Menu
I am on artifactory version 4.6 and have the following requirement on the docker registry.
Allow anonymous pulls on docker repository Force authentication on the SAME docker repository
I know this is avaliable out of the box on the later versions of artifactory. However upgrading isnt an option for us for a while.
Does the following work around work?
Configure 'docker-virtual' with the default deployment directory as 'docker-local'
docker pull docker-virtual should work
docker push docker-virtual should ask for credentials
Upon failure , I should be able to docker login docker-virtual
and docker push docker-virtual/myImage
350
In order to pull images from your private repository, you'll need to login to Docker. If no registry URI is specified, Docker will assume you intend to use or log out from Docker Hub. Triton comes with several images built-in. You can view the available list with triton images .
Artifactory places no limitations and lets you set up any number of Docker registries, through the use of local, remote and virtual Docker repositories, and works transparently with the Docker client to manage all your Docker images, whether created internally or downloaded from remote Docker resources such as Docker ...
Not sure about the artifactory side, but perhaps the following Docker advice helps.
You can start run two registries, one RW with authentication, and a second RO without any authentication, in Docker:
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs:ro \
-v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
-v `pwd`/registry:/var/lib/registry \
-e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
-e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=My Registry" \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
-e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
registry:2
docker run -d -p 5001:5000 --restart=always --name registry-ro \
-v `pwd`/certs:/certs:ro \
-v `pwd`/auth/htpasswd:/auth/htpasswd:ro \
-v `pwd`/registry:/var/lib/registry:ro \
-e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host-cert.pem" \
-e "REGISTRY_HTTP_TLS_KEY=/certs/host-key.pem" \
-e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
registry:2
Note the volume settings for /var/lib/registry in each container. Then to pull from the anonymous registry, you'd just need to change the port. Since the filesystem is RO, any attempt to push to 5001 will fail.
134
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
