From 0b81b5ace0dd7c5ba3362238d8be41ce178e1ecc Mon Sep 17 00:00:00 2001 From: "Z.J. van de Weg" Date: Wed, 31 May 2017 15:55:12 +0200 Subject: Create read_registry scope with JWT auth This is the first commit doing mainly 3 things: 1. create a new scope and allow users to use it 2. Have the JWTController respond correctly on this 3. Updates documentation to suggest usage of PATs There is one gotcha, there will be no support for impersonation tokens, as this seems not needed. Fixes gitlab-org/gitlab-ce#19219 --- doc/user/project/container_registry.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'doc/user/project/container_registry.md') diff --git a/doc/user/project/container_registry.md b/doc/user/project/container_registry.md index 6a2ca7fb428..b2eca9ef809 100644 --- a/doc/user/project/container_registry.md +++ b/doc/user/project/container_registry.md @@ -106,12 +106,14 @@ Make sure that your GitLab Runner is configured to allow building Docker images following the [Using Docker Build](../../ci/docker/using_docker_build.md) and [Using the GitLab Container Registry documentation](../../ci/docker/using_docker_build.md#using-the-gitlab-container-registry). -## Limitations +## Using with private projects -In order to use a container image from your private project as an `image:` in -your `.gitlab-ci.yml`, you have to follow the -[Using a private Docker Registry][private-docker] -documentation. This workflow will be simplified in the future. +If a project is private, credentials will need to be provided for authorization. +The preferred way to do this, is by using personal access tokens, which can be +created under `/profile/personal_access_tokens`. The minimal scope needed is: +`read_registry`. + +This feature was introduced in GitLab 9.3. ## Troubleshooting the GitLab Container Registry @@ -257,4 +259,3 @@ Once the right permissions were set, the error will go away. [ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 [docker-docs]: https://docs.docker.com/engine/userguide/intro/ -[private-docker]: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#using-a-private-container-registry -- cgit v1.2.1 From d02934637df96a57907bb0869812b9c92fbfa6fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cindy=20Pallares=20=F0=9F=A6=89?= Date: Fri, 2 Jun 2017 17:02:29 +0000 Subject: Add note on moving or renaming registry repository As per d5d8e76bd79cd9d61c66539a5069104cf46be2bd, any attempts to rename a container registry repository are blocked due to image signatures. --- doc/user/project/container_registry.md | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/user/project/container_registry.md') diff --git a/doc/user/project/container_registry.md b/doc/user/project/container_registry.md index 3cbb0b5196d..8a7cff69c8f 100644 --- a/doc/user/project/container_registry.md +++ b/doc/user/project/container_registry.md @@ -39,6 +39,14 @@ You can read more about Docker Registry at https://docs.docker.com/registry/intr ## Build and push images +>**Notes:** +- Moving or renaming existing container registry repositories is not supported +once you have pushed images because the images are signed, and the +signature includes the repository name. +- To move or rename a repository with a container registry you will have to +delete all existing images. + + If you visit the **Registry** link under your project's menu, you can see the explicit instructions to login to the Container Registry using your GitLab credentials. -- cgit v1.2.1 From 8fb33b8f01c3b53a16cd5e086361c85d061b4de0 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Tue, 13 Jun 2017 14:10:31 +0200 Subject: Add docs for personal access tokens --- doc/user/project/container_registry.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'doc/user/project/container_registry.md') diff --git a/doc/user/project/container_registry.md b/doc/user/project/container_registry.md index 75ea911b9bc..629d69d8aea 100644 --- a/doc/user/project/container_registry.md +++ b/doc/user/project/container_registry.md @@ -8,8 +8,8 @@ Registry across your GitLab instance, visit the [administrator documentation](../../administration/container_registry.md). - Starting from GitLab 8.12, if you have 2FA enabled in your account, you need - to pass a personal access token instead of your password in order to login to - GitLab's Container Registry. + to pass a [personal access token][pat] instead of your password in order to + login to GitLab's Container Registry. - Multiple level image names support was added in GitLab 9.1 With the Docker Container Registry integrated into GitLab, every project can @@ -114,12 +114,11 @@ and [Using the GitLab Container Registry documentation](../../ci/docker/using_do ## Using with private projects -If a project is private, credentials will need to be provided for authorization. -The preferred way to do this, is by using personal access tokens, which can be -created under `/profile/personal_access_tokens`. The minimal scope needed is: -`read_registry`. +> [Introduced][ce-11845] in GitLab 9.3. -This feature was introduced in GitLab 9.3. +If a project is private, credentials will need to be provided for authorization. +The preferred way to do this, is by using [personal access tokens][pat]. +The minimal scope needed is `read_registry`. ## Troubleshooting the GitLab Container Registry @@ -264,4 +263,6 @@ The solution: check the [IAM permissions again](https://docs.docker.com/registry Once the right permissions were set, the error will go away. [ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040 +[ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845 [docker-docs]: https://docs.docker.com/engine/userguide/intro/ +[pat]: ../profile/personal_access_tokens.md -- cgit v1.2.1