1: 2021-09-24 (金) 18:42:32 iseki |
現: 2021-09-25 (土) 18:24:00 iseki |
| + | ** Local Registry [#p8e2a0c6] |
| + | *** gitlab [#x9aeddab] |
| + | - 名前にプロジェクト名が付く.名前がひたすら長くなる..... |
| + | #br |
| + | |
| + | *** Docker Registry [#u034d275] |
| + | |
| + | **** Regstry 2 [#i88d40d9] |
| + | - https://qiita.com/zknzfz/items/61909e9a577e1b2a731b |
| + | - Basic認証,Token認証が可能 |
| + | |
| + | - Basic認証 |
| + | #br |
| + | - Token認証 docker_auth 使用) |
| + | #!/bin/bash |
| + | docker run -d \ |
| + | -p 5010:443 \ |
| + | --restart=always \ |
| + | --name registry \ |
| + | -v /opt/data/docker_registry:/var/lib/registry \ |
| + | -v /opt/data/auth:/auth \ |
| + | -e REGISTRY_AUTH=token \ |
| + | -e REGISTRY_AUTH_TOKEN_REALM=https://gitlab.nsl.tuis.ac.jp:5011/auth \ |
| + | -e REGISTRY_AUTH_TOKEN_SERVICE="Docker Registry" \ |
| + | -e REGISTRY_AUTH_TOKEN_ISSUER="NSL Auth Server" \ |
| + | -e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/gitlab.crt \ |
| + | -v /etc/gitlab/ssl:/certs \ |
| + | -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ |
| + | -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/gitlab.crt \ |
| + | -e REGISTRY_HTTP_TLS_KEY=/certs/gitlab.key \ |
| + | registry:2 |
| + | #br |
| + | |
| + | **** docker_auth [#pc166b10] |
| + | - Tokun による認証が可能 |
| + | |
| + | - docker_auth.sh |
| + | #!/bin/bash |
| + | docker run -itd \ |
| + | -p 5011:5001 \ |
| + | --restart=always \ |
| + | --name docker_auth \ |
| + | -v /var/log/docker_auth:/logs \ |
| + | -v /etc/gitlab/ssl:/certs \ |
| + | -e REGISTRY_HTTP_ADDR=0.0.0.0:5001 \ |
| + | -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/gitlab.crt \ |
| + | -e REGISTRY_HTTP_TLS_KEY=/certs/gitlab.key \ |
| + | -v /opt/data/auth:/auth:ro \ |
| + | cesanta/docker_auth:1 /auth/auth_config.yml |
| + | |
| + | - auth_config.yml |
| + | server: |
| + | addr: ":5001" |
| + | certificate: "/certs/gitlab.crt" |
| + | key: "/certs/gitlab.key" |
| + | |
| + | token: |
| + | issuer: "NSL Auth Server" # Must match issuer in the Registry config. |
| + | expiration: 900 |
| + | |
| + | users: |
| + | # Password is specified as a BCrypt hash. Use `htpasswd -nB USERNAME` to generate. |
| + | "alice": |
| + | password: "$2y$05$TW......." |
| + | "bob": |
| + | password: "$2y$05$1b......." |
| + | "": {} |
| + | |
| + | acl: |
| + | - match: {account: "alice"} |
| + | actions: ["*"] |
| + | - match: {account: "bob"} |
| + | actions: ["*"] |
| + | - match: {account: ""} |
| + | actions: ["pull"] |
| + | comment: "Anonymous users can pull" |
| + | |
| - https://github-com.translate.goog/cesanta/docker_auth/blob/main/examples/reference.yml?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=nui,op,elem | | - https://github-com.translate.goog/cesanta/docker_auth/blob/main/examples/reference.yml?_x_tr_sl=auto&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=nui,op,elem |
| + | #br |
| + | |
| + | *** UI [#y79ad295] |
| + | - docker_auth を使用すると docker-registry-frontend は使用できない.(Token認証に対応していない) |
| + | #br |
| + | |
| + | **** CraneOperator [#f83f7161] |
| + | - https://github.com/parabuzzle/craneoperator |
| + | - Token認証 に未対応(2021/09/25) |
| + | - 削除しても余計なデータが残る |
| + | #br |
| + | |
| + | **** Portus [#ved57b3e] |
| + | - https://cyberagent.ai/blog/tech/10198/ |
| + | #br |