diff --git a/registry/.env b/registry/.env new file mode 100644 index 0000000..ac4869e --- /dev/null +++ b/registry/.env @@ -0,0 +1,14 @@ +## DOCKER + +COMPOSE_FILE=./docker-compose.yml:./docker-compose.traefik.yml +TRAEFIK_NETWORK_NAME=kifeart + +## REGISTRY + +REGISTRY_IMAGE=registry:2.7.1 +REGISTRY_CUSTOM_IMAGE=custom/registry +REGISTRY_DOMAIN=registry.cool.life +REGISTRY_VOLUME_NAME=registry +REGISTRY_CONTAINER_NAME=registry +REGISTRY_USER=kosssi +REGISTRY_PASSWORD=z9NdYNJi50cA1Pqjpsww58Vpaev7lPmYoVz9OygJSZP4oMCBD5 diff --git a/registry/.gitignore b/registry/.gitignore new file mode 100644 index 0000000..5fa1d81 --- /dev/null +++ b/registry/.gitignore @@ -0,0 +1 @@ +auth diff --git a/registry/Dockerfile b/registry/Dockerfile new file mode 100644 index 0000000..254948c --- /dev/null +++ b/registry/Dockerfile @@ -0,0 +1,3 @@ +FROM registry:2.7.1 + +COPY ./auth /auth diff --git a/registry/README.md b/registry/README.md new file mode 100644 index 0000000..371b7db --- /dev/null +++ b/registry/README.md @@ -0,0 +1,58 @@ +# Registry + +> Une Docker Registry est une application qui permet de distribuer des images Docker au sein de votre organisation. +> +> + +## Authentification + +De base le service est complètement ouvert, ce qui peut être dangereux si le service est accessible par internet. + +Il existe plusieurs façon de mettre en place une authentification, je vais utiliser ici la plus simple avec une authentification *htpasswd*. + +Une simple commande permet de générer un fichier *htpasswd* : + +```sh +./run htpasswd +``` + +## Dépliement + +Il faut ensuite générer l'image avec le fichier mot de passe intégré : + +```sh +./run build +``` + +Puis déployer le service (après avoir modifier le fichier `.env`) : + +```sh +docker-compose up -d +``` + +Pour se connecter : + +```sh +docker login https://$REGISTRY_DOMAIN +``` + +## Aide + +Pour connaître les images du registry : + +```sh +curl -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X GET https://$REGISTRY_DOMAIN/v2/_catalog +``` + +## Liens + +- [Documentation][documentation] +- [Docker Hub][dockerhub] + +## TODO + +- Supprimer le Dockerfile et importer directement le dossier auth depuis docker-compose + +[article]: https://blog.eleven-labs.com/fr/mise-en-place-docker-registry-privee/ +[documentation]: https://docs.docker.com/registry/ +[dockerhub]: https://hub.docker.com/_/registry diff --git a/registry/docker-compose.traefik.yml b/registry/docker-compose.traefik.yml new file mode 100644 index 0000000..9c8f6ea --- /dev/null +++ b/registry/docker-compose.traefik.yml @@ -0,0 +1,13 @@ +version: '3.8' + +networks: + default: + name: ${TRAEFIK_NETWORK_NAME} + +services: + registry: + labels: + traefik.enable: 'true' + traefik.docker.network: ${TRAEFIK_NETWORK_NAME} + traefik.http.routers.registry.rule: 'Host(`${REGISTRY_DOMAIN}`)' + traefik.http.routers.registry.entrypoints: 'web' diff --git a/registry/docker-compose.yml b/registry/docker-compose.yml new file mode 100644 index 0000000..c987491 --- /dev/null +++ b/registry/docker-compose.yml @@ -0,0 +1,20 @@ +version: '3.8' + +volumes: + registry: + name: ${REGISTRY_VOLUME_NAME} + +services: + registry: + container_name: ${REGISTRY_CONTAINER_NAME} + image: ${REGISTRY_IMAGE} + restart: always + environment: + REGISTRY_AUTH: htpasswd + REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm + REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd + REGISTRY_STORAGE_DELETE_ENABLED: "true" + volumes: + - registry:/var/lib/registry + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro diff --git a/registry/run b/registry/run new file mode 100755 index 0000000..654d471 --- /dev/null +++ b/registry/run @@ -0,0 +1,64 @@ +#!/bin/bash + +set -eu + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +. $DIR/../help.sh +. $DIR/../postgres/run --only-source + +registry_help() { + echo "./run htpasswd : 🔑 Génération du fichier htpasswd" + echo "./run build : 🏗 Construction de l'image custom" + echo "./run backup : 💾 Sauvegarde des images du registry" +} + +registry_htpasswd() { + script_env + mkdir -p auth + echo "🔑 Génération du fichier htpasswd" + docker run --entrypoint htpasswd $REGISTRY_IMAGE -Bbn $REGISTRY_USER $REGISTRY_PASSWORD > auth/htpasswd +} + +registry_build() { + script_env + echo "🏗 Construction de l'image custom" + DOCKER_FILE_DEFAULT=. + DOCKER_FILE=${DOCKER_FILE:-$DOCKER_FILE_DEFAULT} + docker build $DOCKER_FILE -t $REGISTRY_CUSTOM_IMAGE +} + +registry_backup() { + script_env + echo "💾 Sauvegarde des images du registry" + + REGISTRY_BACKUP_FILE_DEFAULT=`date +%Y%m%d_%H%M%S`_${REGISTRY_DOMAIN}.tar + REGISTRY_BACKUP_FILE=${REGISTRY_BACKUP_FILE:-$REGISTRY_BACKUP_FILE_DEFAULT} + + docker run --rm --volumes-from registry -v /home/pi/backups/registry:/backup alpine:3.11.6 ash -c "cd /var/lib/registry && tar cvf /backup/$REGISTRY_BACKUP_FILE ." +} + +registry_restore() { + script_env + + docker run -it --rm -v $HOME/backups/${REGISTRY_DOMAIN}:/backup --volumes-from registry alpine:3.11.6 ash -c "cd /var/lib/registry && tar xvf /backup/${BACKUP_DATE}_${REGISTRY_DOMAIN}.tar --strip 1" +} + +if [ $# -ge 1 ]; then + if [ "${1}" == "htpasswd" ]; then + script_start + registry_htpasswd + script_end + elif [ "${1}" == "build" ]; then + script_start + registry_build + script_end + elif [ "${1}" == "backup" ]; then + script_start + registry_backup + script_end + elif [ "${1}" != "--only-source" ]; then + registry_help + fi +else + registry_help +fi