e97ffe7a32
Closes #31331 Signed-off-by: rmartinc <rmartinc@redhat.com>
67 lines
No EOL
3.9 KiB
Text
67 lines
No EOL
3.9 KiB
Text
<#import "/templates/guide.adoc" as tmpl>
|
|
<#import "/templates/links.adoc" as links>
|
|
|
|
<@tmpl.guide
|
|
title="Docker registry"
|
|
priority=40
|
|
summary="Configuring a Docker registry to use {project_name}">
|
|
|
|
NOTE: Docker authentication is disabled by default. To enable see the https://www.keycloak.org/server/features[Enabling and disabling features] {section}.
|
|
|
|
This section describes how you can configure a Docker registry to use {project_name} as its authentication server.
|
|
|
|
For more information on how to set up and configure a Docker registry, see the link:https://distribution.github.io/distribution/about/configuration/[Docker Registry Configuration Guide].
|
|
|
|
== Docker registry configuration file installation
|
|
|
|
For users with more advanced Docker registry configurations, it is generally recommended to provide your own registry configuration file. The {project_name} Docker provider supports this mechanism via the _Registry Config File_ Format Option. Choosing this option will generate output similar to the following:
|
|
|
|
[source,subs="attributes+"]
|
|
----
|
|
auth:
|
|
token:
|
|
realm: http://localhost:8080/realms/master/protocol/docker-v2/auth
|
|
service: docker-test
|
|
issuer: http://localhost:8080/realms/master
|
|
----
|
|
|
|
This output can then be copied into any existing registry config file. See the link:https://distribution.github.io/distribution/about/configuration/[registry config file specification] for more information on how the file should be set up, or start with link:https://github.com/distribution/distribution/blob/main/cmd/registry/config-example.yml[a basic example].
|
|
|
|
WARNING: Don't forget to configure the `rootcertbundle` field with the location of the {project_name} realm's public key. The auth configuration will not work without this argument.
|
|
|
|
== Docker registry environment variable override installation
|
|
|
|
Often times it is appropriate to use a simple environment variable override for develop or POC Docker registries. While this approach is usually not recommended for production use, it can be helpful when one requires quick-and-dirty way to stand up a registry. Simply use the _Variable Override_ Format Option from the client details, and an output should appear like the one below:
|
|
|
|
[source,subs="attributes+"]
|
|
----
|
|
REGISTRY_AUTH_TOKEN_REALM: http://localhost:8080/realms/master/protocol/docker-v2/auth
|
|
REGISTRY_AUTH_TOKEN_SERVICE: docker-test
|
|
REGISTRY_AUTH_TOKEN_ISSUER: http://localhost:8080/realms/master
|
|
----
|
|
|
|
WARNING: Don't forget to configure the `REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE` override with the location of the {project_name} realm's public key. The auth configuration will not work without this argument.
|
|
|
|
|
|
== Docker Compose YAML File
|
|
|
|
WARNING: This installation method is meant to be an easy way to get a docker registry authenticating against a {project_name} server. It is intended for development purposes only and should never be used in a production or production-like environment.
|
|
|
|
The zip file installation mechanism provides a quickstart for developers who want to understand how the {project_name} server can interact with the Docker registry. In order to configure:
|
|
|
|
.Procedure
|
|
|
|
1. From the desired realm, create a client configuration. At this point you will not have a Docker registry - the quickstart will take care of that part.
|
|
2. Choose the *Docker Compose YAML* option from the from _Action_ menu and select the *Download adapter config* option to download the ZIP file.
|
|
3. Unzip the archive to the desired location, and open the directory.
|
|
4. Start the Docker registry with `docker-compose up`
|
|
|
|
NOTE: it is recommended that you configure the Docker registry client in a realm other than 'master', since the HTTP Basic auth flow will not present forms.
|
|
|
|
Once the above configuration has taken place, and the keycloak server and Docker registry are running, docker authentication should be successful:
|
|
|
|
[user ~]# docker login localhost:5000 -u $username
|
|
Password: *******
|
|
Login Succeeded
|
|
|
|
</@tmpl.guide> |