20190529 dockerfile-plugin | authentication

20190529 dockerfile-plugin | authentication

https://github.com/spotify/dockerfile-maven/blob/master/docs/authentication.md

Authentication and private Docker registry support

Since version 1.3.0, the plugin will automatically use any configuration in your ~/.dockercfg or ~/.docker/config.json file when pulling, pushing, or building images to private registries

Additionally the plugin will enable support for Google Container Registry if it is able to successfully load Google’s “Application Default Credentials”. The plugin will also load Google credentials from the file pointed to by the environment variable DOCKER_GOOGLE_CREDENTIALS if it is defined. Since GCR authentication requires retrieving short-lived access codes for the given credentials, support for this registry is baked into the underlying docker-client rather than having to first populate the docker config file before running the plugin.

GCR users may need to initialize their Application Default Credentials via gcloud. Depending on where the plugin will run, they may wish to use their Google identity by running the following command

1
gcloud auth application-default login

or create a service account instead.

Authenticating with maven settings.xml

Since version 1.3.6, you can authenticate using your maven settings.xml instead of docker configuration. Just add configuration similar to:

1
2
3
4
5
<configuration>
<repository>docker-repo.example.com:8080/organization/image</repository>
<tag>latest</tag>
<useMavenSettingsForAuth>true</useMavenSettingsForAuth>
</configuration>

You can also use -Ddockerfile.useMavenSettingsForAuth=true on the command line.
Then, in your maven settings file, add configuration for the server:

1
2
3
4
5
6
7
<servers>
<server>
<id>docker-repo.example.com:8080</id>
<username>me</username>
<password>mypassword</password>
</server>
</servers>

exactly as you would for any other server configuration.

Since version 1.4.3, using an encrypted password in the Maven settings file is supported. For more information about encrypting server passwords in settings.xml, read the documentation here.

Authenticating with maven pom.xml

Since version 1.3.XX, you can authenticate using config from the pom itself. Just add configuration similar to:

1
2
3
4
5
6
7
8
9
10
11
12
13
 <plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>${version}</version>
<configuration>
<username>repoUserName</username>
<password>repoPassword</password>
<repository>${docker.image.prefix}/${project.artifactId}</repository>
<buildArgs>
<JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
</buildArgs>
</configuration>
</plugin>

or simpler,

1
2
3
4
5
6
7
8
9
10
11
<plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>${version}</version>
<configuration>
<repository>${docker.image.prefix}/${project.artifactId}</repository>
<buildArgs>
<JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
</buildArgs>
</configuration>
</plugin>

with this command line call

1
mvn goal -Ddockerfile.username=... -Ddockerfile.password=...

认证

身份认证和私有 Docker 仓库支持

从 1.3.0 版本起(since 自…以来,由于,因为),该插件动态(automatically)使用您的配置文件:~/.dockercfg 或 ~/.docker/config.json 其中的一种当拉取、推送、构建镜像到私有仓库时。

此外(Additionally),该插件将支持「谷歌的容器注册」,如果它能够成功(if it is able to successfully)地加载谷歌的“应用程序默认凭据”。如果定义了环境变量 DOCKER_GOOGLE_CREDENTIALS ,该插件也可以从环境变量 DOCKER_GOOGLE_CREDENTIALS 指向的文件中(from the file pointed to by 从什么指向的文件)加载谷歌凭证。由于 GCR 认证需要从给定的凭证中检索(retrieving)短效访问码,对这个容器注册(服务)的支持被合成(baked into)到底层(underlying)的 docker-client ,而不是(rather than)在容器插件运行之前第一时间填充(having to first populate) docker 配置文件。

GCR 用户可能需要通过 gcloud 初始化他们的应用默认凭证,这取决于(depending on 依靠、依赖、取决于)插件运行的位置,他们可能希望通过运行一下命令使用他们的 Google identity

1
gcloud auth application-default login

或者 create a service account 作为替代.

用 maven settings.xml 认证

从 1.3.6 版本开始,你可以使用你的 maven setting.xml 文件认证作为 docker 配置文件的替代。只需要添加以下类似的(similar to)配置:

1
2
3
4
5
<configuration>
<repository>docker-repo.example.com:8080/organization/image</repository>
<tag>latest</tag>
<useMavenSettingsForAuth>true</useMavenSettingsForAuth>
</configuration>

你同样可以在命令行执行命令 -Ddockerfile.useMavenSettingsForAuth=true (替代 true
然后,在您的 maven setting 文件中,添加以下服务配置:

1
2
3
4
5
6
7
<servers>
<server>
<id>docker-repo.example.com:8080</id>
<username>me</username>
<password>mypassword</password>
</server>
</servers>

对于其他任意(for any other)的服务器你会使用完全一样(exactly as)的配置。
从 1.4.3 版本开始,maven setting 文件中支持使用加密密码,关于更多在 setting.xml 中加密服务器密码的信息,read the documentation here.

用 maven pom.xml 认证

从 1.3.X 开始,你可以使用 pom 本身的配置认证,只需要添加以下类似的配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
 <plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>${version}</version>
<configuration>
<username>repoUserName</username>
<password>repoPassword</password>
<repository>${docker.image.prefix}/${project.artifactId}</repository>
<buildArgs>
<JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
</buildArgs>
</configuration>
</plugin>

或者更简单的,

1
2
3
4
5
6
7
8
9
10
11
<plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>${version}</version>
<configuration>
<repository>${docker.image.prefix}/${project.artifactId}</repository>
<buildArgs>
<JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
</buildArgs>
</configuration>
</plugin>

使用此命令行调用:

1
mvn goal -Ddockerfile.username=... -Ddockerfile.password=...

Comments

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×