self-hosted/watchtower
self-hosted/watchtower
1
0
Fork 0
mirror of https://github.com/containrrr/watchtower.git synced 2025-01-05 14:50:44 +02:00
Code Issues Releases Activity

Documented private registries

Browse Source
This commit is contained in:
Jan Kristof Nidzwetzki 2019-12-25 21:58:19 +01:00 committed by GitHub
parent 1ca1e20c7c
commit 0c3133f2d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/private-registries.md
View File

@ -1,4 +1,56 @@
Some private docker registries (the most prominent probably being AWS ECR) use non-standard ways of authentication.
Watchtower supports private Docker image registries. In many cases, accessing a private registry requires a valid username and password (i.e., _credentials_). In order to operate in such an environment, watchtower needs to know the credentials to access the registry.
The credentials can be provided to watchtower in a configuration file called `config.json`. There are two ways to generate this configuration file:
* The configuration file can be created manually.
* Call `docker login $REGISTRY_NAME` and share the resulting configuration file.
### Create the configuration file manually
Create a new configuration file with the following syntax and a base64 encoded username and password `auth` string:
```json
{
"auths": {
"$REGISTRY_NAME": {
"auth": "XXXXXXX"
}
}
}
```
`$REGISTRY_NAME` needs to be replaced by the name of your private registry (e.g., `my-private-registry.example.org`)
The required `auth` string can be generated as follows:
```bash
echo -n 'username:password' | base64
```
When the watchtower Docker container is stared, the created configuration file (`<PATH>/config.json` in this example) needs to be passed to the container:
```bash
docker run [...] -v <PATH>/config.json:/config.json containrrr/watchtower
```
### Share the Docker configuration file
To pull an image from a private registry, `docker login` needs to be called first, to get access to the registry. The provided credentials are stored in a configuration file called `<PATH_TO_HOME_DIR>/.docker/config.json`. This configuration file can be directly used by watchtower. In this case, the creation of an additional configuration file is not necessary.
When the Docker container is started, pass the configuration file to watchtower:
```bash
docker run [...] -v <PATH_TO_HOME_DIR>/.docker/config.json:/config.json containrrr/watchtower
```
When creating the watchtower container via docker-compose, use the following lines:
```yaml
version: "3"
[...]
watchtower:
image: index.docker.io/containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- <PATH_TO_HOME_DIR>/.docker/config.json:/config.json
[...]
```
## Credential helpers
Some private Docker registries (the most prominent probably being AWS ECR) use non-standard ways of authentication.
To be able to use this together with watchtower, we need to use a credential helper.
To keep the image size small we've decided to not include any helpers in the watchtower image, instead we'll put the