How to pull private images from repositories other than Docker Hub?

Nomad
1

How do you pull private images from private docker repositories other than docker hub?

I can see in the documentation that you use the auth object.

However, it’s unclear what you have to put in the image attribute and the optional server_address attribute. It seems image attribute optionally uses the entire URL, and then server_address is the domain without the protocol (https://). Given that, I would think this would work (but it doesn’t):

      config {
        image = "https://registry.digitalocean.com/myusername/webserver:latest"

        auth {
          server_address = "registry.digitalocean.com"
          username = "myusername"
          password = "mypassword"
        }

It’s also unclear whether you put the digital ocean password in, or if it’s the key for an auth token, because I don’t really know the mechanism that nomad uses to pull the repos.

Of course, I’d want to move to using Vault, but I figured I’d get this working first. But perhaps, it’s better just to use Vault straight off the bat?

2

Hi @iamwil :wave:

Sorry for the delay, I’m still trying to get a DO account to test it, but usually you first need to make sure that the user that Nomad is running as (for example root) is properly configure to pull from the registry.

Maybe this page will help? How to Use CI/CD Systems with Your Container Registry :: DigitalOcean Documentation

Once you have Docker configured, Nomad should be able to pull images without further configuration.

3 
task "server" {
    driver = "docker"
    config {
        image = "<private-registry-url>/<image-name>:<tag>"
        auth {
            username = "<private-registry-user>"
            password = "<private-registry-password>"
        }
    }
}

To debug, these things should work on your local machine:

docker login <private-registry-url>

with <private-registry-user> and <private-registry-password>.

In my case, the url was registry.domain.io without anything else.

1 Like