Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Support other container image registries, including private ones #30

Closed
2 tasks done
alexellis opened this issue Jan 27, 2020 · 10 comments
Closed
2 tasks done

[Feature] Support other container image registries, including private ones #30

alexellis opened this issue Jan 27, 2020 · 10 comments
Labels
area/provider

Comments

@alexellis
Copy link
Member

alexellis commented Jan 27, 2020
edited

Description

Support other container image registries, including private ones

Detail

  • Users should be able to deploy public images stored outside of the Docker Hub in third-party registries such as GitLab's public registry or quay.io
  • Private images which require authentication to be pulled should also be supported, whether stored on the Docker Hub or a third-party registry

Context

Today faasd only has support for images on the docker.io/ public registry. Other backends for OpenFaaS support this feature including faas-netes and faas-swarm.
@alexellis alexellis mentioned this issue Jan 27, 2020
Closed
@KaiWedekind
Copy link

Thank you Alex!

@alexellis
Copy link
Member Author

@KaiWedekind are your repos public and without auth, just not on docker.io, or are they also private? We have two use-cases and I’d like to support it in two steps.

@KaiWedekind
Copy link

@alexellis I'm am using a self hosted GitLab and their container registry. My repos there are private.

I was using this line in my .gitlab-ci.yaml to login. Ref

- echo -n "$CI_DOCKER_LOGIN" | docker login --username admin --password-stdin registry.<HOST>.io

Build and push to the container registry works, it is just the deployment.
Thank you, Alex.

@estesp
Copy link

estesp commented Feb 3, 2020

Some help on using the Go API to support authenticated registry interactions:

When used as a CRI provider, the CRI plugin has its own configuration for registry auth: https://github.com/containerd/cri/blob/master/docs/registry.md

When using the Go client API for containerd, you can see from the ctr images pull implementation (as one example) how it sets up the NewDockerAuthorizer using these helper functions: https://github.com/containerd/containerd/blob/master/cmd/ctr/commands/resolver.go

@alexellis
Copy link
Member Author

I suspect that a nice experience might be to have users copy their .docker/config.json file to a known location, and for the faasd daemon to always use that to resolve images. A good location may be: /var/lib/faasd/.docker/config.json

The Docker config JSON file is also used in Kubernetes and can support multiple remotes.

@alexellis
Copy link
Member Author

Thank you @estesp

@alexellis
Copy link
Member Author

Added to Trello roadmap for 2020.

@AkihiroSuda AkihiroSuda mentioned this issue Feb 9, 2020
Merged
11 tasks
@AkihiroSuda
Copy link
Contributor

PR #41

@alexellis
Copy link
Member Author

Many thanks @AkihiroSuda

@alexellis
Copy link
Member Author

@KaiWedekind PTAL :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/provider
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@estesp @alexellis @AkihiroSuda @KaiWedekind