summaryrefslogtreecommitdiff
path: root/doc/administration/packages/container_registry.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/packages/container_registry.md')
-rw-r--r--doc/administration/packages/container_registry.md46
1 files changed, 26 insertions, 20 deletions
diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md
index aaf1ca29084..503e5fb4a2a 100644
--- a/doc/administration/packages/container_registry.md
+++ b/doc/administration/packages/container_registry.md
@@ -18,16 +18,22 @@ You can read more about the Docker Registry at
**Omnibus GitLab installations**
-If you are using the Omnibus GitLab built in [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration), as of GitLab 12.5, the Container Registry will be automatically enabled on port 5050 of the default domain.
+If you installed GitLab by using the Omnibus installation package, the Container Registry
+may or may not be available by default.
-If you would like to use a separate domain, all you have to do is configure the domain name under which the Container
-Registry will listen to. Read
-[#container-registry-domain-configuration](#container-registry-domain-configuration)
-and pick one of the two options that fits your case.
+The Container Registry is automatically enabled and available on your GitLab domain, port 5050 if:
+
+- You're using the built-in [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration), and
+- You're using GitLab 12.5 or later.
+
+Otherwise, the Container Registry is not enabled. To enable it:
+
+- You can configure it for your [GitLab domain](#configure-container-registry-under-an-existing-gitlab-domain), or
+- You can configure it for [a different domain](#configure-container-registry-under-its-own-domain).
NOTE: **Note:**
-The container registry works under HTTPS by default. Using HTTP is possible
-but not recommended and out of the scope of this document.
+The Container Registry works under HTTPS by default. You can use HTTP
+but it's not recommended and is out of the scope of this document.
Read the [insecure Registry documentation](https://docs.docker.com/registry/insecure/)
if you want to implement this.
@@ -427,7 +433,7 @@ NOTE: **Note:**
By default, users accessing a registry configured with a remote backend are redirected to the default backend for the storage driver. For example, registries can be configured using the `s3` storage driver, which redirects requests to a remote S3 bucket to alleviate load on the GitLab server.
-However, this behaviour is undesirable for registries used by internal hosts that usually can't access public servers. To disable redirects, set the `disable` flag to true as follows. This makes all traffic to always go through the Registry service. This results in improved security (less surface attack as the storage backend is not publicly accessible), but worse performance (all traffic is redirected via the service).
+However, this behavior is undesirable for registries used by internal hosts that usually can't access public servers. To disable redirects, set the `disable` flag to true as follows. This makes all traffic to always go through the Registry service. This results in improved security (less surface attack as the storage backend is not publicly accessible), but worse performance (all traffic is redirected via the service).
**Omnibus GitLab installations**
@@ -454,7 +460,7 @@ However, this behaviour is undesirable for registries used by internal hosts tha
1. Add the `redirect` flag to your registry configuration YML file:
- ```yml
+ ```yaml
storage:
s3:
accesskey: 'AKIAKIAKI'
@@ -520,7 +526,7 @@ on how to achieve that.
NOTE: **Note:**
In using an external container registry, some features associated with the
-container registry may be unavailable or have [inherant risks](./../../user/packages/container_registry/index.md#use-with-external-container-registries)
+container registry may be unavailable or have [inherent risks](./../../user/packages/container_registry/index.md#use-with-external-container-registries)
**Omnibus GitLab**
@@ -650,13 +656,13 @@ notifications:
NOTE: **Note:**
The garbage collection tools are only available when you've installed GitLab
-via an Omnibus package or the cloud native chart.
+via an Omnibus package or the [cloud native chart](https://docs.gitlab.com/charts/charts/registry/#garbage-collection).
DANGER: **Danger:**
By running the built-in garbage collection command, it will cause downtime to
-the Container Registry. Running this command on an instance in an HA environment
-while one of your other instances is still writing to the Registry storage,
-will remove referenced manifests. To avoid that, make sure Registry is set to
+the Container Registry. If you run this command on an instance in an environment
+where one of your other instances is still writing to the Registry storage,
+referenced manifests will be removed. To avoid that, make sure Registry is set to
[read-only mode](#performing-garbage-collection-without-downtime) before proceeding.
Container Registry can use considerable amounts of disk space. To clear up
@@ -710,7 +716,7 @@ built-in command:
If you did not change the default location of the configuration file, run:
-```sh
+```shell
sudo gitlab-ctl registry-garbage-collect
```
@@ -719,7 +725,7 @@ layers you have stored.
If you changed the location of the Container Registry `config.yml`:
-```sh
+```shell
sudo gitlab-ctl registry-garbage-collect /path/to/config.yml
```
@@ -743,7 +749,7 @@ referenced by the registry tag. The `registry-garbage-collect` command supports
`-m` switch to allow you to remove all unreferenced manifests and layers that are
not directly accessible via `tag`:
-```sh
+```shell
sudo gitlab-ctl registry-garbage-collect -m
```
@@ -781,7 +787,7 @@ To enable the read-only mode:
1. Save and reconfigure GitLab:
- ```sh
+ ```shell
sudo gitlab-ctl reconfigure
```
@@ -789,7 +795,7 @@ To enable the read-only mode:
1. Next, trigger one of the garbage collect commands:
- ```sh
+ ```shell
# Recycling unused tags
sudo /opt/gitlab/embedded/bin/registry garbage-collect /var/opt/gitlab/registry/config.yml
@@ -816,7 +822,7 @@ To enable the read-only mode:
1. Save and reconfigure GitLab:
- ```sh
+ ```shell
sudo gitlab-ctl reconfigure
```
View Lorry Controller Status