docker-wicket

command module

v0.0.0-...-cadb033 Latest Latest Go to latest Published: Sep 23, 2015 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tg123/docker-wicket

Links

Open Source Insights

README ¶

Docker Wicket

Docker registry auth/index server for both v1 and v2.

This project is based on the work of docker index and docker auth.

Features

One authentication service for both v1 and v2 registry
Pluggable ACL system

Quick Start

go get github.com/tg123/docker-wicket.git
cd $GOPATH/src/github.com/tg123/docker-wicket/example/all-in-one/

docker-compose up

After started, you will get a all-in-one (v1 + v2 + auth) server at 127.0.0.1:5000

docker login 127.0.0.1:5000
<any name and password are accepted>

docker tag <YOUR IMAGE> 127.0.0.1:5000/test

docker push 127.0.0.1:5000/test # pre 1.6 => v1  1.6+ => v2

insecure registry error

please add --insecure-registry 127.0.0.1:5000 to your docker daemon opt.

more: https://docs.docker.com/reference/commandline/cli/#insecure-registries

Configuration

args

$ ./docker-wicket -h
Usage of ./docker-wicket:

  --acl_driver=             ACL Driver for Docker Wicket
  --cert=                   Token certificate file path, MUST be in the bundle of registy2
  --expiration=600          how long the token can be treated as valid. (sec)
  --issuer=docker-wicket    Issuer of the token, MUST be same as what in registy2
  --key=                    Key file path to token certificate
  -l, --addr=0.0.0.0        Listening Address
  -p, --port=9999           Listening Port
  --service=registry        Service of the token
  --v1_endpoint=            Endpoint of registry1
  --v1_index_driver=        Index driver of registry1
  --v1_index_file_path=     Path to v1 repo

env

all args can also be set via env.

say, acl_driver, can be set via WICKET_ACL_DRIVER=derelict

ACL Drivers

GoDoc

You can implement your own acl driver and register it with docker-wicket. For example, adapting to your company's acl system or a MySQL backend.

More drivers, like ldap, are on the way. PRs are welcomed.

Built-in Drivers

derelict

This driver does nothing but ALLOW any user to access. just for testing purpose.
interdict

This driver does nothing but DENY any user to access. just for testing purpose.
htpasswd

This driver read an htpasswd file for user authentication. user can only access their own namespaces. For example, user1 can pull from and push to /user1/*, but others cannot.
- Specify htpasswd file path --acl_htpasswd_file=/path/to/htpasswd or WICKET_ACL_HTPASSWD_FILE=/path/to/htpasswd
- Auto reload Driver will automaticity reload changed htpasswd file. No restart is required.

Index Drivers (v1 only)

Built-in Drivers

mem

store index in memory, would lost after restart. just for testing purpose.
v1file

Go version of https://github.com/docker/docker-registry/blob/0.9.1/docker_registry/index.py. store index in json format and is compatible with docker-registry's file storage.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
acl
derelict
htpasswd
interdict
handler
v1
v2
index
file
mem

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL