move docker image to registry.labs.nic.cz
Docker image for knot-resolver should be moved to our own upstream registry. The effect for end users would be to switch the image name from cznic/knot-resolver
to something like registry.labs.nic.cz/knot/knot-resolver
The issues with current setup in docker hub:
- after their recent "update", automated build require administrative access to source code repository
This service account should have access to any repositories to be built, and must have administrative access to the source code repositories so it can manage deploy keys. (source: https://docs.docker.com/docker-hub/builds/#service-users-for-team-autobuilds )
I have no idea what is "managing deploy keys" and why an administrative access to make a build from publicly pushed branch / tag would even be required in the first place.
- providing docker hub with unneeded privileges goes against good security practices and ends up as one would expect (https://news.ycombinator.com/item?id=19763413)
Since we already have our own registry and CI/CD infrastructure, I think we should take advantage of it and use it for docker image builds for both latest master branch and tagged versions.
This would fix the currently broken automation of image builds and also simplify the entire process (using docker hub requires github, so we need to mirror there first, then build an image from there...)
@dsalzman Do you think this would make sense for Knot DNS image as well?