55 lines
3.6 KiB
Text
55 lines
3.6 KiB
Text
|
|
== Docker Registry Configuration
|
|
|
|
NOTE: Docker authentication is disabled by default. To enable see link:{installguide_profile_link}[{installguide_profile_name}].
|
|
|
|
This section describes how you can configure a Docker registry to use {project_name} as its authentication server.
|
|
|
|
For more information on how to set up and configure a Docker registry, see the link:https://docs.docker.com/registry/configuration/[Docker Registry Configuration Guide].
|
|
|
|
|
|
|
|
=== Docker Registry Configuration File Installation
|
|
|
|
For users with more advanced Docker registry configurations, it is generally recommended to provide your own registry configuration file. The {project_name} Docker provider supports this mechanism via the _Registry Config File_ Format Option. Choosing this option will generate output similar to the following:
|
|
|
|
auth:
|
|
token:
|
|
realm: http://localhost:8080/auth/realms/master/protocol/docker-v2/auth
|
|
service: docker-test
|
|
issuer: http://localhost:8080/auth/realms/master
|
|
|
|
This output can then be copied into any existing registry config file. See the link:https://docs.docker.com/registry/configuration/[registry config file specification] for more information on how the file should be set up, or start with link:https://github.com/distribution/distribution/blob/main/cmd/registry/config-example.yml[a basic example].
|
|
|
|
WARNING: Don't forget to configure the `rootcertbundle` field with the location of the {project_name} realm's public certificate. The auth configuration will not work without this argument.
|
|
|
|
|
|
=== Docker Registry Environment Variable Override Installation
|
|
|
|
Often times it is appropriate to use a simple environment variable override for develop or POC Docker registries. While this approach is usually not recommended for production use, it can be helpful when one requires quick-and-dirty way to stand up a registry. Simply use the _Variable Override_ Format Option from the client installation tab, and an output should appear like the one below:
|
|
|
|
REGISTRY_AUTH_TOKEN_REALM: http://localhost:8080/auth/realms/master/protocol/docker-v2/auth
|
|
REGISTRY_AUTH_TOKEN_SERVICE: docker-test
|
|
REGISTRY_AUTH_TOKEN_ISSUER: http://localhost:8080/auth/realms/master
|
|
|
|
WARNING: Don't forget to configure the `REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE` override with the location of the {project_name} realm's public certificate. The auth configuration will not work without this argument.
|
|
|
|
|
|
=== Docker Compose YAML File
|
|
|
|
WARNING: This installation method is meant to be an easy way to get a docker registry authenticating against a {project_name} server. It is intended for development purposes only and should never be used in a production or production-like environment.
|
|
|
|
The zip file installation mechanism provides a quickstart for developers who want to understand how the {project_name} server can interact with the Docker registry. In order to configure:
|
|
|
|
1. From the desired realm, create a client configuration. At this point you won't have a Docker registry - the quickstart will take care of that part.
|
|
2. Choose the "Docker Compose YAML" option from the installation tab and download the .zip file
|
|
3. Unzip the archive to the desired location, and open the directory.
|
|
4. Start the Docker registry with `docker-compose up`
|
|
|
|
NOTE: it is recommended that you configure the Docker registry client in a realm other than 'master', since the HTTP Basic auth flow will not present forms.
|
|
|
|
Once the above configuration has taken place, and the keycloak server and Docker registry are running, docker authentication should be successful:
|
|
|
|
[user ~]# docker login localhost:5000 -u $username
|
|
Password: *******
|
|
Login Succeeded
|