
Docker registry is hard-coded and other registry is a second class citizen - tsing
https://github.com/dotcloud/docker/issues/1988
======
yebyen
While I am glad that you linked this issue, and it looks like there's no
"satisfactory resolution" from skimming to the bottom, maybe you could give us
the TL;DR? Did you post this issue because you're a Docker dev? Something you
wanted us to see, or just saving the link for posterity?

I think it looks like a flamewar, so for my benefit can you tell me what is
the behavior: (I think I have it)

1) The docker index (public registry) lives at index.docker.io. If you push an
image like "yebyen/foo" then you need to log in as "yebyen" and you're making
yebyen/foo public.

2) The docker-registry project, when you deploy it, takes up port 8080 by
default. If you push an image like "registry:8080/bar" or "my.registry/bar"
the dot or the colon are detected before the slash, which are not valid parts
of a username on the public index, so you push to that registry (your
registry, or your organization's registry server ostensibly.) These
connections are unauthenticated.

Is that about the state of things? Where is the confusion?

~~~
tsing
you are right. My confusion is that adding URL prefix is not convenient.

~~~
yebyen
yeah, that seems to be the thread here...

git has this concept of "remotes" which can be defined per project, but Docker
has no such concept of a remote or even of a project. You have a Dockerfile
and you have an image.

To be fair, there should be some kind of an "enterprisey" caching proxy that
enables IT departments to act as a supervisor or man-in-the-middle, blessing
some trusted images and forbidding the downloading of others, holding any
pushes in a queue for "public release approval."

The docker-registry open source tool is rudimentary. I think there will
certainly be alternatives to index.docker.io, and eventually even a
configuration directive to select a different image host as the default.

