Make Docker registry configurable

optiopay / klar

Integration of Clair and Docker Registry

MIT License

506 stars 138 forks source link

Make Docker registry configurable #9

Closed berendt closed 7 years ago

berendt commented 7 years ago

At the moment the used Docker registry is hardcoded (const dockerHub = "registry-1.docker.io"). The Docker registry should be configurable to be able to use a private Docker registry.

hashmap commented 7 years ago

In fact Klar was built to work with a private registry. Klar mimics docker images behaviour, so Docker registry is used only for "short" names, you can specify the full name like docker-registry.domain.com/skynetservices/skydns:2.3 see some examples https://github.com/optiopay/klar/blob/master/docker/docker_test.go#L18

berendt commented 7 years ago

I tried to scan an image on a private password protected registry:

CLAIR_ADDR=clair DOCKER_USER=xxx DOCKER_PASSWORD=xxx klar registry.xzy/infrastructure/jenkins:1.2.3

This failed with the following error message on Clair:

2017-01-09 07:22:00.123609 W | detectors: could not download layer: got status code 401, expected 2XX
2017-01-09 07:22:00.123708 E | worker: layer sha256:75a822cd7888e394c49828b951061402d31745f596b1f502758570f2d0ee79e2: failed to extract data from https://registry.xzy/v2/infrastructure/jenkins/blobs/sha256:75a822cd7888e394c49828b951061402d31745f596b1f502758570f2d0ee79e2: could not find layer

A manual download of the failed layer with the username/password is working like expected.

hashmap commented 7 years ago

Thanks for the report, it seems that registry credentials were not passed to Clair, I'll check it.

berendt commented 7 years ago

@hashmap Any news here?

supereagle commented 7 years ago

Have checked the code, there is no error to pass the registry credentials. At the same time, have tested several times, not reproduce this error. @hashmap Any clues?

hashmap commented 7 years ago

@berendt I assume you have a password-protected web server in front of your private registry, am I right? In this case you need support of HTTP basic auth (for example) in addition to registry auth dance. It looks like valuable feature.

berendt commented 7 years ago

@hashmap I am using Nexus OSS as private Docker registry. I am not sure if it requires an additional HTTP authentication. I can directly login to the registry with the docker login command.

supereagle commented 7 years ago

Maybe this issue is the same as #12, has been fixed by PR #14

supereagle commented 7 years ago

@berendt You can have a try on the latest release v1.2.1. If this error still exists, please report to us. Thanks.

hashmap commented 7 years ago

@berendt I'm closing this issue, feel free to reopen it if problem still exists