Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

how to configure docker runner to authorize with private docker registry

sta-szek
sta-szek
Contributor
March 5, 2018

how can i configure Job -> Docker to authorize with my private docker registry?

i'm getting 403 when downloading private docker image e.g. private/docker-image:1.2.3

 

image.png

Answer
Watch
Like # people like this
6612 views

1 answer

1 accepted

1 vote
Answer accepted
Robert W
Robert W
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2018

Hi Piotr,

 

 

If the private image is in a registry which does not require authentication you can just use the registry url in the Docker image field.

 

If your registry requires authentication, it becomes a little more complicated.

You will need to set up a script on the agent server which will run the docker login command. (in ~/.profile for example)

 

docker login -u <myuser> -p <mypassword> registryurl

 

Once this is configured and the remote agent has sourced the new script, it will be able to connect to the private image registry.  You can test this by attempting a docker pull for your desired image.

 

You will need to configure the above for all remote agents which will need to connect to the private registry.

View More Comments
Robert W
Robert W
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2018

If you don't want passwords stored in plain text, you can use the credential helpers as outlined in the documentation for the docker login command.

Docker Login

Like
stephen_leavitt
stephen_leavitt September 6, 2018

Follow-up question. What if the repository is an AWS ECR, which the login is only good for a certain period of time and then you have to login again? Any suggestions on how to handle that?

Like
Robert W
Robert W
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 7, 2018

If your credentials remain the same, you can re-run the docker login command to re-authorize your agent.  (you should be able to automate this with a chron job).

 

If your credentials have expired/rotated, you'll need to modify your script to use the new credentials.

Like
stephen_leavitt
stephen_leavitt September 7, 2018

Thanks :)

I meant to reply to this and forgot to yesterday. I found this solution from AWS Labs that pretty much solves the problem for me for ECR repositories:

https://github.com/awslabs/amazon-ecr-credential-helper

Like Steffen Opel _Utoolity_ likes this
Jason Templeman
Jason Templeman
Contributor
March 9, 2020

I know this thread is a bit old but can you elaborate how this would look on a CentOS7 system?  Is there a particular name needed for the the login script?  Where does it need to be stored?  How does Bamboo find the script?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events