Configuring Connections to Docker

Registry Address Format

By default, https://docker.io is used.

To connect to a registry, use the following format: [http(s)://]hostname:port.

If the protocol is not specified, the connection over https is used by default.

Connecting to Private Cloud Registry

TeamCity supports the Azure container registry storing Docker images. You can authenticate using the Service principal (the principal ID and password are used as the connection credentials) or Admin account.

Amazon Elastic Container Registry (AWS ECR) is supported: specify the AWS region and your AWS Security Credentials when configuring the connection.

Connecting to Insecure Registry

To connect to an insecure registry:

1. Configure all TeamCity agents where Docker is installed to work with insecure repositories as stated in the Docker documentation. This is sufficient to allow the connection to the private registry over HTTP.

2. To connect to an insecure registry over HTTPS with a self-signed certificate, in addition to the step above, import the self-signed certificate to the JVM of the TeamCity server as described here. You can consult the Docker documentation on using self-signed certificates.

Running multiple agents with Docker on one machine

TeamCity supports the case when multiple agents are running parallel builds on the same machine and connect to a Docker registry during these builds. This setup requires using different Docker environments: the docker logout command executed at the end of the one build should not affect the parallel build on another agent.
To configure it, you need to specify locations of each agent's .docker directory. For this, define the env.DOCKER_CONFIG=%teamcity.agent.home.dir%/system/.docker environment variable either as a build configuration parameter or in the buildAgent.properties file of each agent.