Custom registry

Hi guys
I just tried to connect binderhub to a custom private registry. The registry is unsecure (http) but requires basic auth.
I followed 3. Set up BinderHub — BinderHub 0.1.0 documentation

First remark: I could not set DockerRegistry.token_url to None or null, as the field is declared as Unicode. So I ended up using "".

My binder config:

    config:
      BinderHub:
        use_registry: true
        image_prefix: "my.registry.priv:5000/priv/"
        push_secret: "regcred"
      DockerRegistry:
        token_url: ""
    registry:
      url: "http://my.registry.priv:5000"
      username: "chucknorris"
      password: "cannot_guess_his_pw"

Now, binder seems to be able to authenticate. Still if I try to build an image, it fails.
The build pod quickly appears, then disappears.
The only debug info I am able to gather is a k8s event

Warning   Failed              pod/jupyter-admin
                                        Failed to pull image ... : rpc error: code = Unknown desc = Error response from daemon: Head  ... : no basic auth credentials

Therefore, I conclude that the registry credentials do not arrive at the hub pod.
Next, I tried to add

    jupyterhub:
      hub:
        imagePullSecret:
          create: true
          automaticReferenceInjection: true
          registry: my.registry.priv:5000
          username: "chucknorris"
          password: "cannot_guess_his_pw"

But still the same error.
Does somebody here have experience with private registries?

I’m having the problem I don’t know if this is a bug or something I’ve missed. The hamstring solution I found was patching the default service account with a docker secret

1 Like

Another clue might be looking at mybinder’s public deploy, they have an ImagePullSecret at the same level as config in their values file.

1 Like