Skip to content

Support pulling images from different registries with authentication #24547

New issue
New issue
Open
Open
Support pulling images from different registries with authentication#24547
Labels
status: pending-design-workNeeds design work before any code can be developedtype: enhancementA general enhancement
Milestone
 
4.x
@WqyJh

Description

@WqyJh
WqyJh
opened on Dec 17, 2020

This is my base image built upon paketobuildpacks/run:base named docker.example.com/run:base which has been pushed to my private registry with basic auth.

FROM paketobuildpacks/run:base

# Install packages (ffmpeg)
RUN echo "debconf debconf/frontend select noninteractive" | debconf-set-selections && \
  export DEBIAN_FRONTEND=noninteractive && \
  apt-get -y update && \
  apt-get -y upgrade && \
  apt-get -y --no-install-recommends install ffmpeg && \
  find /usr/share/doc/*/* ! -name copyright | xargs rm -rf && \
  rm -rf \
    /usr/share/man/* /usr/share/info/* \
    /usr/share/groff/* /usr/share/lintian/* /usr/share/linda/* \
    /var/lib/apt/lists/* /tmp/*

ARG cnb_uid=1000
ARG cnb_gid=1000
ARG distro_name="Ubuntu"
ARG distro_version="18.04"
ARG homepage="https://github.com/paketo-buildpacks/stacks"
ARG maintainer="Paketo Buildpacks"
ARG stack_id="io.buildpacks.stacks.bionic"
ARG description="ubuntu:bionic + openssl + CA certs + ffmpeg"
ARG released

RUN groupadd cnb --gid ${cnb_gid} && \
  useradd --uid ${cnb_uid} --gid ${cnb_gid} -m -s /bin/bash cnb

USER ${cnb_uid}:${cnb_gid}
LABEL io.buildpacks.stack.description=${description}
LABEL io.buildpacks.stack.distro.name=${distro_name}
LABEL io.buildpacks.stack.distro.version=${distro_version}
LABEL io.buildpacks.stack.homepage=${homepage}
LABEL io.buildpacks.stack.id=${stack_id}
LABEL io.buildpacks.stack.maintainer=${maintainer}
LABEL io.buildpacks.stack.metadata=${fully_qualified_base_image}
LABEL io.buildpacks.stack.mixins=${mixins}
LABEL io.buildpacks.stack.released=${released}

This is how I config bootBuildImage.

bootBuildImage {
    docker {
        builderRegistry {
            username = "username"
            password = "password"
            url = "https://docker.example.com/v1/"
        }
    }
    imageName = "docker.example.com/app"
    runImage = "docker.example.com/run:base"
}

But I've got the following problem when executing bootBuildImage task.

* What went wrong:
Execution failed for task ':app:bootBuildImage'.
> Docker API call to 'localhost/v1.24/images/create?fromImage=docker.io%2Fpaketobuildpacks%2Fbuilder%3Abase' failed with status code 500 "Internal Server Error" and message "Head https://registry-1.docker.io/v2/paketobuildpacks/builder/manifests/base: unauthorized: incorrect username or password"

Because a basic auth was applied to docker.io when pulling paketobuildpacks/builder:base which is a public registry with no authentication required.

I've dive into the source code and found the following code, which performs the basic auth configured for images from all registries, which I think, should only be applied when the image was matched with the registry configured.

spring-boot/spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/DockerApi.java

Line 178 in 4b763c3

try (Response response = http().post(createUri, registryAuth)) {

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: pending-design-workNeeds design work before any code can be developedtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions