The documentation is available on RTFD!

Admiral is a Docker Registry administration and authentication system. It is under development and is aiming to be a real production tool.

It works on 2 ways:

• The first is that Docker Registry is sending events to Admiral, so it can store them in database in order to make an audit of the registry.
• The second is that Docker Registry calls Admiral to authenticate actions in order to restrict pulls and pushes to autorized user only.

Admiral can synchronize itself with an existing registry using synchronize job described below.

Actually, when you create a new user, the associated namespace is created. This namespace is private and personal: only the owner can push and pull on/from it.

• Existing registry synchronization
• Auto-update images and tags lists by listening to registry events
• Authenticated calls
• Private and personal namespaces
• Image deletion
• Public images

Features:

• Team management
• Quota management

Side projects:

• API documentation
• CLI
• Web UI

You can create a basic stack using the given docker-compose.yml file containing:

• Admiral
• Docker Registry
• Postgres

Just run the docker-compose up command at the root of the project. Note that you can get the Admiral CLI to make the further steps easier.

With curl:

curl -XPUT -d '{"username":"test","password":"test"}' localhost:3000/v1/users

Or with the CLI:

admiral-cli user create test test

docker login localhost:5000
Login Succeeded

The configuration file of the Admiral daemon is really easy.

debug = true # Enable debug mode

address = "127.0.0.1" # Admiral API listening address
port = 3000 # Admiral API listening port

[auth]
issuer = "pepito" # Registry auth issuer, must be the same as the registry configuration
token-expiration = 5 # Token expiration time in minutes
certificate = "/certs/server.crt" # Certiciate path
private-key = "/certs/server.key" # Certificate private key path

[database]
host = "localhost" # Database host
port = 5432 # Database port
user = "admiral" # Database user
password = "admiral" # Database password
name = "admiral" # Database name

[registry]
address = "http://localhost" # Docker Registry address
port = 5000 # Docker Registry port

In your /etc/docker/registry/config.yml, please add the following notification endpoint:

auth:
  token:
    realm: http://localhost:3000/v1/token
    service: registry
    issuer: pepito
    rootcertbundle: /certs/server.crt

In your /etc/docker/registry/config.yml, please add the following notification endpoint:

notifications:
  endpoints:
  - name: admiral
    disabled: false
    url: http://admiral_host:3000/events
    timeout: 500ms
    threshold: 5
    backoff: 5s

For more information about notifications, please check the official Docker documentation: https://docs.docker.com/registry/configuration/#/notifications

Admiral can run several jobs (more than just launch the API). To list them, just run the admiral job list. Here are some details.

Admiral can run a set of jobs (in addition of the default daemon behavior). Admiral can synchronize itself with the Docker Registry by getting and parsing the catalog, inserting non-existing namespaces and images into the database. Just run the synchronize job:

admiral job run synchronize

This project contains several tests for different packages. If you want to contribute, and in order to be sure that your changes do not impact the project behavior, you can run tests using this command at the root of the project:

go test ./...