portainer: Can't pull images from registry when there's a period in the URL
Description
I have an on-premises GitLab install with the image registry enabled and working, and that registry is configured into Portainer. After several tests, it seems as if images with periods somewhere in their URLs can’t be imported into the Docker host where Portainer is running.
For instance, clicking on the Pull the image button of the Images action with the image quay.io/carlos.carnero/hello-world:2.0 will report an error:
Pulling the image via docker image pull... works correctly, and once the image is downloaded, it is perfectly usable to start containers; so it is not a connectivity or access control issue.
Using the browser’s console it is apparent that an HTTP 500 status is the response to the request. Following the example above, the URL associated with the POST request was /api/endpoints/1/docker/images/create?fromImage=quay.io%2Fhello-world&tag=2.0 which seems to have a path component, carlos.carnero, missing.
Technical details:
- Portainer version: 1.15.2
- Target Docker version (the host/cluster you manage): 17.09.0-ce
- Platform (windows/linux): linux (CentOS 7, current)
- Command used to start Portainer (
docker run -p 9000:9000 portainer/portainer):docker service create --name portainer --publish 9000:9000 --constraint 'node.role == manager' --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock portainer/portainer -H unix:///var/run/docker.sock - Target Swarm version (if applicable): 17.09.0-ce
- Browser: Google Chrome 62 on Fedora Linux
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 16 (9 by maintainers)
Commits related to this issue
- update docker-compose-wrapper go.mod (#1434) — committed to portainer/portainer by sunportainer 2 years ago
Not really, the alias was just an extra, the main feature here is to be able to associate credentials to a registry so that we can authenticate to private registries. You’ll always find the registry URL in the tags anyway (
a.rather.long.and.12345678-zyx.complex.domain:0000000).Due to the current implementation, users may use multiple credentials to the same registry.
Indeed, this is why it can be quite complex to parse this.
I’m thinking that maybe we should review the entire UX for the image selection and authentication here…
At the moment, the select box gives access to an alias, an implicit registry URL and implicit credentials as well… It does not makes sense in some case as well where you can put
my.registry.com/myname/myimage:latestin the image field and useDockerHubin the select box… (thus the creation of #1441 I believe).Maybe we should just replace the whole form part with only one text input, where the user would be able to put the full image name (that is, registry, repo, name and tags. e.g.
docker.io/library/nginx:latestfor example) and then give an optional ability to the user to use credentials?This way, we do not need to parse the the entered text anymore (which makes it simpler on our end) and give the ability to the user to specify ANY of the following formats: nginx:latest, library/nginx:latest, docker.io/nginx:latest, docker.io/library/nginx:latest.
So instead of storing/managing registries, we could just be storing/managing registries credentials.
Here is a quick WIP: