Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jtblin/docker-auth

Docker auth token server: https://docs.docker.com/registry/spec/auth/token/
https://github.com/jtblin/docker-auth

Last synced: 19 days ago
JSON representation

Docker auth token server: https://docs.docker.com/registry/spec/auth/token/

Host: GitHub
URL: https://github.com/jtblin/docker-auth
Owner: jtblin
License: other
Created: 2015-12-13T19:54:11.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2015-12-28T11:59:08.000Z (about 9 years ago)
Last Synced: 2024-10-28T09:07:01.640Z (2 months ago)
Language: Go
Size: 25.4 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # docker-auth

***WARNING: experimental***

Docker auth token service provides authentication and authorization pluggable backends

for [docker registry token auth](https://docs.docker.com/registry/spec/auth/token/).

## Authentication plugins

* Dummy

* LDAP

## Authorization plugins

* Dummy

## Usage

    docker run --rm -it -p 5001:5001 -v `pwd`/dev/certs:/etc/ssl/certs:ro -v `pwd`/examples/ldap.private.ini:/etc/docker-auth/ldap.ini:ro \

    		-v $(HOME)/.password:/etc/docker-auth/.ldap_password:ro $(IMAGE_NAME):$(GIT_HASH) --audience=$(REGISTRY_DOMAIN) \

    		--issuer=$(REGISTRY_DOMAIN) --public-key-file=/etc/ssl/certs/public.pem --signing-key-file=/etc/ssl/certs/private.pem --verbose \

    		--authn-backend=ldap --authn-config-file=/etc/docker-auth/ldap.ini

### Config

##### LDAP

```ini

[global]

host = ldap.example.com

port = 389

tls = false

base = dc=example,dc=com

attribute = sn

attribute = givenName

attribute = mail

attribute = uid

[bind]

dn = uid=readonlyuser,ou=People,dc=example,dc=com

passwordFile = /Users/username/.pwd

[filter]

user = (uid=%s)

groups = (memberUid=%s)

```

# Development    

Run locally:

    make run

## Docker environment setup (Mac)

Requirements: `docker-machine`. Create a VM called `buildstep` or change the `MACHINE_NAME` in Makefile.

You need to point to the DNS name of your local registry to your `docker-machine` VM on Mac OSX 

or `localhost` on linux, and add the ca certificate for the docker daemon 

or tell docker to use insecure registry for this domain in docker daemon options.

    make docker-setup

## Run

Run in docker with a registry

    make run-docker

    docker login docker-registry.default.svc.cluster.local:30500

## Kubernetes

You pretty much need to follow the same step as docker (see [Makefile](./Makefile)) 

but instead of pointing `/etc/hosts` to localhost, point in to your k8s cluster. 

For [kube-solo](https://github.com/TheNewNormal/kube-solo-osx), I use _192.168.64.2_.

    make secrets

    kubectl create -f build/docker-auth-k8s.yaml

# Contributions

PR welcome!

Hack away. Make sure you run the following before submitting a PR:

        make setup

        make test