-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support private Docker registry #83
Comments
Hi @sebgl - this request makes sense and I'd like to support private registries. Questions:
https://github.com/docker/cli/blob/dee8e6ab2da3fe1f57f57de6c009a9256040d1d0/cli/command/cli.go#L110 |
Hi @alexellis , thanks for the quick answer. My use case (having only one single registry) is a tiny subcase of the more general one. You're right in all questions that this should be handled in a more general way in FaaS gateway.
Another way of handling both points above could be to allow users to provide registry credentials as a parameter in POST /system/functions: then we don't need to store credentials at all. What do you think?
|
What are you calling your API for building Docker images from code? it sounds like it has overlap with the FaaS CLI - https://github.com/alexellis/faas-cli
I recently moved the UI under the /ui/ prefix, so that for security you could effectively keep /ui and /system within a blacklist and just expose /function via reverse proxy. Who are you working with when you say we? |
Let's discuss it on Slack :) |
Fixed by #87 |
When using our own private docker registry, we need the swarm cluster to be able to pull images (functions) from it.
Expected Behavior
When a new function service is created in Swarm, images from a private registry should be correctly pulled provided the registry credentials are available somewhere.
Current Behavior
Images cannot be pulled by Swarm workers.
Possible Solution
We can rely on the mechanism provided by the
--with-registry-auth
flag in thedocker stack
command, which forwards the registry credentials to all swarm nodes.When creating a service using the golang Docker sdk, we can pass the appropriate encoded registry auth (base64 encoding of the json string representation).
I have a proposal there, based on environment variables configuration: sebgl@e7d2deb
If you think that makes sense I can open a pull request.
Steps to Reproduce (for bugs)
Context
We would like to use FaaS with private Docker registries (not only hub.docker.com but any registry).
Your Environment
The text was updated successfully, but these errors were encountered: