Kaniko: does kaniko support docker registry mirrors ?

Created on 19 Oct 2018 · 7Comments · Source: GoogleContainerTools/kaniko

dear maintainers

i use kaniko to build docker image at China mainland，when it download base image, it use docker official registry, the GFW will reset this connection, so, does kaniko support docker registry mirrors ?

thank u

areregistry help wanted prioritp3

Source

tticar

👍12

Most helpful comment

Hi @bobcatfish,

Obviously setting the registry in the FROM is a quick option but this option make the Dockerfile less portable and it make it depend on the network where you build it.

Just as kaniko support setting insecure registries, having a command flag to add mirror (in our case one should be enough) would be a must.

As in docker daemon, I expect that this flag will make all images without specified registry be pulled from the mirror.
For example:
If setting in the cli --registry-mirror=myprivateregistry.com
will make
FROM openjdk:8-jdk
The same as
FROM myprivateregistry.com/openjdk:8-jdk

But FROM mysecondprivate.com/openjdk:8-jdk should be keeped the same (mirror are only for default registries).

This will allowing us to share source code without having to modify it to use our mirror (we are using it for caching and security reasons).

This way it will also be easy to pull from the mirror but push to a private repo by specifying the destination registry in kaniko.

By the way having it at runtime is so much better than having it on daemon settings :-)

tblaisot on 3 Dec 2018

👍5

All 7 comments

i use FROM docker-mirrors-address/library/openjdk:8-jdk in Dockerfile for workaround now, but still wait for kaniko official solution.

tticar on 1 Nov 2018

Hello,

We are currently hopping support for registry mirrors in kaniko to be able to used it in clients "offline" environnements where all access to public repos are disable but you need to use a registry mirror (artifactory, nexus...).
By the way, using thoses tools you often create a private registry, a mirror registry, and a virtual registry which virtualy merge the 2 firsts.
Without registry mirror it become clumsy because you pull from virtual but push in private...
This become a nightmare if you need to change all you FROM instructions.

Hopping to see support for this in kaniko !!
Thanks for making this tool btw !

tblaisot on 21 Nov 2018

👍2

Hey @tblaisot ! Can you explain more about how you would see this working? Would this be a flag you provided when running kaniko that overrides the docker registry in the image name?

The most obvious workaround is what you described with FROM docker-mirrors-address/library/openjdk:8-jdk but it sounds like this isn't what you want?

bobcatfish on 3 Dec 2018

Hi @bobcatfish,

Obviously setting the registry in the FROM is a quick option but this option make the Dockerfile less portable and it make it depend on the network where you build it.

Just as kaniko support setting insecure registries, having a command flag to add mirror (in our case one should be enough) would be a must.

But FROM mysecondprivate.com/openjdk:8-jdk should be keeped the same (mirror are only for default registries).

This will allowing us to share source code without having to modify it to use our mirror (we are using it for caching and security reasons).

This way it will also be easy to pull from the mirror but push to a private repo by specifying the destination registry in kaniko.

By the way having it at runtime is so much better than having it on daemon settings :-)

tblaisot on 3 Dec 2018

👍5

I tried adding this to /kaniko/.docker/config.json

{
  "registry-mirrors": [
    "https://your.private.registry"
  ]
}

But it is not used :( any other ideas?

MichaelSp on 3 Apr 2019

Closed my issue in favour of this one. This would be really helpful! Using Kaniko in a University env where internet access is restricted. So we have a registry mirror setup. I will see if I can configure kubernetes to use the mirror always.