Skip to content

What REGISTRY variable should be used for Docker Hub?

@airibarr If we want to publish images to Docker Hub what value should be used for the REGISTRY variable?

If we adapt the README example .gitlab-ci.yml to the following to try to push an image to Docker Hub

stages:
   - prepare
   - build

prepare:
  stage: prepare
  script:
    - mkdir dynamic
    - echo "FROM gitlab-registry.cern.ch/linuxsupport/cc8-base" >> dynamic/Dockerfile
  artifacts:
    paths:
      - dynamic/
    expire_in: 1 week

build_artifacts:
  stage: build
  trigger:
    include:
      - project: 'ci-tools/docker-builder'
        file: '/ci.yml'
    strategy: depend
  variables:
    REGISTRY: "index.docker.io"
    REGISTRY_ORG: "matthewfeickert"
    IMAGE_NAME: "minimal-example"
    TAG: "latest"
    REGISTRY_USERNAME: ${DOCKERHUB_USERNAME}  # Secret
    REGISTRY_PASSWORD: ${DOCKERHUB_PASSWORD}  # Secret
    TO: "${REGISTRY}/${REGISTRY_ORG}/${IMAGE_NAME}:${TAG}"
    CACHE: "false"
    CONTEXT_DIR: dynamic
    DOCKER_FILE: dynamic/Dockerfile
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    ARTIFACT_JOB: prepare

this fails with

$ /kaniko/executor \ # collapsed multi-line command
+++ uname -m
++ /kaniko/executor --cache-copy-layers=false --cache-ttl 168h --cache-repo index.docker.io/[MASKED]/minimal-example/cache --context /builds/feickert/docker-builder-debug/dynamic --dockerfile /builds/feickert/docker-builder-debug/dynamic/Dockerfile --destination index.docker.io/[MASKED]/minimal-example:latest-x86_64 --image-name-tag-with-digest-file image-x86_64.out --build-arg ARCH=x86_64
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "index.docker.io/[MASKED]/minimal-example:latest-x86_64": POST https://index.docker.io/v2/[MASKED]/minimal-example/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:[MASKED]/minimal-example Type:repository] map[Action:push Class: Name:[MASKED]/minimal-example Type:repository]]

We can see from https://index.docker.io/v2 that it is using the v2 endpoint, but the kaniko README states that the v1 endpoint should be used for reasons covered in https://github.com/GoogleContainerTools/kaniko/issues/1209. Trying to use https://index.docker.io/v1/ as the REGISTRY variable fails though.

There's a minimal example repo that contains this over at https://gitlab.cern.ch/feickert/docker-builder-debug