We are evaluating Jfrog container registry to host our docker images and host is public ally , so that users can view them but pulling require authentication .
As i see JFROG only has list browsing[1] to expose docker images publicly. that view basically a very primitive UI.
So my questions is , Is there any proper Docker registry user interface available in Jfrog to expose them publicly ?
[1] https://www.jfrog.com/confluence/display/JCR6X/Browsing+JFrog+Container+Registry
JFrog Container Registry Package Viewer offers a package-centric UI that makes it easier to find and view the details of packages of a specific type.
The Package Viewer is available by selecting the Packages module in the left navigation bar.
The Package Viewer is initially displayed empty. To search for packages, select the type of package you are looking for from the drop list, and provide a search term. Note you can use the '?' and '*' wildcards in the same way they are used in JFrog Container Registry's Search module. The Package Viewer will display all packages that match your search term from all repositories that you have permissions to view.
For more details please refer to the below wiki page.
https://www.jfrog.com/confluence/display/JCR6X/Viewing+Packages
Related
GitHub offers two options for storing container images as I understand it: Container Registry and Packages, but I think the difference is not clear.
In a blog post, they say "With GitHub Actions, publishing to GitHub Container Registry is easy." but the given example pushes images to Packages, not Container Registry.
So, can those two platforms be used interchangeably and does one have an advantage over the other?
As already stated by tgogos the GitHub docs guide on Key differences between GitHub Container Registry and the Docker package registry tells us:
The GitHub Container Registry supersedes the existing Packages Docker
registry and is optimized to support some of the unique needs of
containers.
TLDR; The GH Container Registry will replace the Packages Docker Registry. It also focusses more on the GitHub organization level then on a single repository. So you find your container images on the account level for example - and have to link them optionally later to a repository if needed.
Additionally it features anonymous access to Docker images (see the GHCR intro post here).
I guess the reason they are migrating is that they want to cut that name 'Docker' from the registry. The reason being 'Docker' is just another technology for creating images however you can use other CRI (Container Runtime Images) like cri-o, rkt, container-D. These are CNCF active projects. And down the line, container-D might replace the Docker completely as its popularity has increased a lot over the years. AWS ECS has started using the agent based on container-D in their ECS Instances, Kubernetes has stopped supporting Docker as default CRI from v1.22.
So GitHub wants their customer to use the term 'container' (which could be anything as it is generic) rather than just 'Docker' in the future.
I'm publishing our product image to the docker hub. We created the docker hub account, organization and push our docker image to a repository. Now we specified the avatar to the docker hub account successfully. It works.
I cannot specify a logo to my docker image/repository. I see many docker images have dedicated logo. But I didn't find any place to specify the logo.
I search for the solution on the internet. But I still didn't find it. I'm not sure if we have to join the DTP(Docker Technology Partner) or put the logo file in dockerfile or other places that docker hub can get it.
I'm fairly sure this is not possible currently without becoming a Verified Publisher through the Docker Technology Partner Program.
You can see at the documentation link below that when you publish through the program you can submit a "product icon/logo."
https://docs.docker.com/docker-hub/publish/publish/#prepare-your-image-manifest-materials
Further, the Docker Hub API does not seem to expose any way to set a logo. You can see the fields exposed for the repository resource at the link below. (Can't find official documentation for this API, by the way)
https://github.com/RyanTheAllmighty/Docker-Hub-API#repositoryusername-name
Maybe a simple-to-answer Question: How can I set up a private docker reposiory and limit the Access to only a subset of the Images there that one can pull ? E.g. I have Image1 and Image2 pushed, but want to allow one Image2 being pullable by account USER1 ?
This tends to get into the commercial offerings of docker (DTR). The spec itself for the registry includes all of the capabilities for auth, and you can configure a simple htpasswd based login on the standalone registry. However for the next step up, you get into a token server which docker doesn't have an open source implementation of themselves. You could work around this limitation by deploying multiple registry servers, each with a different set of users in a htpasswd file.
There are various third party implementations of the docker registry that may include these features. In the open source space, there's a project called cesanta/docker_auth that works with docker's stand alone registry and does exactly what you're looking for. The next step up is the harbor project that should be all most organizations need from a registry, but may be more complicated and have more overhead for a small project.
I've been considering to use my own private docker registry to distribute some of my projects publicly. However, the moment you add an authentication strategy to your registry, you loose public pull access to all its images.
Is there an easy way to tell the registry some images can be anonymously pulled (not pushed, of course) - in the same way https://hub.docker.com/ works?
I've been reading through https://docs.docker.com/registry docs but so far I found nothing on the matter. I guess it's a use case covered in EE Docker Trusted Registry and not included in the community version:
DTR uses Role Based Access Control (RBAC) to allow you to implement fine-grained access control policies for who has access to your Docker images.
You can check 3rdparty Registry projects that allow fine grain access like Portus or Harbor, I use harbor and the projects set as public can be pulled anonymously
I am trying to get a list of all the official images from the Docker Store. However, I could not find any simple way to get the list. Docker CLI has a docker search command but it does not have any argument to get
a list of all the images from the Docker Store and then filter it later.
Any ideas how it could be done?
If you click the "explore" menu item at the top; https://store.docker.com/search?q=&source=verified&type=image all official images are shown. You can find non official images in the "Community (Docker Hub)" section.
From the command-line, you can search using the --filter is-official=true filter option, for example:
docker search --filter is-official=true php
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
php While designed for web development, the PH... 2210 [OK]
php-zendserver Zend Server - the integrated PHP applicati... 110 [OK]
you can use their api. the trick is replacing the _ from the public url with library: https://hub.docker.com/v2/repositories/library/
In addition to the other solutions mentioned, you can list all images under the library user from the hub page (less programmatic than the hub API mentioned by kpacha):
https://hub.docker.com/u/library/
And there's also the upstream github repo:
https://github.com/docker-library/official-images/tree/master/library