how to authenticate docker build when using private gitlab repo - docker

When running docker build on my Dockerfile, I pull the most up to date code from a private gitlab repo using a FROM gitlab statment. I am getting a access forbidden error as I have not given my credentials. How do you give your credentials so that I can pull from this private repo?

(Assuming you are talking about Gitlab Container Registry)
To be able to pull docker images from private registries, you need to first run this at the command line:
$ docker login -u $DOCKER_USER -p $DOCKER_PASS
If you are running this in a CI environment, you should set these as secret environment variables.
With Gitlab, I believe it is something along these lines:
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com
See the above linked page (search for "login") to see more examples and instructions.

Related

Pulling Docker image from private protected repository within bash script

I am trying to write a bash script to automatize the setup of a multi-containers environment.
Each container is built from images pulled from a private protected repository.
The problem is that when the script calls for docker-compose up for the first time, access to the repository is denied, like if it does not know I have properly done docker login before running the script.
If I docker pull an image manually, that very image is no longer a problem when the script tries to build its container. But when it has to docker pull on its own from a Dockerfile definition, it gets access denied.
Considering that I would like this script to be portable to other devs' environments, how can I get it to be able to access the repository using the credentials each dev will have already set on its computer with docker login?
You can do something like:
#!/bin/bash
cat ~/pwd.txt | docker login <servername> -u <username> --password-stdin
docker pull
This reads the password from pwd.txt and logs in to the specified server.
In case you have multiple servers you want to log in you can try:
#!/bin/bash
serverlist="server1.com server2.com"
for server in $serverlist; do
cat ~/${server}_pwd.txt | docker login $server -u <username> --password-stdin
done
docker pull
This reads the passwords from files like server1.com_pwd.txt.

docker-compose pull fails but docker pull works with docker-credential-gcr

I'm working on google container optimised OS (COS) trying to pull an image from Google Container Registry using docker-compose. I completed the the authentication using docker-credential-gcr.
Now
docker pull gcr.io/projectname/nextjs works
however
> docker-compose pull
Pulling nextjs ... error
ERROR: for nextjs unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials.
the problem was that the docker-compose alias did not support the gcr authentication.
The following steps fixed it.
Delete ~/.docker/config.json
change the alias in .bashrc to:
alias docker-compose='docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD:$PWD" -w="$PWD" cryptopants/docker-compose-gcr'
docker pull cryptopants/docker-compose-gcr
docker-credential-gcr configure-docker
docker-compose pull works

singularity and github package registry

How to pull a docker image from github registry using singularity?
Usually with docker you have to generate a token and run sth similar to:
docker pull docker.pkg.github.com/{etc}/{etc}/{etc} --username {mygithubusername} --password {generatedtoken}
However,
singularity pull docker://docker.pkg.github.com/{etc}/{etc}/{etc} --username {mygithubusername} --password {generatedtoken}
produces: Error for command "pull": accepts between 1 and 2 arg(s), received 5
For private registries, you can either authenticate interactively:
singularity pull --docker-login docker://docker.pkg.github.com/{etc}/{etc}/{etc}
Enter Docker Username: mygithubusername
Enter Docker Password:
Or via env variables (useful for CI):
export SINGULARITY_DOCKER_USERNAME=mygithubusername
export SINGULARITY_DOCKER_PASSWORD=generatedtoken
singularity pull docker://docker.pkg.github.com/{etc}/{etc}/{etc}
See the documentation for additional details.

Azure Container Registry: got "Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"

I have created Azure Container Registry
I am able to push an image from local to Azure container Registry.
I can pull or run any docker commands it always gives me the error saying
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
I am new to Azure, please is something i need to install or enable for docker
when I ran docker--version it is showing the version perfectly
I got this error because used 'Azure Cloud Shell' that doesn't support running the docker daemon.
To fix it need to run CMD or Power Shell and execute commands:
# az login
az acr login -n your_registry_name.azurecr.io
docker pull your_registry_name.azurecr.io/company_name/service_image:version
For building and pushing image to Azure, you should user 'acr' command instead of 'docker'.
Follow these steps to build and push docker image to Azure Container Registry -
Open Azure Cloud Shell
Get necessary files
git clone https://github.com/tsrana/spring-boot-db2.git ,
cd spring-boot-db2
Create a Resource Group
az group create --name Docker_RG --location eastus
Create Container Registry
az acr create --resource-group Docker_RG --name tsrContainerRegistry --sku Basic
Build image and push to registry
az acr build --image tsr/hello-worldspring-boot-db2:v1 --registry tsrContainerRegistry --file Dockerfile

docker stack deploy from private repo

Does anyone know how to specify username / password for pulling images from a private registry during a docker stack deploy? I want to be able to do this in one command:
docker stack deploy --compose-file docker-compose.yml --username <user> --password <pass> mystack
Without this, I first have to do a
docker login -u <user> -p <pass> <registry-url>
Can this be done in one command?
This worked for me, I had a private repo on dockerhub
docker login -u <<UserName>> -p <<Password>>
registry.hub.docker.com/<<Repo_Name>>
&& docker stack deploy -c docker-swarm.yml mystack --with-registry-auth
The key is to pass Username Password along with registry name and then followed it up with this flag --with-registry-auth
Here is the link which provides step by step information.
I think it cannot do it in one command typically, but you can configure private registry for clients with specific ip without authentication if you insist.
Or you can just do it in different commands but one line:
$ docker login -u <user> -p <pass> <registry-url> && docker stack deploy --compose-file docker-compose.yml mystack
The issue Use SSH pub key in order to allow access to a repository #531 address the ability to connect to an repository using SSH and keys. It's a best way to mantain security and privacity.
But you can create a read only user to perform that. If you automate the process, you can recreate de user, or change password, by the way, you can choose any turn around to solve that.

Resources