-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow docker-client to use its own authentication (docker login), if present, otherwise use configured registry auth #61
Comments
I'm very confused. Interested in your use-case though, what is the actual difference between a and b? |
We are a very large Org, with users having private Docker.io Repos, where they need their own key. Without this change, an invidual key would get overwritten by the one specified in docker.auth.map and they could not access their images no more... |
We use your proxy in front of a GKE Cluster, serving ~1600 Jenkins Instances |
Ok, so the case is something along these lines:
|
docker-registry-proxy should only inject it's configured auth if the client didn't already include it With this, users using only public images do not need to specify a pull secret in their Pod Spec. The trick to make this work on GKE is a daemonset modifying the dockerd settings to use the proxy. |
I have exactly the same need as @peterhaaf. Would love to have it merged in. Thank you. |
I was looking for a proxy with caching of container images, stumbled upon your repo, and I was about to say "hey +1, I have the same need for passthrough authentication here" but then figured out that I just needed to remove the authentication from each of my pods' spec and use it to set up the proxy instead 😂 And this should not affect the overall security of my cluster. Will try this out soon :) Thanks @rpardini for this tool! 🙏 |
@rpardini: You have a donation paypal, ETH, or Amazon wishlist? Your work is super helpful. |
I believe this should be a configurable feature instead of default behavior. I have a better use case: By default |
This feature request is implemented in PR #78 if you set the env var |
I have a similar need. We want a pull cache registry with internet access and set no authentication information (as we don't have authentication information of everyone) in our DMZ, and each person uses their own authentication information. |
Hi,
i need to have both options: for auth.docker.io
a.) a paid team key
b. ) the option for pull secrets in K8s to give users the possibility to access their private repos.
Out of the Box, this did not work. So i changed
Add the authentication info, if the map matched the target domain.
to
if ( $http_authorization = "" ) {
set $myfinalAuth $finalAuth;
}
if ( $http_authorization != "" ) {
set $myfinalAuth $http_authorization;
}
Hope this helps others as well
Peter
The text was updated successfully, but these errors were encountered: