I want to create a private docker registry in my k8s environment. According to the documentation of the docker registry, it supports a url prefix.
However, according to the docker API specification, all URLs start with /, indicating they do not support a URL prefix.
I have a container registry instance with the prefix /registry/. I tag an image as test.com/registry/hello-world:latest. When I do docker push, my router log show the request is send to /v2/registry/hello-world.
Is there anything I can do to make the docker engine to recognise the URL prefix?
The registry indeed has support for a prefix, but neither docker login nor docker push support it.
Though, I have no idea why it exists.
I know Container Registries that can manage multiple registries (like Artifactory), that require you put a reverse proxy in front that is mapping domain names to url paths before forwarded it to the registry.
Though, I have no idea why this would make sense with the registry.
I would probably open the issue in moby, as it would require changes on the docker api, the backend and the cli.
Why would a company need to pay for individual subdomains for their domain(s)? Most companies I work with do not even expose their registries to the internet - usually they are only reachable within private corporate networks, where they have full control about domain names and certificates. Though, none of them uses the open source registry.
Using a subdomain would be more user friendly, but using a port internally shouldn’t be a problem either unless company policy allows only port 443 to be open. My registry ran that way for years before I configured a proxy, but even I can configure a subdomain for free and I’m not a company
Does he mean both docker push https://myregistry/hell-world and docker push https://myregistry/something/hell-world should be possible or something else? I am quite confused.
My registry is deployed in k8s, and I have an Istio ingress gateway. Currently, I simply match a URL prefix and reroute requests to the registry pod. But since docker push ignores the prefix, that match rule is ineffective.
No, I don’t have that (I tried to find it yesterday) but it wouldn’t help you. As I tried to explain in my previous post it is not what you need if your propblem is using another domain or subdomain. I can still give you some idea at the end of this comment.
No. That post was about the final API call not the name of your image which can’t be changed. It is your domain name or IP address, optionally the por tnumber and the rest of it is the path of the repository in the registry. You can’t prefix it without changing the name of the image in the registry.
You could still configure the ingress to handle one more subdomain, but let’s say it is really not possible. Don’t configure a registry prefix but use its already existing path to configure the ingress. For example while I was reading your message, I started to remember what I did in my proxy. I wanted to use the same domain for the webinterface of “Portus” docker registry (discontinued) and the registry itself. By default it required to use a different port for the registry. So I configured my proxy to forward all requests to the registry when the path started with “/v2”. Assuming you don’t have any other service that has a similar path, it should work. You should also check the logs (client and server) if it doesn’t work and find out what path is still not handled by the ingress. If you have other services started with “/v2”, you can try to write a more complex rule. I don’t use istio, but I guess a regex could also help: