+- Hilscher Community Forum (https://forum.hilscher.com)
+-- Forum: netPI 3 - Docker featuring Industrial Raspberry Pi 3 platform (https://forum.hilscher.com/forum-1.html)
+--- Forum: Software (https://forum.hilscher.com/forum-5.html)
+--- Thread: [SOLVED] Authenticate against Docker Registry (/thread-215.html)
Pages:
1
2
[SOLVED] Authenticate against Docker Registry - PBulach - March-8th-2018
Hello,
How is it possible to authenticate to a Docker Repository to get Container which are just visible with view rights?
At Portainer.io Demo it is possible on the portainer.io web interface but the menu item is missing on the NetPi - Could it happen because of the not actual portainer.io version?
With Best Regards
PBulach
Answer - Armin@netPI - March-8th-2018
Hello,
yes it is correct that the current used portainer.io version on netPI does not offer every service the underlying Docker is providing. So Docker has more functions you could use if the netPI system software would include and offer the latest portainer.io version.
We have recognized from other users the same requirement to upgrade to a newer version of portainer.io. netPI includes portainer.io in the version 1.12.4 today, the latest version is 1.16.3. They improved portainer.io a lot indeed. I will come back with informations soon, when there is a schedule for using a later version.
Thx
Armin
Answer - maiorfi - April-1st-2018
Hi. Any news about portainer update? Being able to pull/push images from/to provate registries would be really, really useful.
Thanks!
Answer - Armin@netPI - April-1st-2018
I am sorry to say that the work on integrating the latest version of portainer.io is more work than expected. Since version 1.13.x > LDAP was becoming integrate part of portainer user and password managment. This means to support latest version, we need an LDAP server running on netPI which is taking care of those settings.
But of course it can easily be understood that in this case also the standard user and password management of netPI will be converted by us to LDAP to have a common management over all software components. I do not expect a solution before mid of this year.
Answer - maiorfi - April-2nd-2018
What about, meanwhile, making it possible to use an external portainer (or a container based portainer?) to admin netPI's docker?
Is there any alternative way to use an authenticated docker registry?
Thanks!
Answer - Armin@netPI - April-4th-2018
Dear Maiorfi,
I still owe you an answer and maybe I can help out. Since overall integration of portainer.io into the whole netPI structure still needs time, I triggered in our development center a package that you can install over netPI web manager that installs a stand-alone version of the latest portainer.io version separately. This works fully independent of the already integrated version and runs in parallel. Of course since it is running autonomously, if has its own user and role management.
I will keep you informed when I got it.
Answer - maiorfi - April-4th-2018
Great! Thanks, Armin!
Answer - Armin@netPI - April-4th-2018
Another good news is that we scheduled now the implementation of PKI certificate handling in all our Edge Gateways. Since all gateways are based on the same Yocto Linux and web GUI Edge Gateway manager, also the netPI software will partificate from this development. The bad news that the development will take up to 12 weeks since other developments needs to be done before.
Answer - adeeljsid - July-10th-2018
@Armin
Any updates on this issue? When is the rolling out of the new netpi firmware expected that contains latest portainer features.
Answer - Armin@netPI - July-10th-2018
Hello,
today we have released the version V1.1.3.0RC3 of netPI firmware, that allows you to upload (own) certificates of trusted CA's in netPI's Security/PKI management page.
With this step it is possible now for everybody to load images no longer from Docker Hub registry only, but from own registry servers reporting certificates signed by this own trusted CA as well, once you uploaded the trusted root certificate of this CA to netPI.
Best example I described today is letting an ordinary Raspberry Pi be your registry server in your accessible network: https://www.netiot.com/de/forum/?tx_typo3forum_pi1%5Btopic%5D=147&tx_typo3forum_pi1%5Baction%5D=show&tx_typo3forum_pi1%5Bcontroller%5D=Topic&cHash=2629b3d5fef61df22dbda6df33e7f874
This is the first step to support/host personal trusted registry servers in accordance with the offical docker documentation here: https://docs.docker.com/v17.09/registry/deploying/. Using a self signed certificate is good enough method for securing your Docker Registry.