Question 171949 in Docker Question posted in
The official documentation can be found here.

Is there a container image stored for this project?

BEFORE GIVING NEGATIVE FEEDBACK:
the requisites for a negative feedback are, quoting: "This question does not show any research effort; it is unclear or not useful".
I’ve been looking for the solution for the last two days. There is no code to show, it is such a rare (and almost new) case to be in this situation (self hosted gitlab and self hosted gitlab registry) and for this reason there is scarse documentation.
I’ve also tried to post the thread in webmasters but there is no gitlab tag (so there aren’t enough tags unless mistagging the thread).

I’ve posted this answer hoping in someone who already faced this.
And an answer could actually help other people, now or in the future.

my docker gitlab instance doesn’t show any container under group-name > project-name – Container Registry

Gitlab is properly configured, the gitlab registry is active, the runner is active, and I can complete a pipeline containing a deploy: meaning that my gitlab container registry actually contains containers for this particular project (I can also see the actual image pulled from my docker instance meaning that the images are there).

The page says:

If you are not already logged in, you need to authenticate to the Container Registry by using your GitLab username and password. If you have Two-Factor Authentication enabled, use a Personal Access Token instead of a password.

How am I supposed to login to show my containers in here?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I was able to solve the problem creating a certificate in docker host as reported here:

    mkdir certs
cd certs
# Generate a random password password_file used in the next commands
openssl rand -hex -out password_file 32
# Create a PKCS#10 certificate request
openssl req -new -passout file:password_file -newkey rsa:4096 -batch > registry.csr
# Convert RSA key
openssl rsa -passin file:password_file -in privkey.pem -out registry.key
# Generate certificate
openssl x509 -in registry.csr -out registry.crt -req -signkey registry.key -days 10000

    then assigned the certs folder to the two (gitlab and registry) containers.

    this certificate configuration allow gitlab and gitlab registry to sort of auto-login and talk to each other.

    the docker-compose.yml file will finally look like this:

    version: '3.6'
services:
  web:
    image: 'gitlab/gitlab-ee:latest'
    container_name: gitlab-ee
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.org'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        gitlab_rails['gitlab_shell_ssh_port'] = 222
        gitlab_rails['registry_enabled'] = true;
        gitlab_rails['registry_api_url'] = 'http://<docker-host-ip>:5001'
        gitlab_rails['registry_key_path'] = '/certs/registry.key'
        registry_external_url 'https://gitlab-reg.example.com'
        registry_nginx['listen_port'] = 5001
        registry_nginx['listen_https'] = false
        registry_nginx['proxy_set_headers'] = {
          "X-Forwarded_Proto" => "https",
          "X-Forwarded_Ssl" => "on"
        }
    ports:
      - '8081:80'
      - '222:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
      - './certs:/certs'
    shm_size: '256m'

  registry:
    image: registry
    container_name: registry
    restart: always
    ports:
      - '5001:5000'
    volumes:
      - '$GITLAB_REG/registry:/var/lib/registry'
      - './certs:/certs'
#    environment:
#      - REGISTRY_AUTH_TOKEN_REALM=https://gl.aitribe.it/jwt/auth
#      - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
#      - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
#      - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt

  gitlab-runner:
    image: gitlab/gitlab-runner:latest
    container_name: gitlab-runner
    restart: always
    volumes:
      - /srv/gitlab-runner/config:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock

    SO MANY NOTES to use this docker-compose.yml file:

    • gitlab and gitlab registry are on different subdomains (that is not given for grant) and are behind a reverse proxy with ssl termination on the proxy (thats the reason why headers need to be set)
    • the default registry_api_url (GITLAB_REGISTRY_API_URL in the link above where configuration doesn't involve OMNIBUS) point by default to 127.0.0.1:5000: this will obviously never work on a docker gitlab installation: for this reason it must be set to the docker host ip, specifying the port;
    • for some reason I'm still trying to catch (I read it somewhere trying to find the solution bud didnt give it that much care) the container needs to be set NOT ON PORT 5000
    • if u set the env variables as suggested in the docs reported above (commented out in the yml file above), u wont be able to login to the registry via user and password anymore and u will need to generate a token in gitlab

  2. 0

    How am I supposed to login to show my containers in here?

    That should follow the "Authenticate with the Container Registry ALL TIERS" documentation, which works for self-hosted GitLab instances too.

    The message you are seeing is a general guide for accessing the Container Registry via the Docker CLI or similar tool, not through the GitLab web interface.

    In the GitLab web interface, you should be able to see the list of Docker images stored in the project’s Container Registry without additional authentication, assuming you’re already logged in to GitLab and have the appropriate permissions for the project.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search