Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more

Atlassian Community about banner

4,560,415

Community Members

Community Events

185

Community Groups

Community
Products
Bamboo
Questions
how to configure docker runner to authorize with private docker registry

how to configure docker runner to authorize with private docker registry

Edited

how can i configure Job -> Docker to authorize with my private docker registry?

i'm getting 403 when downloading private docker image e.g. private/docker-image:1.2.3

1 answer

1 accepted

1 vote

Answer accepted

Hi Piotr,

If the private image is in a registry which does not require authentication you can just use the registry url in the Docker image field.

If your registry requires authentication, it becomes a little more complicated.

You will need to set up a script on the agent server which will run the docker login command. (in ~/.profile for example)

docker login -u <myuser> -p <mypassword> registryurl

Once this is configured and the remote agent has sourced the new script, it will be able to connect to the private image registry. You can test this by attempting a docker pull for your desired image.

You will need to configure the above for all remote agents which will need to connect to the private registry.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

If you don't want passwords stored in plain text, you can use the credential helpers as outlined in the documentation for the docker login command.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Follow-up question. What if the repository is an AWS ECR, which the login is only good for a certain period of time and then you have to login again? Any suggestions on how to handle that?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

If your credentials remain the same, you can re-run the docker login command to re-authorize your agent. (you should be able to automate this with a chron job).

If your credentials have expired/rotated, you'll need to modify your script to use the new credentials.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Thanks :)

I meant to reply to this and forgot to yesterday. I found this solution from AWS Labs that pretty much solves the problem for me for ECR repositories:

https://github.com/awslabs/amazon-ecr-credential-helper

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Steffen Opel _Utoolity_ likes this

I know this thread is a bit old but can you elaborate how this would look on a CentOS7 system? Is there a particular name needed for the the login script? Where does it need to be stored? How does Bamboo find the script?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS