Update external container registry instructions

963f44f8 · Wei-Meng Lee · Achilleas Pipinellis · 5290f535 · 963f44f8
Commit 963f44f8 authored Dec 02, 2019 by Wei-Meng Lee Committed by Achilleas Pipinellis Dec 02, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 13 deletions

doc/administration/packages/container_registry.md doc/administration/packages/container_registry.md +26 -13

No files found.
--- a/doc/administration/packages/container_registry.md
+++ b/doc/administration/packages/container_registry.md
@@ -457,36 +457,40 @@ If Registry is enabled in your GitLab instance, but you don't need it for your
 project, you can disable it from your project's settings. Read the user guide
 on how to achieve that.

-## Disable Container Registry but use GitLab as an auth endpoint
+## Use an external container registry with GitLab as an auth endpoint

 **Omnibus GitLab**

-You can use GitLab as an auth endpoint and use a non-bundled Container Registry.
+You can use GitLab as an auth endpoint with an external container registry.

 1. Open `/etc/gitlab/gitlab.rb` and set necessary configurations:

   ```ruby
   gitlab_rails['registry_enabled'] = true
-   gitlab_rails['registry_host'] = "registry.gitlab.example.com"
-   gitlab_rails['registry_port'] = "5005"
   gitlab_rails['registry_api_url'] = "http://localhost:5000"
-   gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
   gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
   ```

-1. A certificate keypair is required for GitLab and the Container Registry to
-   communicate securely.  By default Omnibus GitLab will generate one keypair,
-   which is saved to `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key`.
-   When using a non-bundled Container Registry, you will need to supply a
-   custom certificate key. To do that, add the following to
-   `/etc/gitlab/gitlab.rb`
+   NOTE: **Note:**
+   `gitlab_rails['registry_enabled'] = true` is needed to enable GitLab's
+   Container Registry features and authentication endpoint. GitLab's bundled
+   Container Registry service will not be started even with this enabled.
+
+1. A certificate-key pair is required for GitLab and the external container
+   registry to communicate securely. You will need to create a certificate-key
+   pair, configuring the external container registry with the public
+   certificate and configuring GitLab with the private key. To do that, add
+   the following to `/etc/gitlab/gitlab.rb`:

   ```ruby
-   gitlab_rails['registry_key_path'] = "/custom/path/to/registry-key.key"
   # registry['internal_key'] should contain the contents of the custom key
   # file. Line breaks in the key file should be marked using `\n` character
   # Example:
   registry['internal_key'] = "---BEGIN RSA PRIVATE KEY---\nMIIEpQIBAA\n"
+
+   # Optionally define a custom file for Omnibus GitLab to write the contents
+   # of registry['internal_key'] to.
+   gitlab_rails['registry_key_path'] = "/custom/path/to/registry-key.key"
   ```

   NOTE: **Note:**
@@ -496,7 +500,16 @@ You can use GitLab as an auth endpoint and use a non-bundled Container Registry.
   `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key` and will populate
   it.

-1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
+1. To change the container registry URL displayed in the GitLab Container
+   Registry pages, set the following configurations:
+
+   ```ruby
+   gitlab_rails['registry_host'] = "registry.gitlab.example.com"
+   gitlab_rails['registry_port'] = "5005"
+   ```
+
+1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure)
+   for the changes to take effect.

 **Installations from source**