Docker Community Forums

Share and learn in the Docker community.

Dockerfile based on container behind login

The base I want to use for my container is stored on a repository that I have to login to gain access. How do I do this in a Dockerfile? So far I have:

ARG user
ARG password
FROM

Thanks

uhm, what? You objective is completly unclear.

Sorry, this is the wrong forum for my question.

I assume you mean to use a base image located in a repository on a private registry?

If so, then you need to login at the private registy, before interacting with it:
docker login fqdn{:port} (=without the https:// prefix)
you only need to specifiy the port, if the remote registry is not running on port 443.

You approach with the ARGs is not how it works. Don’t forget to use fqdn:port/group/repo:tag when adressing the base image in the FROM declaration.

2 Likes

This simple example shows how secrets work in just a few commands. For a real-world example, continue to Intermediate example: Use secrets with a Nginx service.

Add a secret to Docker. The docker secret create command reads standard input because the last argument, which represents the file to read the secret from, is set to -.

$ printf “This is a secret” | docker secret create my_secret_data -
Create a redis service and grant it access to the secret. By default, the container can access the secret at /run/secrets/<secret_name>, but you can customize the file name on the container using the target option.

$ docker service create --name redis --secret my_secret_data redis:alpine
Verify that the task is running without issues using docker service ps. If everything is working, the output looks similar to this:

$ docker service ps redis

ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
bkna6bpn8r1a redis.1 redis:alpine ip-172-31-46-109 Running Running 8 seconds ago
If there were an error, and the task were failing and repeatedly restarting, you would see something like this:

$ docker service ps redis

NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
redis.1.siftice35gla redis:alpine moby Running Running 4 seconds ago
_ redis.1.whum5b7gu13e redis:alpine moby Shutdown Failed 20 seconds ago “task: non-zero exit (1)”
_ redis.1.2s6yorvd9zow redis:alpine moby Shutdown Failed 56 seconds ago “task: non-zero exit (1)”
_ redis.1.ulfzrcyaf6pg redis:alpine moby Shutdown Failed about a minute ago “task: non-zero exit (1)”
_ redis.1.wrny5v4xyps6 redis:alpine moby Shutdown Failed 2 minutes ago “task: non-zero exit (1)”
Get the ID of the redis service task container using docker ps , so that you can use docker container exec to connect to the container and read the contents of the secret data file, which defaults to being readable by all and has the same name as the name of the secret. The first command below illustrates how to find the container ID, and the second and third commands use shell completion to do this automatically.