2020-01-23 05:44:25 +00:00
|
|
|
= Contaminate
|
2019-10-20 18:12:37 +00:00
|
|
|
|
2020-02-01 11:54:18 +00:00
|
|
|
Contaminate is a caching proxy masquerading as Docker registry. It can modify
|
2020-09-12 17:34:46 +00:00
|
|
|
Docker images and manifests on the fly, for those who need a little more
|
|
|
|
mutability in their immutable infrastructure.
|
2019-10-20 18:12:37 +00:00
|
|
|
|
|
|
|
|
2020-02-01 11:54:18 +00:00
|
|
|
== Configuration
|
2019-10-20 18:12:37 +00:00
|
|
|
|
2020-02-01 11:54:18 +00:00
|
|
|
Contaminate can be configured with a `contaminate.yml` file, or via specific
|
|
|
|
environment variables which can override configuration values.
|
|
|
|
|
|
|
|
=== YAML Keys
|
|
|
|
|
|
|
|
[cols="^1,<.^4,^1,^1"]
|
2019-10-20 18:12:37 +00:00
|
|
|
|===
|
|
|
|
.^| Name
|
2020-09-12 17:34:46 +00:00
|
|
|
.^| Env Variable
|
2019-10-20 18:12:37 +00:00
|
|
|
.^| Default Value
|
|
|
|
.^| Notes
|
|
|
|
|
2020-02-01 11:54:18 +00:00
|
|
|
| `layers_dir`
|
2020-09-12 17:34:46 +00:00
|
|
|
| `CT_layers_dir`
|
2019-10-20 18:12:37 +00:00
|
|
|
| `./layers.d`
|
2020-02-01 11:54:18 +00:00
|
|
|
| A directory containing the layers to override on images passing through Contaminate.
|
|
|
|
|
|
|
|
| `registry`
|
2020-09-12 17:34:46 +00:00
|
|
|
| `CT_registry`
|
2020-02-01 11:54:18 +00:00
|
|
|
| https://registry-1.docker.io
|
|
|
|
| A Registry HTTP V2 compliant URL, reachable by Contaminate.
|
|
|
|
|
|
|
|
|===
|
|
|
|
|
|
|
|
=== Environment Variables
|
2019-10-20 18:12:37 +00:00
|
|
|
|
2020-09-12 17:35:32 +00:00
|
|
|
[cols="^1,<.^4,^1"]
|
2020-02-01 11:54:18 +00:00
|
|
|
|===
|
|
|
|
.^| Name
|
|
|
|
.^| Default Value
|
|
|
|
.^| Notes
|
|
|
|
|
|
|
|
|
|
|
|
| `RUST_LOG`
|
|
|
|
| `warn`
|
|
|
|
| Log level for Contaminate logs to be printed
|
|
|
|
|
2020-09-12 17:34:46 +00:00
|
|
|
| `RUST_BACKTRACE`
|
|
|
|
| `0`
|
|
|
|
| Print full stack traces when errors occur
|
2019-10-20 18:12:37 +00:00
|
|
|
|
|
|
|
|===
|
2020-02-01 16:40:53 +00:00
|
|
|
|
|
|
|
== Hacking
|
|
|
|
|
|
|
|
Ensure that your local Docker daemon can access your Contaminate instance
|
|
|
|
without requiring HTTPs:
|
|
|
|
|
|
|
|
./etc/sysconfig/docker
|
|
|
|
[source, sh]
|
|
|
|
----
|
|
|
|
DOCKER_OPTS="--insecure-registry=localhost:5000 --insecure-registry=localhost:9090"
|
|
|
|
----
|
|
|
|
|
|
|
|
Running a local Docker registry to contaminate:
|
|
|
|
|
|
|
|
[source, sh]
|
|
|
|
----
|
|
|
|
docker run --rm -ti -e REGISTRY_HTTP_SECRET=secret -p 5000:5000 registry:2
|
|
|
|
----
|
2020-09-12 17:34:46 +00:00
|
|
|
|
|
|
|
Pull some upstream images and push them into your registry
|
|
|
|
|
|
|
|
[source,sh]
|
|
|
|
----
|
|
|
|
docker pull alpine:latest
|
|
|
|
docker tag alpine:latest localhost:5000/library/alpine:latest
|
|
|
|
docker push localhost:5000/library/alpine:latest
|
|
|
|
----
|