Set Docker daemon options on Azure hosted agent - docker

I'm messing around with Artifactory and have used the artififactory-pro docker container to get me up and running on an azure vm. I'm now trying to push a docker image to the docker-local repository within Artifactory. This is working locally but I had to change my local docker options to include the insecure-registry I set up.
To continue my POC further I want to be able to push to the artifactory docker repo using the MS hosted 'ubuntu-latest' agent with Azure pipelines but I believe I need to set the docker options on the agent to again allow the insecure regsitry as it's currently throwing the error:
[Error] Docker login failed for: http:/, http:.
How do I set the docker options on the MS hosted agent within my pipeline? I'm having to install .net-core 3.1 sdk during the pipeline so i'd like to think it is possible.
Thanks

As far as I know, you cannot set docker options to allow insecure regsitry on MS hosted agent. To set insecure registry, you have to modify some docker config file. But we are restricted to modify the system files of MS hosted agent for security reason, you will get access denied error if you try to do so.
The workaround is to create your own self-hosted agent on your local machine. So that you can set the insecure registry for docker daemon on local machine.
However you can also submit a feature request(click suggest a feature and choose azure devops) to Microsoft Development team. Hope they will consider implementing a feature to enable seting docker options on MS hosted agent.

Related

Deploy docker to on-premise using azure CI-CD

I have created.NetCore Application and was successfully deployed to the local PC docker container.
Now I am trying to build it from Azure DevOps and publish it to one of my servers hosted on-premise.
Now I have no idea how to host it. Also not sure what is Docker Registry Service Connection & Container Registry Type.
My DevOps server is also hosted on-premise with no docker installed on it.
I have a docker account with one private repository.
Please suggest how to continue as I am getting the below error while building the image
open //./pipe/docker_engine: The system cannot find the file specified. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.
Thanks
Deploy docker to on-premise using azure CI-CD
If you want to deploy app to the local PC docker container, you can use Self-hosted Agent(Build Pipeline and Release Pipeline) or Deployment Group(Release Pipeline).
Note: we need set the self-agent on the server where have docker installed.
Then you could try the following pipeline settings.
Here is a blog about ASP.Net Application Deployment in Docker for Windows.
You could use Command Line Task to run the docker command. In this case, you can move the local build and deploy process to azure devops

How to deploy a Docker local registry open source on windows WITH web interface AND manage users permissions?

I'm novice in docker and I would like to deploy a docker private registry on my host (Windows10 usign docker for windows) with users permissions so I used TLS to securite it according to the doc from https://docs.docker.com/registry/deploying/
I have the docker private registry deployed and to push the user must do docker login command.
Now, I would like to connect a UI to my private registry and make it read only to be able to pull and for that I tried to setup Harbor, Portus and many other examples but they are not documented for windows.
I tried to use this project https://github.com/kwk/docker-registry-frontend but same thing.
All of these projects they bind files in volumes docker run -v pathToFiles:pathToFiles:ro but in windows it is not supported.
I tries to make modification in images and put the files into them and build a new images with docker commit but the UI still not work or not connected to my server.
So, what is the best way to deploy a docker private registry with the docker registry open source in docker for windows AND manage user permissions with auth ? Should I use a reverse proxy ? but how on windows?
I'm not using docker EE.
Thank you.

Pull and push docker images without installed Docker

We need to transfer large number of docker images from Azure DevOps to private container registry (this registry does not have access to the Internet). For this matter there is proxy machine with Windows Server with Azure Cli and access to the Azure DevOps, but we are restricted with installing Docker there.
Is there a way to pull docker images from Azure DevOps and push them into another container registry without installed Docker? Perhaps there is slim version of Docker or some official script.
You can basically save it as an archive, and reload it the same way.

How to use a remote docker server from jenkins?

I got 2 servers, 1 Linux 2 AMI with Jenkins running and one RHEL with Docker running.
I would like to configure Jenkins in order to build and deploy an application on the Docker server. If I clone my repository on the Docker server, i'm running docker-compose build then docker-compose up and everything is working fine.
I find some documentation about using a remote docker server with jenkins but it doesn't work. Docker API is already open.
Strictly speaking, you can connect to a remote Docker Daemon by enabling the Remote API over TCP and using the docker client by setting the DOCKER_HOST environment variable. I would also suggest you configure encryption and authentication to have an additional layer of security and if you can restrict it to be only accessible from your Jenkins Slaves.
But as stated on the comment by David Maze, I don't think this is the best approach for deployment of containers as it carries some security risks that can compromise your servers.
I would suggest that if you are planning on running production workloads and you need a full pipeline for managing the lifecycle of your applications running on containers, you research Docker Swarm or Kubernetes as they are better alternatives suited for achieving this.

Unable to login to private docker registry from Jenkins

I am trying to use Jenkins to build and push docker images to private registry. However, while trying docker login command, I am getting this error:
http: server gave HTTP response to HTTPS client
I know that this might be happening because the private registry is not added as an insecure registry. But, how I can resolve this in CI pipeline?
Jenkins is set up on a Kubernetes cluster and I am trying to automate the deployment of an application on the cluster.
This has nothing to do with the Jenkins CI pipeline or Kubernetes. Jenkins will not be able to push your images until configure follow either of the below steps
You have two options here
1) Configure your docker client to use the secure registry over HTTPS. This will include setting up self signed certificates or getting certificates from your local certificate authority.
2) Second solution is to use your registry over an unencrypted HTTP connection.
So if you are running docker on kubernetes. You will have to configure the daemon.json file in /etc/docker/daemon.json.
PS: This file might not exist. You will have to create it.
Then add in the below content. Make sure you change the url to match your docker registry
{
"insecure-registries" : ["myregistrydomain.com:5000"]
}
Then restart docker using systemctl restart docker or etc/init.d/docker restart depending on the version of linux distro installed on your cluster
Let me know if you have any questions

Resources