Open TomSweeneyRedHat opened 5 years ago
Selecting of registries when downloading image has been introduced in #447
Managing registries is gonna be a rather difficult one - There is no API for that, so we would need to parse /etc/containers/registries.conf
.
We would just add a new one or dropped one from unqualified-search-registries
, which is fine. We could also add/remove [[registry]]
entry which still would be fine. But the thing that concerns me is that there is v1
and v2
version on this config file and combining these two will break stuff badly. What I described is v2
, v1
is described in the first comment.
If I understand it correctly, if you always only updated podman, you can still be using v1
version of this file. We of course could have simple logic, that if unqualified-search-registries
is present, it is v2
and thus we need to do it that way otherwise different way. Or we could be lazy and when we would recognize that v1
is present we would say that this feature is supported only with version 2.
Any update on this issue? I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.
While i can add the registry to the registry list in /etc/containers/registries.conf
, I'm actually unable to browse it correctly or authenticate to it
Any update on this issue?
Unfortunately not. Patches are welcomed though ;)
I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.
I would think so. Never tried it though. Quick google search shows some results but for specific queries it is best if you contact podman team directly: https://github.com/containers/podman
Any update on this issue?
Unfortunately not. Patches are welcomed though ;)
I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.
I would think so. Never tried it though. Quick google search shows some results but for specific queries it is best if you contact podman team directly: https://github.com/containers/podman
Waking things up a bit. @Lykos94, you can drop your pull secret (authentication JSON file) in your host's $HOME/.docker/config.json
path. Then you'll be able to authenticate other registeres as long as they're located in your registries.search
section.
This makes me think, @marusak ^^ Can't we make this available through Cockpit? I assume that in air-gapped environments people have no access to external registries and both authentication and management of offline/authenticated registries should be handled. Thoughts?
It's not clear how we should proceed on this issue. It's marked as needsdesign, but I would need some more information to make any design for this. There's not anything actionable from my side yet (since it's not clear what's wanted and what's needed), hence no design provided.
/etc/containers/registries.d/
?location
and an insecure
boolean in the comments and short-name-mode="enforcing"
is the only thing not commented.shortnames
at /etc/containers/registries.conf.d/000-shortnames.conf
... is this also being considered, or is this purely for adding and removing entries?Since repos are where images come from, we should add a separator and two actions to the Images "kebab" menu (the vertical ... icon's menu): "Add registry" and "Remove registry".
Adding a repository would have the appropriate fields. It's not clear what those should be, so I can't properly design it, but here's a shot without proper information:
Removing a repository would have something like a list of repositories with details and each would have a checkbox. You could select which one(s) you want to remove and it'd have a danger-styled (red) action button to remove it. Again, I don't have the information for this, but here's an attempt:
(None of these would be checked by default, and the "Remove" button would be disabled unless something is checked. This list would have a maximum height and overflow if there are many entries, as indicated here in this mockup.)
I'll remove needsdesign
, because I've done what I can with the information I understand here. If what I provided is not correct or you need additional design, please ping me on this issue with more information and add the needsdesign
label again. Hopefully this helps and is what's needed.
Hi all, how is this progressing along?
I've really been wanting to test Homarr dashboard, but it appears they've moved from docker to ghcr.io and would love to add this registry.
Thank you
Hi all, how is this progressing along?
I've really been wanting to test Homarr dashboard, but it appears they've moved from docker to ghcr.io and would love to add this registry.
Thank you
Right now you can user podman in terminal to pull the image. Then in Cockpit, click "Create Container" next to the image it pulls down.
You're supposed to be able to put in any image, including ghci.io in the image dropdown on "Create container" and have it work.
I tried ghcr.io/github/pages-gem
(the GitHub Pages container, which is also what we use for the Cockpit Project website) and got an error: "Error message: Failed to search for images: 1 error occurred: * couldn't search registry "ghcr.io": Requesting bearer token: invalid status code from registry 403 (Forbidden)
"
This is a bug, and we should fix that regardless of registry management. It should always allow using a URI fragment to an image regardless of if a registry is browsable or not.
@dpieski is correct, that for now, you can do podman pull ghcr.io/ajnart/homarr:latest
in a terminal as a workaround.
I've opened an issue about this bug @ https://github.com/cockpit-project/cockpit-podman/issues/1753
Podman relies on the the /etc/containers/registries.conf file to determine where container registries exist. It's most important use is to add a private registry like 'acme.com' to the list so it will search for images there first. The category to update for this in the file is
[registries.search]
The file can also be used to block registries in the category
[registries.block]]
or to allow for insecure registries['insecure.io']
, being able to toggle those would be handy too, but of lesser importance.