Skip to content

Recommend running the container registry with auth enabled

David Fernandez requested to merge 10io-update-registry-auth-enabled into main

What does this merge request do and why?

https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/registry.md presents the auth_enabled option with the false value.

The problem is that this could be interpreted that auth_enabled: false is the "go-to" road.

That is not the case:

  • The default value of auth_enabled should be true.
  • auth_enabled: false can bring pretty deep bugs and UI issues. These are already documented.
  • auth_enabled: false is not a realistic production setting. It allows pushing tags without any authentication (eg. push tags anonymously).
    • Obviously, this will not be used in any production facing set up.

Example of such confusion that the documentation can bring.

How to set up and validate locally

Follow https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/registry.md#push-the-image-to-the-local-registry.

  • With auth_enabled: true, $ docker login is required.
  • With auth_enabled: false, $ docker login becomes optional.

Impacted categories

The following categories relate to this merge request:

Merge request checklist

  • This change is backward compatible. If not, please include steps to communicate to our users.
  • Tests added for new functionality. If not, please raise an issue to follow-up.
  • Documentation added/updated, if needed.
  • Announcement added, if change is notable.
  • gdk doctor test added, if needed.
  • Add the ~highlight label if this MR should be included in the CHANGELOG.md.
Edited by David Fernandez

Merge request reports

Loading