Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support managing registries #85

Open
TomSweeneyRedHat opened this issue Apr 18, 2019 · 9 comments
Open

Support managing registries #85

TomSweeneyRedHat opened this issue Apr 18, 2019 · 9 comments
Labels
enhancement New feature or request

Comments

@TomSweeneyRedHat
Copy link

Podman relies on the the /etc/containers/registries.conf file to determine where container registries exist. It's most important use is to add a private registry like 'acme.com' to the list so it will search for images there first. The category to update for this in the file is [registries.search]

The file can also be used to block registries in the category [registries.block]] or to allow for insecure registries ['insecure.io'], being able to toggle those would be handy too, but of lesser importance.

@marusak marusak added enhancement New feature or request needsdesign labels Aug 6, 2019
@marusak marusak changed the title RFE: Configure /etc/containers/registries.conf Support managing and selecting registries Aug 6, 2019
@marusak
Copy link
Member

marusak commented Jan 6, 2020

Blocked on containers/podman#4793

@marusak marusak added the blocked label Jan 6, 2020
@marusak marusak removed the blocked label Jul 21, 2020
marusak added a commit to marusak/cockpit-podman that referenced this issue Jul 21, 2020
marusak added a commit to marusak/cockpit-podman that referenced this issue Jul 21, 2020
marusak added a commit to marusak/cockpit-podman that referenced this issue Jul 21, 2020
marusak added a commit to marusak/cockpit-podman that referenced this issue Jul 27, 2020
marusak added a commit to marusak/cockpit-podman that referenced this issue Jul 27, 2020
marusak added a commit to marusak/cockpit-podman that referenced this issue Jul 29, 2020
marusak added a commit that referenced this issue Jul 29, 2020
@marusak
Copy link
Member

marusak commented Jul 29, 2020

Selecting of registries when downloading image has been introduced in #447
Managing registries is gonna be a rather difficult one - There is no API for that, so we would need to parse /etc/containers/registries.conf.

We would just add a new one or dropped one from unqualified-search-registries, which is fine. We could also add/remove [[registry]] entry which still would be fine. But the thing that concerns me is that there is v1 and v2 version on this config file and combining these two will break stuff badly. What I described is v2, v1 is described in the first comment.

If I understand it correctly, if you always only updated podman, you can still be using v1 version of this file. We of course could have simple logic, that if unqualified-search-registries is present, it is v2 and thus we need to do it that way otherwise different way. Or we could be lazy and when we would recognize that v1 is present we would say that this feature is supported only with version 2.

@marusak marusak changed the title Support managing and selecting registries Support managing registries Nov 27, 2020
@lukaszmoskwa
Copy link

Any update on this issue? I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.

While i can add the registry to the registry list in /etc/containers/registries.conf, I'm actually unable to browse it correctly or authenticate to it

@marusak
Copy link
Member

marusak commented Feb 3, 2021

Any update on this issue?

Unfortunately not. Patches are welcomed though ;)

I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.

I would think so. Never tried it though. Quick google search shows some results but for specific queries it is best if you contact podman team directly: https://github.com/containers/podman

@shpaz
Copy link

shpaz commented Jun 4, 2021

Any update on this issue?

Unfortunately not. Patches are welcomed though ;)

I was wondering if it is possible to add the authentication to a private registry, like the Gitlab one for example.

I would think so. Never tried it though. Quick google search shows some results but for specific queries it is best if you contact podman team directly: https://github.com/containers/podman

Waking things up a bit. @Lykos94, you can drop your pull secret (authentication JSON file) in your host's $HOME/.docker/config.json path. Then you'll be able to authenticate other registeres as long as they're located in your registries.search section.

This makes me think, @marusak ^^
Can't we make this available through Cockpit? I assume that in air-gapped environments people have no access to external registries and both authentication and management of offline/authenticated registries should be handled. Thoughts?

@garrett
Copy link
Member

garrett commented Mar 2, 2023

It's not clear how we should proceed on this issue. It's marked as needsdesign, but I would need some more information to make any design for this. There's not anything actionable from my side yet (since it's not clear what's wanted and what's needed), hence no design provided.

  • It says "managing" registries, so that probably would include browsing, adding, and removing: correct?
  • Would that be limited to admin users only?
  • Would this be limited to entries /etc/containers/registries.d/?
  • Is there a way to disable/enable instead of deleting?
  • What values are even needed for this? All I see in the example file are location and an insecure boolean in the comments and short-name-mode="enforcing" is the only thing not commented.
  • There are also shortnames at /etc/containers/registries.conf.d/000-shortnames.conf... is this also being considered, or is this purely for adding and removing entries?

Since repos are where images come from, we should add a separator and two actions to the Images "kebab" menu (the vertical ... icon's menu): "Add registry" and "Remove registry".

podman-registry-menu-items excalidraw

Adding a repository would have the appropriate fields. It's not clear what those should be, so I can't properly design it, but here's a shot without proper information:

podman-registry-add excalidraw

Removing a repository would have something like a list of repositories with details and each would have a checkbox. You could select which one(s) you want to remove and it'd have a danger-styled (red) action button to remove it. Again, I don't have the information for this, but here's an attempt:

podman-registry-remove excalidraw

(None of these would be checked by default, and the "Remove" button would be disabled unless something is checked. This list would have a maximum height and overflow if there are many entries, as indicated here in this mockup.)


I'll remove needsdesign, because I've done what I can with the information I understand here. If what I provided is not correct or you need additional design, please ping me on this issue with more information and add the needsdesign label again. Hopefully this helps and is what's needed.

@GregTheHun
Copy link

Hi all, how is this progressing along?

I've really been wanting to test Homarr dashboard, but it appears they've moved from docker to ghcr.io and would love to add this registry.

Thank you

@dpieski
Copy link

dpieski commented Jun 11, 2024

Hi all, how is this progressing along?

I've really been wanting to test Homarr dashboard, but it appears they've moved from docker to ghcr.io and would love to add this registry.

Thank you

Right now you can user podman in terminal to pull the image. Then in Cockpit, click "Create Container" next to the image it pulls down.

@garrett
Copy link
Member

garrett commented Jun 12, 2024

You're supposed to be able to put in any image, including ghci.io in the image dropdown on "Create container" and have it work.

I tried ghcr.io/github/pages-gem (the GitHub Pages container, which is also what we use for the Cockpit Project website) and got an error: "Error message: Failed to search for images: 1 error occurred: * couldn't search registry "ghcr.io": Requesting bearer token: invalid status code from registry 403 (Forbidden) "

This is a bug, and we should fix that regardless of registry management. It should always allow using a URI fragment to an image regardless of if a registry is browsable or not.

@dpieski is correct, that for now, you can do podman pull ghcr.io/ajnart/homarr:latest in a terminal as a workaround.

I've opened an issue about this bug @ #1753

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

7 participants