endoze
commented
8 months ago After revisiting this project months later, I figured out what I was doing wrong and how to get this set up properly. For anyone who finds this issue the following helped me understand how to properly set up configuration:
registry_config.yaml
version: 0.1
auth:
token:
realm: "https://url-to-auth-container.com/auth"
service: "https://url-to-my-registry.com"
issuer: "Some Auth Server" # this must match value in docker_auth configuration
rootcertbundle: /path/to/wildcard/cert/for/my/domain # this must be the entire certificate chain
# snipped rest of filedocker_auth.yaml
server:
addr: ":5001"
# I terminate ssl via an ingress controller in my k8s cluster so I don't configure ssl here
token:
issuer: "Some Auth Server" # This must match value in registry configuration
expiration: 900
certificate: "/certs/tls.crt" # this must be the registry config certificate chain
key: "/certs/tls.key" # this must be the key for the certificate chain used in registry config
github_auth:
organization: "My Organization on GitHub"
client_id: "my-oauth-app-client-id"
client_secret_file: "/path/to/oauth/app/secret/file"
token_db: /data/tokens.db
acl:
- match: {team: "Engineering"}
actions: ["*"]
comment: "Engineering team members have full access"
I'm unsure how to configure my registry container to use GitHub as my method for token authentication. I've set up an OAuth application on GitHub, but unsure of the correct settings to use when firing up my registry container.
I've tried something similar to the following (replacing fake values with real ones) but I'm unable to get it working correctly.
Registry container config:
Config for docker_auth: