Publishing a docker image to a private registry fails without authentication

[shahamit]

I have a private docker registry setup on our local infrastructure. It is configured without any authentication. I am trying to build and push the docker image to this registry with the spring-boot:build-image command but I get an error "Invalid Docker publish registry configuration, either token or username/password must be provided". My maven plugin configuration looks like below

                            <configuration>
					<image>
						<name><vm-name>:5000/dev/my-spring-boot-app:v1</name>
						<publish>true</publish>
					</image>
					<docker>
						<publishRegistry>
							<url>http://<vm-name>:5000</url>
						</publishRegistry>
					</docker>
				</configuration>

This is intentional as the code indicates. Could someone please guide me how to push my docker image to an unauthenticated private docker registry?

Thanks

[scottfrederick]

Thanks for getting in touch. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. This is a question that would be better suited to Stack Overflow.

The only reason to provide the <docker><publishRegistry> block is to provide authentication for the registry. Including the registry in the image name provided by <image><name> and setting <publish>true</publish> is sufficient to get the image published to the registry without authentication.

[sean-duffy-gmex]

The only reason to provide the <docker><publishRegistry> block is to provide authentication for the registry. Including the registry in the image name provided by <image><name> and setting <publish>true</publish> is sufficient to get the image published to the registry without authentication.

This does not seem to be the case, when running with publish set to true and no publishRegistry block I get:

Publishing an image requires docker.publishRegistry to be configured

Is there no way to publish to an unauthenticated registry using this plugin currently?

[scottfrederick]

This does not seem to be the case...

@sean-duffy-gmex You are correct, the docker.publishRegistry configuration is required when publish is set to true. What I said in my comment above is true for docker.builderRegistry but not true for docker.publishRegistry. I'm not sure what I was thinking when I said that.

when running with publish set to true and no publishRegistry block I get...

This explicit check is done because the Docker Engine API requires an authentication header to be sent in an image-push request, and will give a 400 BAD REQUEST error if authentication is not provided.

It should be possible for us to default the publishRegistry to empty values and effectively send a dummy auth header instead of requiring a publishRegistry to be configured explicitly. I'll re-open the issue so others on the team can comment on that idea and what version we would want to make a change like that in.

Is there no way to publish to an unauthenticated registry using this plugin currently?

It is likely that you can configure docker.publishRegistry with any value for the username and password fields to make this work. An auth header will be built and sent to the Docker Engine API and likely ignored by the registry.

[wilkinsona]

I think we could consider it to be a bug that you can't easily push to a private registry that doesn't require authentication. Where we fix it will depend on how risky it might be. It sounds quite low risk as I think we'd only be changing the behavior for something that doesn't work at the moment. 2.6.x doesn't feel unreasonable to me.