feat: Ajout du service de Registry
This commit is contained in:
14
registry/.env
Normal file
14
registry/.env
Normal file
@@ -0,0 +1,14 @@
|
||||
## DOCKER
|
||||
|
||||
COMPOSE_FILE=./docker-compose.yml:./docker-compose.traefik.yml
|
||||
TRAEFIK_NETWORK_NAME=kifeart
|
||||
|
||||
## REGISTRY
|
||||
|
||||
REGISTRY_IMAGE=registry:2.7.1
|
||||
REGISTRY_CUSTOM_IMAGE=custom/registry
|
||||
REGISTRY_DOMAIN=registry.cool.life
|
||||
REGISTRY_VOLUME_NAME=registry
|
||||
REGISTRY_CONTAINER_NAME=registry
|
||||
REGISTRY_USER=kosssi
|
||||
REGISTRY_PASSWORD=z9NdYNJi50cA1Pqjpsww58Vpaev7lPmYoVz9OygJSZP4oMCBD5
|
||||
1
registry/.gitignore
vendored
Normal file
1
registry/.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
auth
|
||||
3
registry/Dockerfile
Normal file
3
registry/Dockerfile
Normal file
@@ -0,0 +1,3 @@
|
||||
FROM registry:2.7.1
|
||||
|
||||
COPY ./auth /auth
|
||||
58
registry/README.md
Normal file
58
registry/README.md
Normal file
@@ -0,0 +1,58 @@
|
||||
# Registry
|
||||
|
||||
> Une Docker Registry est une application qui permet de distribuer des images Docker au sein de votre organisation.
|
||||
>
|
||||
> <cite></cite>
|
||||
|
||||
## Authentification
|
||||
|
||||
De base le service est complètement ouvert, ce qui peut être dangereux si le service est accessible par internet.
|
||||
|
||||
Il existe plusieurs façon de mettre en place une authentification, je vais utiliser ici la plus simple avec une authentification *htpasswd*.
|
||||
|
||||
Une simple commande permet de générer un fichier *htpasswd* :
|
||||
|
||||
```sh
|
||||
./run htpasswd
|
||||
```
|
||||
|
||||
## Dépliement
|
||||
|
||||
Il faut ensuite générer l'image avec le fichier mot de passe intégré :
|
||||
|
||||
```sh
|
||||
./run build
|
||||
```
|
||||
|
||||
Puis déployer le service (après avoir modifier le fichier `.env`) :
|
||||
|
||||
```sh
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
Pour se connecter :
|
||||
|
||||
```sh
|
||||
docker login https://$REGISTRY_DOMAIN
|
||||
```
|
||||
|
||||
## Aide
|
||||
|
||||
Pour connaître les images du registry :
|
||||
|
||||
```sh
|
||||
curl -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X GET https://$REGISTRY_DOMAIN/v2/_catalog
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Documentation][documentation]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
## TODO
|
||||
|
||||
- Supprimer le Dockerfile et importer directement le dossier auth depuis docker-compose
|
||||
|
||||
[article]: https://blog.eleven-labs.com/fr/mise-en-place-docker-registry-privee/
|
||||
[documentation]: https://docs.docker.com/registry/
|
||||
[dockerhub]: https://hub.docker.com/_/registry
|
||||
13
registry/docker-compose.traefik.yml
Normal file
13
registry/docker-compose.traefik.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
version: '3.8'
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
services:
|
||||
registry:
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
traefik.http.routers.registry.rule: 'Host(`${REGISTRY_DOMAIN}`)'
|
||||
traefik.http.routers.registry.entrypoints: 'web'
|
||||
20
registry/docker-compose.yml
Normal file
20
registry/docker-compose.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
version: '3.8'
|
||||
|
||||
volumes:
|
||||
registry:
|
||||
name: ${REGISTRY_VOLUME_NAME}
|
||||
|
||||
services:
|
||||
registry:
|
||||
container_name: ${REGISTRY_CONTAINER_NAME}
|
||||
image: ${REGISTRY_IMAGE}
|
||||
restart: always
|
||||
environment:
|
||||
REGISTRY_AUTH: htpasswd
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
|
||||
REGISTRY_STORAGE_DELETE_ENABLED: "true"
|
||||
volumes:
|
||||
- registry:/var/lib/registry
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
64
registry/run
Executable file
64
registry/run
Executable file
@@ -0,0 +1,64 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
. $DIR/../help.sh
|
||||
. $DIR/../postgres/run --only-source
|
||||
|
||||
registry_help() {
|
||||
echo "./run htpasswd : 🔑 Génération du fichier htpasswd"
|
||||
echo "./run build : 🏗 Construction de l'image custom"
|
||||
echo "./run backup : 💾 Sauvegarde des images du registry"
|
||||
}
|
||||
|
||||
registry_htpasswd() {
|
||||
script_env
|
||||
mkdir -p auth
|
||||
echo "🔑 Génération du fichier htpasswd"
|
||||
docker run --entrypoint htpasswd $REGISTRY_IMAGE -Bbn $REGISTRY_USER $REGISTRY_PASSWORD > auth/htpasswd
|
||||
}
|
||||
|
||||
registry_build() {
|
||||
script_env
|
||||
echo "🏗 Construction de l'image custom"
|
||||
DOCKER_FILE_DEFAULT=.
|
||||
DOCKER_FILE=${DOCKER_FILE:-$DOCKER_FILE_DEFAULT}
|
||||
docker build $DOCKER_FILE -t $REGISTRY_CUSTOM_IMAGE
|
||||
}
|
||||
|
||||
registry_backup() {
|
||||
script_env
|
||||
echo "💾 Sauvegarde des images du registry"
|
||||
|
||||
REGISTRY_BACKUP_FILE_DEFAULT=`date +%Y%m%d_%H%M%S`_${REGISTRY_DOMAIN}.tar
|
||||
REGISTRY_BACKUP_FILE=${REGISTRY_BACKUP_FILE:-$REGISTRY_BACKUP_FILE_DEFAULT}
|
||||
|
||||
docker run --rm --volumes-from registry -v /home/pi/backups/registry:/backup alpine:3.11.6 ash -c "cd /var/lib/registry && tar cvf /backup/$REGISTRY_BACKUP_FILE ."
|
||||
}
|
||||
|
||||
registry_restore() {
|
||||
script_env
|
||||
|
||||
docker run -it --rm -v $HOME/backups/${REGISTRY_DOMAIN}:/backup --volumes-from registry alpine:3.11.6 ash -c "cd /var/lib/registry && tar xvf /backup/${BACKUP_DATE}_${REGISTRY_DOMAIN}.tar --strip 1"
|
||||
}
|
||||
|
||||
if [ $# -ge 1 ]; then
|
||||
if [ "${1}" == "htpasswd" ]; then
|
||||
script_start
|
||||
registry_htpasswd
|
||||
script_end
|
||||
elif [ "${1}" == "build" ]; then
|
||||
script_start
|
||||
registry_build
|
||||
script_end
|
||||
elif [ "${1}" == "backup" ]; then
|
||||
script_start
|
||||
registry_backup
|
||||
script_end
|
||||
elif [ "${1}" != "--only-source" ]; then
|
||||
registry_help
|
||||
fi
|
||||
else
|
||||
registry_help
|
||||
fi
|
||||
Reference in New Issue
Block a user