From 1ca1e20c7c750ebb634e6b3871abf0a9451ec693 Mon Sep 17 00:00:00 2001 From: Jan Nidzwetzki Date: Wed, 25 Dec 2019 20:37:40 +0100 Subject: [PATCH 1/4] Renamed documentation file --- docs/{credential-helpers.md => private-registries.md} | 0 mkdocs.yml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename docs/{credential-helpers.md => private-registries.md} (100%) diff --git a/docs/credential-helpers.md b/docs/private-registries.md similarity index 100% rename from docs/credential-helpers.md rename to docs/private-registries.md diff --git a/mkdocs.yml b/mkdocs.yml index e5e7c34..645c1cc 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -14,7 +14,7 @@ nav: - 'Arguments': 'arguments.md' - 'Notifications': 'notifications.md' - 'Container selection': 'container-selection.md' - - 'Credential helpers': 'credential-helpers.md' + - 'Private registries': 'private-registries.md' - 'Linked containers': 'linked-containers.md' - 'Remote hosts': 'remote-hosts.md' - 'Secure connections': 'secure-connections.md' From 0c3133f2d05c3d0af79f57b56945af3b85126cbc Mon Sep 17 00:00:00 2001 From: Jan Kristof Nidzwetzki Date: Wed, 25 Dec 2019 21:58:19 +0100 Subject: [PATCH 2/4] Documented private registries --- docs/private-registries.md | 54 +++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/docs/private-registries.md b/docs/private-registries.md index c86ef7c..4136c48 100644 --- a/docs/private-registries.md +++ b/docs/private-registries.md @@ -1,4 +1,56 @@ -Some private docker registries (the most prominent probably being AWS ECR) use non-standard ways of authentication. +Watchtower supports private Docker image registries. In many cases, accessing a private registry requires a valid username and password (i.e., _credentials_). In order to operate in such an environment, watchtower needs to know the credentials to access the registry. + +The credentials can be provided to watchtower in a configuration file called `config.json`. There are two ways to generate this configuration file: + +* The configuration file can be created manually. +* Call `docker login $REGISTRY_NAME` and share the resulting configuration file. + +### Create the configuration file manually +Create a new configuration file with the following syntax and a base64 encoded username and password `auth` string: +```json +{ + "auths": { + "$REGISTRY_NAME": { + "auth": "XXXXXXX" + } + } +} +``` + +`$REGISTRY_NAME` needs to be replaced by the name of your private registry (e.g., `my-private-registry.example.org`) + +The required `auth` string can be generated as follows: +```bash +echo -n 'username:password' | base64 +``` + +When the watchtower Docker container is stared, the created configuration file (`/config.json` in this example) needs to be passed to the container: +```bash +docker run [...] -v /config.json:/config.json containrrr/watchtower +``` + +### Share the Docker configuration file +To pull an image from a private registry, `docker login` needs to be called first, to get access to the registry. The provided credentials are stored in a configuration file called `/.docker/config.json`. This configuration file can be directly used by watchtower. In this case, the creation of an additional configuration file is not necessary. + +When the Docker container is started, pass the configuration file to watchtower: +```bash +docker run [...] -v /.docker/config.json:/config.json containrrr/watchtower +``` + +When creating the watchtower container via docker-compose, use the following lines: +```yaml +version: "3" +[...] +watchtower: + image: index.docker.io/containrrr/watchtower:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /.docker/config.json:/config.json +[...] +``` + +## Credential helpers +Some private Docker registries (the most prominent probably being AWS ECR) use non-standard ways of authentication. To be able to use this together with watchtower, we need to use a credential helper. To keep the image size small we've decided to not include any helpers in the watchtower image, instead we'll put the From 8f8da6a2f4fa6a297c54457a09c351695bc419ff Mon Sep 17 00:00:00 2001 From: Jan Kristof Nidzwetzki Date: Wed, 25 Dec 2019 21:59:10 +0100 Subject: [PATCH 3/4] Update private-registries.md --- docs/private-registries.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/private-registries.md b/docs/private-registries.md index 4136c48..4afbb86 100644 --- a/docs/private-registries.md +++ b/docs/private-registries.md @@ -3,21 +3,21 @@ Watchtower supports private Docker image registries. In many cases, accessing a The credentials can be provided to watchtower in a configuration file called `config.json`. There are two ways to generate this configuration file: * The configuration file can be created manually. -* Call `docker login $REGISTRY_NAME` and share the resulting configuration file. +* Call `docker login ` and share the resulting configuration file. ### Create the configuration file manually Create a new configuration file with the following syntax and a base64 encoded username and password `auth` string: ```json { "auths": { - "$REGISTRY_NAME": { + "": { "auth": "XXXXXXX" } } } ``` -`$REGISTRY_NAME` needs to be replaced by the name of your private registry (e.g., `my-private-registry.example.org`) +`` needs to be replaced by the name of your private registry (e.g., `my-private-registry.example.org`) The required `auth` string can be generated as follows: ```bash From a79845703c94aad96c89e6d5392d212eb6c2f19e Mon Sep 17 00:00:00 2001 From: Simon Aronsson Date: Thu, 26 Dec 2019 08:16:18 +0100 Subject: [PATCH 4/4] Update private-registries.md --- docs/private-registries.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/private-registries.md b/docs/private-registries.md index 4afbb86..13e7618 100644 --- a/docs/private-registries.md +++ b/docs/private-registries.md @@ -24,7 +24,7 @@ The required `auth` string can be generated as follows: echo -n 'username:password' | base64 ``` -When the watchtower Docker container is stared, the created configuration file (`/config.json` in this example) needs to be passed to the container: +When the watchtower Docker container is started, the created configuration file (`/config.json` in this example) needs to be passed to the container: ```bash docker run [...] -v /config.json:/config.json containrrr/watchtower ```