Comments (11)
Need to investigate first whether Skopeo can currently work with Google artifact registry. Have you tried the Docker relay?
from dregsy.
As skopeo is preferred choice for copying images between repositories so only tried with skopeo & I can successfully copy dockerhub images to Google artifact registry with skopeo as below command
skopeo copy docker://docker.io/library/alpine:3.12 docker://europe-west1-docker.pkg.dev/<project-id>/upstream/alpine:3.12
from dregsy.
I tried this out with auth
setting for target
created in this way:
- Create base64 encoded version of service account's key json:
cat <key json> | base64 -w 0 > base64.json
- Create
auth
:echo '{"username": "_json_key_base64", "password": "<content of base64.json>"}' | base64 -w 0
- Copy output of 2) into Dregsy's config.
Sync went through without problems. The used service account has Artifact Registry Writer permissions.
from dregsy.
With a minor change to dregsy, repos at Google Artifact Registry can now be used in the exact same way as GCR: dregsy currently determines whether we're dealing with a GCR repo based on the server URI. If this ends with .gcr.io
, an auth token is retrieved from the Google API as needed. I've added -docker.pkg.dev
to that, and syncing to Google Artifact Registry now works even without providing the auth
setting in the dregsy task. I need to double check on that suffix though. Not sure whether that uniquely identifies Google Artifact Registry endpoints.
from dregsy.
@xelalexv : Thanks for your troubleshooting , when we can expect release for this change ?
from dregsy.
@xelalexv : I exact repeating your steps given for json key based authentication, following error I am observing at dregsy but can copy images using skopeo inside dregsy container (all commands run inside dregsy image running container)
# cat base64.json | skopeo login -u _json_key_base64 --password-stdin https://europe-west1-docker.pkg.dev
Login Succeeded!
# skopeo copy docker://docker.io/library/alpine:3.12 docker://europe-west1-docker.pkg.dev/<project-id>/dockerhub/alpine:3.12
Getting image source signatures
Copying blob 339de151aab4 done
Copying config 13621d1b12 done
Writing manifest to image destination
Storing signatures
config.yaml
---
relay: skopeo
skopeo:
binary: skopeo
certs-dir: /etc/skopeo/certs.d
tasks:
-
mappings:
-
from: library/alpine
to: <project-id>/dockerhub
tags: ['3.10']
name: dockerhub
source:
auth: <dockerhub-base64-username-password-combination>
registry: registry.hub.docker.com
target:
registry: europe-west1-docker.pkg.dev
auth: <service-account-json-base64-username-password-combination>
verbose: true
dregsy -config config.yaml
INFO[0000] dregsy 0.3.6
INFO[0000] skopeo version 1.2.1 commit: 1b6af3b15975f3142462b6affa85af708feb657f
INFO[0000] relay ready relay=skopeo
INFO[0000] syncing task source=registry.hub.docker.com target=europe-west1-docker.pkg.dev task=dockerhub
INFO[0000] mapping from=/library/alpine to=/<project-id>/dockerhub
INFO[0000] syncing tag tag=3.10
DEBU[0007] Getting image source signatures
DEBU[0011] time="2021-04-20T04:09:11Z" level=fatal msg="Error trying to reuse blob sha256:396c31837116ac290458afcb928f68b6cc1c7bdd6963fc72f52f365a2a89c1b5 at destination: Requesting bear token: invalid status code from registry 400 (Bad Request)"
ERRO[0011] exit status 1
ERRO[0011] errors during sync
DEBU[0011] stopping tasks
DEBU[0011] task exited task=dockerhub
DEBU[0011] exit main
ERRO[0011] one or more tasks had errors, please see log for details
am I doing something wrong ?
from dregsy.
I've just retried my description above, and it works in my environment. Maybe you can double check by doing the following, just to make sure we really have the correct authentication info in the config:
- Take the value of the
auth
setting from the dregsy config and doecho "<auth value>" | base64 -d
. That should give you{"username": "_json_key_base64", "password": "<base64 encoded value>"}
- Take the base64 encoded password value from step 1) and do
echo "<base64 encoded value>" | base64 -d
. The output should be identical to the contents of your key JSON file.
from dregsy.
I have re-checked with your given steps , all looks good but still getting following error.
DEBU[0011] time="2021-04-20T04:09:11Z" level=fatal msg="Error trying to reuse blob sha256:396c31837116ac290458afcb928f68b6cc1c7bdd6963fc72f52f365a2a89c1b5 at destination: Requesting bear token: invalid status code from registry 400 (Bad Request)"
just for reference , can you please share your config.yaml sample so I can cross check there also
from dregsy.
This is what I'm using:
relay: skopeo
tasks:
- name: test
verbose: true
source:
registry: registry.hub.docker.com
target:
registry: europe-west1-docker.pkg.dev
auth: <base64>
mappings:
- from: library/alpine
to: dregsy/upstream/alpine
tags: ['3.10']
from dregsy.
@xelalexv : I was using incorrect destination path when I changed as following then it worked perfectly
to=/<project-id>/upstream/alpine
I was not using image name in path in previous attempts,
Thanks a lot for your support
from dregsy.
done and merged to master
from dregsy.
Related Issues (20)
- Publish binaries as part of the release HOT 2
- Regular expression does not work if the name contains the symbol '_' HOT 9
- Make dregsy crash when the registry is unreachable HOT 4
- Allow use of IRSA for uses of dregsy in a Kubernetes (Cron)Job HOT 2
- Add option to specify destination tag
- Failing to sync between artifactory and ecr HOT 8
- support multiple destination path HOT 7
- question about the `keep` keyword HOT 9
- dregsy stopped working sometimes by giving "exec format error" HOT 6
- Artifacts migration between two internal Nexus Registry HOT 2
- Arch Issue with Image syncing HOT 10
- option to pass registry auth token using k8s secret HOT 5
- Pass AWS credentials if src and dst are in private ECRs of different accounts
- [feat req/debate] adding support for image digests with the skopeo relay HOT 8
- exit status 1 when pushing to GAR HOT 3
- platform architecture destination tag labeling HOT 1
- 1 to many target mapping? HOT 1
- Split config and credentials/secrets HOT 2
- add latest count limit to tag pruning HOT 1
- automatic restart on config file change HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dregsy.