Hi, I'm using a bitbucket-pipeline to build, tag and push docker-images.
I'm having trouble using a client-certificate to authenticate with a private registry.
On my desktop-machine(ubuntu) when i try to push to the registry i receive the following error:
$ docker push REGISTRY_DOMAIN_NAME/myImage:0.5.6
The push refers to repository [REGISTRY_DOMAIN_NAME/myImage]
Get https://REGISTRY_DOMAIN_NAME/v2/: remote error: tls: alert(116)
The ssl-error 116 code means certificate_required.
After i copied the certificates into the directory /etc/docker/certs.d/REGISTRY_DOMAIN_NAME the push completes successfully.
So i tried to replicate this within the bitbucket-pipeline. I'm writing the certificate-content from pipeline-variables into the same files as on my desktop-machine:
- mkdir -p /etc/docker/certs.d/REGISTRY_DOMAIN_NAME
- echo $DOCKER_CA_CRT > /etc/docker/certs.d/REGISTRY_DOMAIN_NAMEs/ca.crt
- echo $DOCKER_CLIENT_CRT > /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/client.crt
- echo $DOCKER_CLIENT_KEY > /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/client.key
- ls -al /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/
The files are in the correct location:
+ ls -al /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/
drwxrwxrwx. 2 root root 4096 Jan 15 09:24 .
drwxrwxrwx. 3 root root 4096 Jan 15 09:24 ..
-rw-rw-rw-. 1 root root 1647 Jan 15 09:24 ca.crt
-rw-rw-rw-. 1 root root 1696 Jan 15 09:24 client.crt
-rw-rw-rw-. 1 root root 1679 Jan 15 09:24 client.key
But in the bitbucket-pipeline the push still fails with the tls error 116.
Is there a way to use certificate-based authentication for a private docker-registry from within the bitbucket-pipeline?
According to the Atlassian-support it is not possible to use client-certificates.
I'm using the docker-service of bitbucket by declaring "docker: true" in the options of my build-pipeline.
In this case the docker-runtime is executed in a container other than my build-container. Therefore it is currently impossible to get the certificate-files into the filesystem of the docker-runtime.
My solution so far is to switch back to authentication by username/password.
Another solution might be to build your own build-container e.g. based on docker:dind which failed for me at various stages.
Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events