docker 创建私有仓库registry 链接ldap

最新推荐文章于 2024-03-13 15:36:57 发布

轻舞飞扬2014

最新推荐文章于 2024-03-13 15:36:57 发布

阅读量969

点赞数

本文链接：https://blog.csdn.net/u013796473/article/details/73292186

版权

1，与前边一篇步骤一样，只是将auth_config.yml中加点配置，在里边改吧改吧，即

# . See reference.yml for explanation for explanation of all options.

# auth:

# token:

# realm: "https://127.0.0.1:5001/auth"

# service: "Docker registry"

# issuer: "Acme auth server"

# rootcertbundle: "/path/to/server.pem"

server:

addr: ":5001"

certificate: "/certs/auth.crt"

key: "/certs/auth.key"

token:

issuer: "Acme auth server" # Must match issuer in the Registry config.

expiration: 900

# LDAP authentication.

# Authentication is performed by first binding to the server, looking up the user entry

# by using the specified filter, and then re-binding using the matched DN and the password provided.

ldap_auth:

addr: "ldap:389"

#tls: true

# In case bind DN and password is required for querying user information,

# specify them here. Plain text password is read from the file.

bind_dn: "uid=serviceaccount,ou=it,dc=example,dc=com"

# Make sure you remove newlines and carriage returns from the password file.

bind_password_file: /tmp/ldap_password.txt.clean

# User query settings. ${account} is expanded from auth request

base: "ou=musicians,dc=example,dc=com"

filter: "(&(uid=${account})(objectClass=organizationalPerson))"

users:

# Password is specified as a BCrypt hash. Use htpasswd -B to generate.

"admin":

password: "$2y$05$LO.vzwpWC5LZGqThvEfznu8qhb5SGqvBSWY1J3yZ4AxtMRZ3kN5jC" # badmin

"test":

password: "$2y$05$WuwBasGDAgr.QCbGIjKJaep4dhxeai9gNZdmBnQXqpKly57oNutya" # 123

acl:

# Admin has full access to everything.

- match: {account: "admin"}

actions: ["*"]

# User "user" can pull stuff.

- match: {account: "test"}

actions: ["pull"]

# This will allow authenticated users to pull/push

- match:

account: /.+/

actions: ['*']

# The user "serviceaccount" (from LDAP) may not perform any docker actions

# like push or pull.

- match: {account: "serviceaccount"}

actions: []

2，运行命令：

1，docker run -d --name docker_auth -p 5001:5001 \
-v /data/192.168.111.128/config:/config:ro \
--restart=always \
-v /data/192.168.111.128/ssl:/ssl cesanta/docker_auth /config/ldap_auth.yml

3，docker run -d -p 5000:5000 \
-e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry \
-e REGISTRY_AUTH=token \
-e REGISTRY_AUTH_TOKEN_REALM=https://192.168.111.128:5001/auth \
-e REGISTRY_AUTH_TOKEN_SERVICE="Docker registry" \
-e REGISTRY_AUTH_TOKEN_ISSUER="Acme auth server" \
-e REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem \
-v /data/192.168.111.128/ssl:/ssl \
--restart=always \
--name registry registry

4，就可以用ldap中的用户登录，push和pull了。

轻舞飞扬2014

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
docker 创建私有仓库registry 链接ldap

1，与前边一篇步骤一样，只是将auth_config.yml中加点配置，在里边改吧改吧，即# . See reference.yml for explanation for explanation of all options.## auth:# token:
复制链接

扫一扫