feat(mirror): add support for DOCKER_REGISTRY_MIRROR_USER/PASSWORD vars (76c9d169) · Commits · to be continuous... / Docker

README.md

+14 −0

Original line number	Diff line number	Diff line
		@@ -136,6 +136,16 @@ If you use different registries for snapshot and release images, you shall u
		\| :lock: `DOCKER_REGISTRY_RELEASE_USER` \| Docker registry username for release image registry \|
		\| :lock: `DOCKER_REGISTRY_RELEASE_PASSWORD` \| Docker registry password for release image registry \|

		#### Using a registry mirror during image builds

		You can provide a URL for a mirror registry of `https://index.docker.io` for use during image builds (:warning: `kaniko` and `dind` options only), and optionally with credentials for the mirror, using the following variables:

		\| Input / Variable \| Description \|
		\| -------------------------------------------- \| ------------------------------------------------ \|
		\| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` \| URL of a Docker registry mirror to use \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_USER` \| Docker registry username for the mirror registry \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD` \| Docker registry password for the mirror registry \|

		#### Setting your own Docker configuration file (advanced)

		There might be cases where you need to provide the complete [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files):
		@@ -163,6 +173,8 @@ In addition to you own defined variables, you may use the following variables (p
		- `${docker_snapshot_registry_host}`: the snapshot registry host (based on the configured `DOCKER_SNAPSHOT_IMAGE` variable)
		- `${docker_release_authent_token}`: the authentication token required by the release registry (computed from configured `DOCKER_REGISTRY_RELEASE_USER` / `DOCKER_REGISTRY_RELEASE_PASSWORD` variables)
		- `${docker_release_registry_host}`: the release registry host (based on the configured `DOCKER_RELEASE_IMAGE` variable)
		- `${docker_mirror_authent_token}`: the authentication token required by the mirror registry (computed from configured `DOCKER_REGISTRY_MIRROR_USER` / `DOCKER_REGISTRY_MIRROR_PASSWORD` variables)
		- `${docker_mirror_registry_host}`: the mirror registry host (based on the configured `DOCKER_REGISTRY_MIRROR` variable)

		Example 1: Docker configuration file inlined in the project repository (`.docker/config.json`) with dynamic variables replacement:

		@@ -301,6 +313,8 @@ It is bound to the `package-build` stage, and uses the following variables:
		\|-------------------------------------------------------------------------\|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|--------------------------------\|
		\| `build-args` / `DOCKER_BUILD_ARGS` \| Additional `docker/kaniko/buildah` `build` arguments \| _(none)_ \|
		\| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` \| URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) <br>:warning: Used by the `kaniko` and `dind` options only \| _(none)_ \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_USER` \| Docker registry username for the mirror registry \| _(none)_ \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD` \| Docker registry password for the mirror registry \| _(none)_ \|
		\| `container-registries-config-file` / `CONTAINER_REGISTRIES_CONFIG_FILE` \| The [`registries.conf`](https://www.redhat.com/sysadmin/manage-container-registries) configuration to be used<br>:warning: Used by the `buildah` build only \| _(none)_ \|
		\| `metadata` / `DOCKER_METADATA` \| Additional `docker build`/`kaniko` arguments to set label \| OCI Image Format Specification \|
		\| `kaniko-snapshot-image-cache` / `KANIKO_SNAPSHOT_IMAGE_CACHE` \| Snapshot image repository that will be used to store cached layers (leave empty to use default: snapshot image repository + `/cache`)<br>:warning: Used by the `kaniko` build only \| _none_ (default cache path) \|

templates/gitlab-ci-docker.yml

+13 −2

Original line number	Diff line number	Diff line
		@@ -565,8 +565,19 @@ stages:
		export docker_release_authent_token
		export docker_release_registry_host

		docker_snapshot_config_json=$(echo -n "{\"auths\":{\"$docker_snapshot_registry_host\":{\"auth\":\"$docker_snapshot_authent_token\"},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}}")
		docker_release_config_json=$(echo -n "{\"auths\":{\"$docker_release_registry_host\":{\"auth\":\"$docker_release_authent_token\"},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}}")
		if [[ -n "$DOCKER_REGISTRY_MIRROR" && -n "$DOCKER_REGISTRY_MIRROR_USER" ]]
		then
		docker_mirror_authent_token=$(echo -n "$DOCKER_REGISTRY_MIRROR_USER:$DOCKER_REGISTRY_MIRROR_PASSWORD" \| base64 \| tr -d '\n')
		# shellcheck disable=SC2001
		docker_mirror_registry_host=$(echo "$DOCKER_REGISTRY_MIRROR" \| sed "s\|^https*://\|\|" \| cut -d/ -f1)
		export docker_mirror_authent_token
		export docker_mirror_registry_host

