:8080/realms/master
---- ----
This output can then be copied into any existing registry config file. See the link:https://distribution.github.io/distribution/about/configuration/[registry config file specification] for more information on how the file should be set up, or start with link:https://github.com/distribution/distribution/blob/main/cmd/registry/config-example.yml[a basic example]. This output can then be copied into any existing registry config file. See the link:https://distribution.github.io/distribution/about/configuration/[registry config file specification] for more information on how the file should be set up, or start with link:https://github.com/distribution/distribution/blob/main/cmd/registry/config-example.yml[a basic example].
WARNING: Don't forget to configure the `rootcertbundle` field with the location of the {project_name} realm's public key. The auth configuration will not work without this argument. WARNING: Don't forget to configure the `rootcertbundle` field with the location of the {project_name} realm's public key. The auth configuration will not work without this argument.
== Docker registry environment variable override installation
=== Docker registry environment variable override installation
Often times it is appropriate to use a simple environment variable override for develop or POC Docker registries. While this approach is usually not recommended for production use, it can be helpful when one requires quick-and-dirty way to stand up a registry. Simply use the _Variable Override_ Format Option from the client details, and an output should appear like the one below: Often times it is appropriate to use a simple environment variable override for develop or POC Docker registries. While this approach is usually not recommended for production use, it can be helpful when one requires quick-and-dirty way to stand up a registry. Simply use the _Variable Override_ Format Option from the client details, and an output should appear like the one below:
[source,subs="attributes+"] [source,subs="attributes+"]
---- ----
REGISTRY_AUTH_TOKEN_REALM: http://localhost:8080{kc_realms_path}/master/protocol/docker-v2/auth REGISTRY_AUTH_TOKEN_REALM: http://localhost:8080/realms/master/protocol/docker-v2/auth
REGISTRY_AUTH_TOKEN_SERVICE: docker-test REGISTRY_AUTH_TOKEN_SERVICE: docker-test
REGISTRY_AUTH_TOKEN_ISSUER: http://localhost:8080{kc_realms_path}/master REGISTRY_AUTH_TOKEN_ISSUER: http://localhost:8080/realms/master
---- ----
WARNING: Don't forget to configure the `REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE` override with the location of the {project_name} realm's public key. The auth configuration will not work without this argument. WARNING: Don't forget to configure the `REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE` override with the location of the {project_name} realm's public key. The auth configuration will not work without this argument.
=== Docker Compose YAML File == Docker Compose YAML File
WARNING: This installation method is meant to be an easy way to get a docker registry authenticating against a {project_name} server. It is intended for development purposes only and should never be used in a production or production-like environment. WARNING: This installation method is meant to be an easy way to get a docker registry authenticating against a {project_name} server. It is intended for development purposes only and should never be used in a production or production-like environment.
@ -50,7 +52,7 @@ The zip file installation mechanism provides a quickstart for developers who wan
.Procedure .Procedure
1. From the desired realm, create a client configuration. At this point you will not have a Docker registry - the quickstart will take care of that part. 1. From the desired realm, create a client configuration. At this point you will not have a Docker registry - the quickstart will take care of that part.
2. Choose the "Docker Compose YAML" option from the from _Action_ menu and select the *Download adapter config* option to download the ZIP file. 2. Choose the *Docker Compose YAML* option from the from _Action_ menu and select the *Download adapter config* option to download the ZIP file.
3. Unzip the archive to the desired location, and open the directory. 3. Unzip the archive to the desired location, and open the directory.
4. Start the Docker registry with `docker-compose up` 4. Start the Docker registry with `docker-compose up`
@ -61,3 +63,5 @@ Once the above configuration has taken place, and the keycloak server and Docker
[user ~]# docker login localhost:5000 -u $username [user ~]# docker login localhost:5000 -u $username
Password: ******* Password: *******
Login Succeeded Login Succeeded
</@tmpl.guide>