faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-22 06:43:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f842e7f1f40c5505e9562a0efad8ddce0ee01754
faas/docs/managing-images.md
Sebastien Guilloux 9e711b3b5d Handle private docker registry auth 
This adds support for private docker registries, by adding
an optional `registryAuth` field in the CreateFunctionRequest.
Auth must be passed as base64-encoded basic auth, similar to
how done in Docker file store credentials (~/.docker/config.json).
Credentials are then passed to swarm at service creation.
2017-05-30 17:10:34 +01:00

87 lines
2.7 KiB
Markdown
Raw Blame History

# Managing images
## Using private Docker registries
FaaS supports running functions from Docker images in private Docker registries.
The registry credentials can be passed on function deployment, and are then handled by Swarm for image polling.
### Deploy functions with private registries credentials
A `POST` request on `/system/function` allows you to specify private registry credentials, as a base64-encoded basic auth (user:password).
```
curl -XPOST /system/functions -d {
"service": "functionName",
"image": "privateregistry.domain.com/user/function",
"envProcess": "/usr/bin/myprocess",
"network": "func_functions",
"registryAuth": "dXNlcjpwYXNzd29yZA=="
}
```
Base64-encoded basic auth can be resolved using your registry username and password:
````
echo -n "user:password" | base64
````
You can also find it in your `~/.docker/config.json` Docker credentials store, as a result of the `docker login` command:
```
cat ~/.docker/config.json
{
"auths": {
"privateregistry.domain.com": {
"auth": "dXNlcjpwYXNzd29yZA=="
}
}
}
```
### Deploy your own private Docker registry
If you wish to deploy your own private registry, you can follow [Docker official documentation](https://docs.docker.com/registry/deploying/).
A quick way to get started for a private registry with TLS and authentication
is to create a VM with port 443 open to the world (for letsencrypt registration), and a registered DNS ($YOURHOST).
Then, create these two files in the current directory:
```
# docker-compose.yml
version: '2'
services:
registry:
restart: always
image: registry:2
ports:
- 5000:5000
- 443:5000
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_HTTP_TLS_LETSENCRYPT_CACHEFILE: /letsencrypt/cache
REGISTRY_HTTP_TLS_LETSENCRYPT_EMAIL: your@email.com
volumes:
- ./data:/var/lib/registry
- ./auth:/auth
- ./letsencrypt:/letsencrypt
```
```
# auth/htpasswd (generated with `docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword`)
testuser:$2y$05$Bl9siDMe7ieQHLM8e7ifaOklKrHmXymbMqfmqXs7zssj6MMGQW4le
```
Your registry is ready to be deployed by running `docker-compose up -d`.
On the client machine, you can now login and use the newly setup registry:
```
docker pull ubuntu && docker tag ubuntu $YOURHOST/ubuntu
docker login $YOURHOST # will add encoded registry credentials to ~/.docker/config.json
Username: testuser
Password: testpassword
docker push $YOURHOST/ubuntu
```
Images pushed to this registry can be used as functions with FaaS, provided you pass the appropriate `registryAuth` parameter at deployment time.
Reference in New Issue View Git Blame Copy Permalink