I want to create a private docker registry in my k8s environment. According to the documentation of the docker registry, it supports a url prefix.
However, according to the docker API specification, all URLs start with /, indicating they do not support a URL prefix.
I have a container registry instance with the prefix /registry/. I tag an image as test.com/registry/hello-world:latest. When I do docker push, my router log show the request is send to /v2/registry/hello-world.
Is there anything I can do to make the docker engine to recognise the URL prefix?
The registry indeed has support for a prefix, but neither docker login nor docker push support it.
Though, I have no idea why it exists.
I know Container Registries that can manage multiple registries (like Artifactory), that require you put a reverse proxy in front that is mapping domain names to url paths before forwarded it to the registry.
Though, I have no idea why this would make sense with the registry.
Would docker push consider supporting a URL prefix in the future? I think it would be very nice. Not all companies can afford to create a separate domain for each of their container registries.
I would probably open the issue in moby, as it would require changes on the docker api, the backend and the cli.
Why would a company need to pay for individual subdomains for their domain(s)? Most companies I work with do not even expose their registries to the internet - usually they are only reachable within private corporate networks, where they have full control about domain names and certificates. Though, none of them uses the open source registry.
The prefix is not for what you think. You could use a proxy server and forward the request to the registry
You canât include it in the name of the image tag.
As @meyay pointed out, you donât need a whole new domain. I agree that creating a subdomain should be possible, but even if it isnât, you can change the port instead of the name of the image:
Using a subdomain would be more user friendly, but using a port internally shouldnât be a problem either unless company policy allows only port 443 to be open. My registry ran that way for years before I configured a proxy, but even I can configure a subdomain for free and Iâm not a company
Does he mean both docker push https://myregistry/hell-world and docker push https://myregistry/something/hell-world should be possible or something else? I am quite confused.
My registry is deployed in k8s, and I have an Istio ingress gateway. Currently, I simply match a URL prefix and reroute requests to the registry pod. But since docker push ignores the prefix, that match rule is ineffective.
No, I donât have that (I tried to find it yesterday) but it wouldnât help you. As I tried to explain in my previous post it is not what you need if your propblem is using another domain or subdomain. I can still give you some idea at the end of this comment.
No. That post was about the final API call not the name of your image which canât be changed. It is your domain name or IP address, optionally the por tnumber and the rest of it is the path of the repository in the registry. You canât prefix it without changing the name of the image in the registry.
You could still configure the ingress to handle one more subdomain, but letâs say it is really not possible. Donât configure a registry prefix but use its already existing path to configure the ingress. For example while I was reading your message, I started to remember what I did in my proxy. I wanted to use the same domain for the webinterface of âPortusâ docker registry (discontinued) and the registry itself. By default it required to use a different port for the registry. So I configured my proxy to forward all requests to the registry when the path started with â/v2â. Assuming you donât have any other service that has a similar path, it should work. You should also check the logs (client and server) if it doesnât work and find out what path is still not handled by the ingress. If you have other services started with â/v2â, you can try to write a more complex rule. I donât use istio, but I guess a regex could also help:
