cage icon indicating copy to clipboard operation
cage copied to clipboard

Published 20 hours ago verified publisher icon faradayio

'invalid image' when trying to use a private registry image

Open camjackson opened this issue 7 years ago • 8 comments

I'm getting an error like this (data somewhat sanitised):

Error: could not read 'pods/my-pod.yml'
error reading file 'pods/my-pod.yml'
invalid image 'my-private-registry:5000/my-org-name/my-app-name'

Config snippet:

# pods/my-pod.yml
services:
  my-app-name:
    image: 'my-private-registry:5000/my-org-name/my-app-name'

It's definitely a valid image name though. I can do docker run my-private-registry:5000/my-org-name/my-app-name and it works just fine. Looks like a case of overly-strict image name validation?

If that's the case, it seems that Cage is not compatible with private docker registries. Which would suck, because so far I'm really loving what Cage can do!

camjackson avatar Jun 30 '17 09:06 camjackson

Hi @camjackson normally private registries are supported, but if I had to guess it's likely that the port number or hierarchical org-name/app-name is throwing off cage. We'll take a look at it.

erithmetic avatar Jun 30 '17 13:06 erithmetic

Does my-private-registry contain a real domain name with periods? I think that might be mandatory. Here's the regex that we're using:

^(?:([^/:.]+\.[^/:]+)(?::([0-9]+))?/)?(?:([^/:.]+)/)?([^/:]+)(?::([^/:]+))?$

This was based on a earlier version of the docker-compose.yml spec. So either the spec has subtly changed, or I read it wrong, or your private registry syntax is non-standard.

emk avatar Jun 30 '17 13:06 emk

Here's a list of test cases showing the syntax we definitely support, from further down in the same file:

    let pairs = vec!(
        (img1, "hello"),
        (img2, "example/hello:4.4-alpine"),
        (img3, "example.com:123/hello:latest"),
        (img4, "example.com/staff/hello"),
    );

emk avatar Jun 30 '17 13:06 emk

Ahhh, yeah that explains it. The registry is at companyname-registry:5000 (because of reasons), and we hack our host files to make that resolve to the right place.

So no, it's not a valid domain name. However, I just tried it in a regular old compose file, and docker-compose will quite happily start up a container from that image name.

I was going to have a go at putting a PR together for this, but cargo build gives me this (totally understand if you're not interested in providing support for my build environment, but thought you might be interested to know 😄):

<snippet removed>

$ rustc --version
rustc 1.18.0 (03fc9d622 2017-06-06)
$ cargo --version
cargo 0.19.0 (28d1d60d4 2017-05-16)

camjackson avatar Jun 30 '17 14:06 camjackson

Never mind, it was just an issue with openssl header locations on MacOS. I've fixed it now.

Would you be open to a PR that would allow a registry host like my-registry?

camjackson avatar Jun 30 '17 14:06 camjackson

I made an attempt at this, but I suck at regex 😕 I tried this:

^(?:([^/:]+)(?::([0-9]+))?/)?(?:([^/:.]+)/)?([^/:]+)(?::([^/:]+))?$

(before, after)

But then the test fails on the first case of a bare image name: hello. Needs more thought than I'm capable of right now 🤔

camjackson avatar Jun 30 '17 15:06 camjackson

FYI, I'm just going to work around this for now by changing my fake registry host to be something like my-company-registry.local. Feel free to close this issue if you don't think it's worth the effort. And sorry for the comment spam!

camjackson avatar Jul 03 '17 02:07 camjackson

Oh, no problem! If anybody figures out how to write a regex that matches whatever the latest version of compose is doing, I'll be happy to merge it. (Hint: Check the docker-compose source to see their regexes and test cases.)

emk avatar Jul 22 '17 14:07 emk