		docker_mirror_config_json="\"$docker_mirror_registry_host\":{\"auth\":\"$docker_mirror_authent_token\"},"
		fi

		docker_snapshot_config_json=$(echo -n "{\"auths\":{$docker_mirror_config_json\"$docker_snapshot_registry_host\":{\"auth\":\"$docker_snapshot_authent_token\"}},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}")
		docker_release_config_json=$(echo -n "{\"auths\":{$docker_mirror_config_json\"$docker_release_registry_host\":{\"auth\":\"$docker_release_authent_token\"}},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}")

		# Create the configuration file for Docker and Kaniko
		BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}

Original line number	Diff line number	Diff line
		@@ -136,6 +136,16 @@ If you use different registries for snapshot and release images, you shall u
		\| :lock: `DOCKER_REGISTRY_RELEASE_USER` \| Docker registry username for release image registry \|
		\| :lock: `DOCKER_REGISTRY_RELEASE_PASSWORD` \| Docker registry password for release image registry \|

		#### Using a registry mirror during image builds

		You can provide a URL for a mirror registry of `https://index.docker.io` for use during image builds (:warning: `kaniko` and `dind` options only), and optionally with credentials for the mirror, using the following variables:

		\| Input / Variable \| Description \|
		\| -------------------------------------------- \| ------------------------------------------------ \|
		\| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` \| URL of a Docker registry mirror to use \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_USER` \| Docker registry username for the mirror registry \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD` \| Docker registry password for the mirror registry \|

		#### Setting your own Docker configuration file (advanced)

		There might be cases where you need to provide the complete [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files):
		@@ -163,6 +173,8 @@ In addition to you own defined variables, you may use the following variables (p
		- `${docker_snapshot_registry_host}`: the snapshot registry host (based on the configured `DOCKER_SNAPSHOT_IMAGE` variable)
		- `${docker_release_authent_token}`: the authentication token required by the release registry (computed from configured `DOCKER_REGISTRY_RELEASE_USER` / `DOCKER_REGISTRY_RELEASE_PASSWORD` variables)
		- `${docker_release_registry_host}`: the release registry host (based on the configured `DOCKER_RELEASE_IMAGE` variable)
		- `${docker_mirror_authent_token}`: the authentication token required by the mirror registry (computed from configured `DOCKER_REGISTRY_MIRROR_USER` / `DOCKER_REGISTRY_MIRROR_PASSWORD` variables)
		- `${docker_mirror_registry_host}`: the mirror registry host (based on the configured `DOCKER_REGISTRY_MIRROR` variable)

		Example 1: Docker configuration file inlined in the project repository (`.docker/config.json`) with dynamic variables replacement:

		@@ -301,6 +313,8 @@ It is bound to the `package-build` stage, and uses the following variables:
		\|-------------------------------------------------------------------------\|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|--------------------------------\|
		\| `build-args` / `DOCKER_BUILD_ARGS` \| Additional `docker/kaniko/buildah` `build` arguments \| _(none)_ \|
		\| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` \| URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) <br>:warning: Used by the `kaniko` and `dind` options only \| _(none)_ \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_USER` \| Docker registry username for the mirror registry \| _(none)_ \|
		\| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD` \| Docker registry password for the mirror registry \| _(none)_ \|
		\| `container-registries-config-file` / `CONTAINER_REGISTRIES_CONFIG_FILE` \| The [`registries.conf`](https://www.redhat.com/sysadmin/manage-container-registries) configuration to be used<br>:warning: Used by the `buildah` build only \| _(none)_ \|
		\| `metadata` / `DOCKER_METADATA` \| Additional `docker build`/`kaniko` arguments to set label \| OCI Image Format Specification \|
		\| `kaniko-snapshot-image-cache` / `KANIKO_SNAPSHOT_IMAGE_CACHE` \| Snapshot image repository that will be used to store cached layers (leave empty to use default: snapshot image repository + `/cache`)<br>:warning: Used by the `kaniko` build only \| _none_ (default cache path) \|