1.5 KiB

Raw Permalink Blame History

Contaminate

Contaminate is a caching proxy masquerading as Docker registry. It can modify Docker images and manifests on the fly, for those who need a little more mutability in their immutable infrastructure.

Configuration

Contaminate can be configured with a contaminate.yml file, or via specific environment variables which can override configuration values.

YAML Keys

Name	Env Variable	Default Value	Notes
`layers_dir`	`CT_layers_dir`	`./layers.d`	A directory containing the layers to override on images passing through Contaminate.
`registry`	`CT_registry`	https://registry-1.docker.io	A Registry HTTP V2 compliant URL, reachable by Contaminate.

Environment Variables

Name	Default Value	Notes
`RUST_LOG`	`warn`	Log level for Contaminate logs to be printed
`RUST_BACKTRACE`	`0`	Print full stack traces when errors occur

Hacking

Ensure that your local Docker daemon can access your Contaminate instance without requiring HTTPs:

/etc/sysconfig/docker

DOCKER_OPTS="--insecure-registry=localhost:5000 --insecure-registry=localhost:9090"

Running a local Docker registry to contaminate:

docker run --rm -ti -e REGISTRY_HTTP_SECRET=secret -p 5000:5000 registry:2

Pull some upstream images and push them into your registry

docker pull alpine:latest
docker tag alpine:latest localhost:5000/library/alpine:latest
docker push localhost:5000/library/alpine:latest

Last updated 2024-04-29 15:10:34 UTC

</html>