Configure Docker Daemon for Insecure Registries in Bitbucket Cloud Pipelines
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
The Atlassian-provided Cloud Runners currently do not support Insecure Registries for Pipeline Builds. This KB article guides users on leveraging Linux self-hosted runners to set up a Docker Daemon, allowing connection to insecure registries.
Environment
Bitbucket Cloud Pipelines
Diagnosis
When attempting to perform a "push" or "pull" from a docker insecure registry within a Bitbucket Pipeline build, Docker returns an error indicating that the certificate is not valid.
Example:
1
docker: Error response from daemon: Get "<your custom registry path>": x509: certificate signed by unknown authority.Cause
By default, Docker does not trust an insecure registry without a valid signed certificate. To use insecure registries, configuring the Docker daemon is necessary.
For security reasons, the Docker daemon cannot be configured in Pipelines Cloud Runners. However, Linux self-hosted runners allow custom configuration to the Docker daemon, enabling the use of insecure registries.
Solution
1.Create a custom Docker-in-Docker (dind) Docker image and use it in the Bitbucket Pipeline as follows:
1
2
3
# custom-dind-image
FROM docker:dind
ENTRYPOINT [ "sh", "-c", "dockerd-entrypoint.sh $DOCKER_OPTS" ]2.Once the custom "dind" image is pushed into the registry, use it as a custom image in the Bitbucket Pipeline to set up insecure registries.
An example pipeline configuration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
pipelines:
default:
- step:
runs-on:
- 'self.hosted'
- 'linux'
name: 'Build using custom dind image service'
services:
- custom-dind
script:
- export DOCKER_BUILDKIT=0
- docker info
- echo $DOCKER_PASSWORD | docker login -u $DOCKER_USER --password-stdin <your custom registry URL>
definitions:
services:
custom-dind:
image:
name: <your custom registry>/custom-dind-image
username: $DOCKER_USER
password: $DOCKER_PASSWORD
type: docker
variables:
DOCKER_OPTS: "--insecure-registry=<your custom registry URL>"Note: Custom registry from the example above can be hosted from Docker Hub or any private registry repository. You can find more information about Docker images through our documentation on how to use Docker images as build environments.
Was this helpful?