I use a Jenkins pipeline to deploy a web application to a Kubernetes cluster in AWS. The deployment succeeds, but when I examine the Jenkins logs I see this message when it tries to do docker login:
WARNING! Your password will be stored unencrypted in /var/lib/jenkins/.docker/config.json. Configure a credential helper to remove this warning.
I do not wish the password to be stored in plain text.
So to fix this, I tried to configure a credential helper by following this article (Ubuntu | Docker Docs), and installed Docker Desktop on the Jenkins build server (an EC2 instance that runs Ubuntu). When I reran the Jenkins deployment, it failed with this message:
failed to build: getting auth config for “my-acccount.dkr.ecr.eu-west-2.amazonaws.com/my-image”: getting auth config: error getting credentials - err: exit status 1, out: exit status 2: gpg: decryption failed: No secret key
When I retraced my steps through the article, I read that executing this command systemctl --user start docker-desktop should create a new context called desktop-linux, but when I ran docker context ls I can see that this context has not been created. Therefore, when the Jenkins deployment ran, it presumably did so not in the desktop-linux context but continued to run in the Docker engine context.
Any ideas why the desktop-linux context is not being created? Thanks.
Hi Rimelek, thanks for your response. When I run docker context ls --format json, it also shows the ‘default’ context. Having played around a bit more, I note the following:
When I initialise Docker Desktop (gpg --generate-key followed by pass init) as the ubuntu user, it seems to work, giving the message:
Password store initialized for
However, when I run the same commands as the jenkins user (which runs my pipeline), it opens a dialog asking
‘Please enter the passphrase to unlock the OpenPGP secret key’
and when I enter the passphrase it fails with a ‘bad passphrase’ error.
I guess Docker Desktop is installed for a specific user, so other users will use Docker CE if that is installed as well. If you have only Docker Desktop, the other user will still use another instance. I’m not 100% sure about that, as I never tried using Docker Desktop with multiple users on any platform.
Or on second thought, the GPG keys are initialized for one user, so even if you are using the same Docker, the other user would probably need its own password store as well using another GPG key.