There are several types of commands that work with the Docker registry and require the appropriate authorization:
- During the building process, werf may pull base images from the Docker registry.
- During the publishing process, werf creates and updates images in the Docker registry.
- During the cleaning process, werf deletes images from the Docker registry.
- During the deploying process, werf requires access to the images from the Docker registry and to the stages that could also be stored in the Docker registry.
These commands do not perform authorization and use the predefined docker config to work with the Docker registry.
Docker config is a directory with the authorization data for registries and other settings.
By default, werf uses the same docker config as the Docker utility:
The Docker config directory can be redefined by setting a
$WERF_DOCKER_CONFIG environment variables.
The option and variables are the same as the
docker --config regular option.
To define the docker config, you can use
login - the regular directive of a Docker client, or, if you are using a CI system, ci-env command in werf (learn more about how to plug werf into CI systems).
In the case of several CI jobs running simultaneously, executing
docker logincan lead to failed jobs because of a race condition and conflicting temporary credentials. One job affects another job by overriding temporary credentials in the Docker config. Therefore, the user should provide an individual Docker config for each job via the
docker --configor by using the