cockpit-project / cockpit-podman

Cockpit UI for podman containers
GNU Lesser General Public License v2.1
446 stars 92 forks source link

Support managing registries #85

Open TomSweeneyRedHat opened 5 years ago

TomSweeneyRedHat commented 5 years ago

Podman relies on the the /etc/containers/registries.conf file to determine where container registries exist. It's most important use is to add a private registry like 'acme.com' to the list so it will search for images there first. The category to update for this in the file is [registries.search]

The file can also be used to block registries in the category [registries.block]] or to allow for insecure registries ['insecure.io'], being able to toggle those would be handy too, but of lesser importance.

marusak commented 4 years ago

Blocked on https://github.com/containers/libpod/issues/4793

marusak commented 4 years ago

Selecting of registries when downloading image has been introduced in #447 Managing registries is gonna be a rather difficult one - There is no API for that, so we would need to parse /etc/containers/registries.conf.

We would just add a new one or dropped one from unqualified-search-registries, which is fine. We could also add/remove [[registry]] entry which still would be fine. But the thing that concerns me is that there is v1 and v2 version on this config file and combining these two will break stuff badly. What I described is v2, v1 is described in the first comment.

If I understand it correctly, if you always only updated podman, you can still be using v1 version of this file. We of course could have simple logic, that if unqualified-search-registries is present, it is v2 and thus we need to do it that way otherwise different way. Or we could be lazy and when we would recognize that v1 is present we would say that this feature is supported only with version 2.

lukaszmoskwa commented 3 years ago

Any update on this issue? I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.

While i can add the registry to the registry list in /etc/containers/registries.conf, I'm actually unable to browse it correctly or authenticate to it

marusak commented 3 years ago

Any update on this issue?

Unfortunately not. Patches are welcomed though ;)

I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.

I would think so. Never tried it though. Quick google search shows some results but for specific queries it is best if you contact podman team directly: https://github.com/containers/podman

shpaz commented 3 years ago

Any update on this issue?

Unfortunately not. Patches are welcomed though ;)

I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.

I would think so. Never tried it though. Quick google search shows some results but for specific queries it is best if you contact podman team directly: https://github.com/containers/podman

Waking things up a bit. @Lykos94, you can drop your pull secret (authentication JSON file) in your host's $HOME/.docker/config.json path. Then you'll be able to authenticate other registeres as long as they're located in your registries.search section.

This makes me think, @marusak ^^ Can't we make this available through Cockpit? I assume that in air-gapped environments people have no access to external registries and both authentication and management of offline/authenticated registries should be handled. Thoughts?

garrett commented 1 year ago

It's not clear how we should proceed on this issue. It's marked as needsdesign, but I would need some more information to make any design for this. There's not anything actionable from my side yet (since it's not clear what's wanted and what's needed), hence no design provided.

Since repos are where images come from, we should add a separator and two actions to the Images "kebab" menu (the vertical ... icon's menu): "Add registry" and "Remove registry".

podman-registry-menu-items excalidraw

Adding a repository would have the appropriate fields. It's not clear what those should be, so I can't properly design it, but here's a shot without proper information:

podman-registry-add excalidraw

Removing a repository would have something like a list of repositories with details and each would have a checkbox. You could select which one(s) you want to remove and it'd have a danger-styled (red) action button to remove it. Again, I don't have the information for this, but here's an attempt:

podman-registry-remove excalidraw

(None of these would be checked by default, and the "Remove" button would be disabled unless something is checked. This list would have a maximum height and overflow if there are many entries, as indicated here in this mockup.)


I'll remove needsdesign, because I've done what I can with the information I understand here. If what I provided is not correct or you need additional design, please ping me on this issue with more information and add the needsdesign label again. Hopefully this helps and is what's needed.

GregTheHun commented 11 months ago

Hi all, how is this progressing along?

I've really been wanting to test Homarr dashboard, but it appears they've moved from docker to ghcr.io and would love to add this registry.

Thank you

dpieski commented 4 months ago

Hi all, how is this progressing along?

I've really been wanting to test Homarr dashboard, but it appears they've moved from docker to ghcr.io and would love to add this registry.

Thank you

Right now you can user podman in terminal to pull the image. Then in Cockpit, click "Create Container" next to the image it pulls down.

garrett commented 4 months ago

You're supposed to be able to put in any image, including ghci.io in the image dropdown on "Create container" and have it work.

I tried ghcr.io/github/pages-gem (the GitHub Pages container, which is also what we use for the Cockpit Project website) and got an error: "Error message: Failed to search for images: 1 error occurred: * couldn't search registry "ghcr.io": Requesting bearer token: invalid status code from registry 403 (Forbidden) "

This is a bug, and we should fix that regardless of registry management. It should always allow using a URI fragment to an image regardless of if a registry is browsable or not.

@dpieski is correct, that for now, you can do podman pull ghcr.io/ajnart/homarr:latest in a terminal as a workaround.

I've opened an issue about this bug @ https://github.com/cockpit-project/cockpit-podman/issues/1753