diff --git a/README.md b/README.md
index 8a940a6d30e5e15a85e3c8121c38b688a4176b99..7f56ae23af8323062b75d810d36e00684d8e170e 100644
--- a/README.md
+++ b/README.md
@@ -136,6 +136,16 @@ If you use **different registries** for snapshot and release images, you shall u
| :lock: `DOCKER_REGISTRY_RELEASE_USER` | Docker registry username for release image registry |
| :lock: `DOCKER_REGISTRY_RELEASE_PASSWORD` | Docker registry password for release image registry |
+#### Using a registry mirror during image builds
+
+You can provide a URL for a mirror registry of `https://index.docker.io` for use during image builds (:warning: `kaniko` and `dind` options only), and optionally with credentials for the mirror, using the following variables:
+
+| Input / Variable | Description |
+| -------------------------------------------- | ------------------------------------------------ |
+| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use |
+| :lock: `DOCKER_REGISTRY_MIRROR_USER` | Docker registry username for the mirror registry |
+| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD` | Docker registry password for the mirror registry |
+
#### Setting your own Docker configuration file (advanced)
There might be cases where you need to provide the complete [Docker configuration file](https://docs.docker.com/engine/reference/commandline/cli/#configuration-files):
@@ -163,6 +173,8 @@ In addition to you own defined variables, you may use the following variables (p
- `${docker_snapshot_registry_host}`: the snapshot registry host (based on the configured `DOCKER_SNAPSHOT_IMAGE` variable)
- `${docker_release_authent_token}`: the authentication token required by the release registry (computed from configured `DOCKER_REGISTRY_RELEASE_USER` / `DOCKER_REGISTRY_RELEASE_PASSWORD` variables)
- `${docker_release_registry_host}`: the release registry host (based on the configured `DOCKER_RELEASE_IMAGE` variable)
+- `${docker_mirror_authent_token}`: the authentication token required by the mirror registry (computed from configured `DOCKER_REGISTRY_MIRROR_USER` / `DOCKER_REGISTRY_MIRROR_PASSWORD` variables)
+- `${docker_mirror_registry_host}`: the mirror registry host (based on the configured `DOCKER_REGISTRY_MIRROR` variable)
Example 1: Docker configuration file inlined in the project repository (`.docker/config.json`) with **dynamic variables replacement**:
@@ -301,6 +313,8 @@ It is bound to the `package-build` stage, and uses the following variables:
|-------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
| `build-args` / `DOCKER_BUILD_ARGS` | Additional `docker/kaniko/buildah` `build` arguments | _(none)_ |
| `registry-mirror` / `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) <br>:warning: Used by the `kaniko` and `dind` options only | _(none)_ |
+| :lock: `DOCKER_REGISTRY_MIRROR_USER` | Docker registry username for the mirror registry | _(none)_ |
+| :lock: `DOCKER_REGISTRY_MIRROR_PASSWORD` | Docker registry password for the mirror registry | _(none)_ |
| `container-registries-config-file` / `CONTAINER_REGISTRIES_CONFIG_FILE` | The [`registries.conf`](https://www.redhat.com/sysadmin/manage-container-registries) configuration to be used<br>:warning: Used by the `buildah` build only | _(none)_ |
| `metadata` / `DOCKER_METADATA` | Additional `docker build`/`kaniko` arguments to set label | OCI Image Format Specification |
| `kaniko-snapshot-image-cache` / `KANIKO_SNAPSHOT_IMAGE_CACHE` | Snapshot image repository that will be used to store cached layers (leave empty to use default: snapshot image repository + `/cache`)<br>:warning: Used by the `kaniko` build only | _none_ (default cache path) |
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index a3f4e5ec23e1779de87dd081d6966fafbe9b706d..5cd256a8e1d4f51118cda72816df6f87bffe6110 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -565,8 +565,19 @@ stages:
export docker_release_authent_token
export docker_release_registry_host
- docker_snapshot_config_json=$(echo -n "{\"auths\":{\"$docker_snapshot_registry_host\":{\"auth\":\"$docker_snapshot_authent_token\"},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}}")
- docker_release_config_json=$(echo -n "{\"auths\":{\"$docker_release_registry_host\":{\"auth\":\"$docker_release_authent_token\"},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}}")
+ if [[ -n "$DOCKER_REGISTRY_MIRROR" && -n "$DOCKER_REGISTRY_MIRROR_USER" ]]
+ then
+ docker_mirror_authent_token=$(echo -n "$DOCKER_REGISTRY_MIRROR_USER:$DOCKER_REGISTRY_MIRROR_PASSWORD" | base64 | tr -d '\n')
+ # shellcheck disable=SC2001
+ docker_mirror_registry_host=$(echo "$DOCKER_REGISTRY_MIRROR" | sed "s|^https*://||" | cut -d/ -f1)
+ export docker_mirror_authent_token
+ export docker_mirror_registry_host
+
+ docker_mirror_config_json="\"$docker_mirror_registry_host\":{\"auth\":\"$docker_mirror_authent_token\"},"
+ fi
+
+ docker_snapshot_config_json=$(echo -n "{\"auths\":{$docker_mirror_config_json\"$docker_snapshot_registry_host\":{\"auth\":\"$docker_snapshot_authent_token\"}},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}")
+ docker_release_config_json=$(echo -n "{\"auths\":{$docker_mirror_config_json\"$docker_release_registry_host\":{\"auth\":\"$docker_release_authent_token\"}},\"HttpHeaders\":{\"User-Agent\":\"$USER_AGENT\"}}")
# Create the configuration file for Docker and Kaniko
BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}