Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Use client-certificate for authentication on a private docker-registry in a bitbucket-pipeline

Hi, I'm using a bitbucket-pipeline to build, tag and push docker-images.
I'm having trouble using a client-certificate to authenticate with a private registry.

 

On my desktop-machine(ubuntu) when i try to push to the registry i receive the following error:

$ docker push REGISTRY_DOMAIN_NAME/myImage:0.5.6 
The push refers to repository [REGISTRY_DOMAIN_NAME/myImage]
Get https://REGISTRY_DOMAIN_NAME/v2/: remote error: tls: alert(116)

The ssl-error 116 code means certificate_required.

After i copied the certificates into the directory /etc/docker/certs.d/REGISTRY_DOMAIN_NAME the push completes successfully.

So i tried to replicate this within the bitbucket-pipeline. I'm writing the certificate-content from pipeline-variables into the same files as on my desktop-machine:

- mkdir -p /etc/docker/certs.d/REGISTRY_DOMAIN_NAME
- echo $DOCKER_CA_CRT > /etc/docker/certs.d/REGISTRY_DOMAIN_NAMEs/ca.crt
- echo $DOCKER_CLIENT_CRT > /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/client.crt
- echo $DOCKER_CLIENT_KEY > /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/client.key
- ls -al /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/

The files are in the correct location:

+ ls -al /etc/docker/certs.d/REGISTRY_DOMAIN_NAME/
total 20
drwxrwxrwx. 2 root root 4096 Jan 15 09:24 .
drwxrwxrwx. 3 root root 4096 Jan 15 09:24 ..
-rw-rw-rw-. 1 root root 1647 Jan 15 09:24 ca.crt
-rw-rw-rw-. 1 root root 1696 Jan 15 09:24 client.crt
-rw-rw-rw-. 1 root root 1679 Jan 15 09:24 client.key


But in the bitbucket-pipeline the push still fails with the tls error 116.

Is there a way to use certificate-based authentication for a private docker-registry from within the bitbucket-pipeline?

1 answer

0 votes

According to the Atlassian-support it is not possible to use client-certificates.

I'm using the docker-service of  bitbucket by declaring "docker: true" in the options of my build-pipeline.
In this case the docker-runtime is executed in a container other than my build-container. Therefore it is currently impossible to get the certificate-files into the filesystem of the docker-runtime.

My solution so far is to switch back to authentication by username/password.

Another solution might be to build your own build-container e.g. based on docker:dind which failed for me at various stages.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

2,570 views 1 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you