Buildkit: Login to a private registry using command line arguments

Created on 8 Aug 2018  Â·  15Comments  Â·  Source: moby/buildkit

Right now the dockerfile.v0 frontend reads the docker config file. This means I either need to generate it using docker login, or manually, which is not great.

Perhaps I just didn't find the flag, but this is what README.md says as well.

arecli exbeginner help wanted

All 15 comments

@AkihiroSuda Any suggestions?

Overall we should move away from the text files and use os keychain logic. It would be easy to provide a script for this well.

docker login has cli arguments -u XX -p YY. Why not support the same thing?

The same problem.
What should I do now? To login to my private registry by buidlctl without run "docker login".
OS:centos7.2

img login can be used as well as docker login

It should be also easy to port over img login to buildctl https://github.com/genuinetools/img/blob/master/login.go

Does this issue still relevant? Would like to try implementing this
For buildkit, -u and -p should not create or store credentials, right?
It only used for a single execution by storing it as variables in authprovider, is this approach correct?

buildkit can access multiple registries for a single build so if we are talking about cli flags that would fill in authprovider they need to be a combination of host+user+pw/token .

It doesn't need to store the credentials into file or os keychain right?
For handling multiple registries, how do you suggest the flags would look like?
We can use multiple --username, --host and --password or using comma separated

Hi there, @walbertus are you still working on this issue? If not, would it be alright if I tried to take on this issue with a group of fellow students from UT Austin? We are taking a Virtualization class and would like to contribute to this issue, as it's a part of our course requirement.

@chang-andrew Please go ahead

@chang-andrew Any progress?
@tonistiigi Is there any kind of workaround for this until it is implemented?

Thank you.

@chang-andrew Any progress?
@tonistiigi Is there any kind of workaround for this until it is implemented?

Thank you.

you can create secret and mount it. buildkit will pick it up

@tuananh can you provide a snippet?

You can do docker login from any machine. Then create secret from that
docker config json. Then mount it in buildkit container

On Sun, 20 Dec 2020 at 08:26 João Silva notifications@github.com wrote:

@tuananh https://github.com/tuananh can you provide a snippet?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/moby/buildkit/issues/565#issuecomment-748549074, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AAEZETVQCR7U2WMYIWIVZ6DSVVHDPANCNFSM4FOSR6IQ
.

You can do docker login from any machine. Then create secret from that docker config json. Then mount it in buildkit container

Does this create a requirement that the frontend image is only local? I would like to be able to specify a syntax image from a private registry:

# syntax=privateregistry.example/ns/repo:1.2
FROM alpine
# ...

How can I mount this secret in the buildkit container so that it has access to privateregistry.example? Docker in docker?

Stating this as a separate concern, but motivation for the above:

With docker registry pull limits, it becomes difficult to adopt new frontend syntaxes if the act of building the image (even targeting a private registry or local) is throttled.

Was this page helpful?
0 / 5 - 0 ratings