cloudflare · emily-shen · Nov 20, 2025 · nikitassharma · Nov 20, 2025 · emily-shen
diff --git a/.changeset/open-donkeys-behave.md b/.changeset/open-donkeys-behave.md
@@ -0,0 +1,18 @@
+---
+"@cloudflare/vite-plugin": minor
+"@cloudflare/containers-shared": minor
+"wrangler": minor
+---
+
+Containers: Allow users to directly authenticate external image registries in local dev
+
+Previously, we always queried the API for stored registry credentials and used those to pull images.
+This means that if you are using an external registry (ECR, dockerhub) then you have to configure
+registry credentials remotely before running local dev. Also, it meant that the Vite-plugin didn't
+work with external image registries, since the plugin could not call the containers API.
+
+Now you can directly authenticate with your external registry provider (using `docker login` etc.),
+and Wrangler or Vite will be able to pull the image specified in the `contaienrs.image` field in your
+config file.
+
+The Cloudflare-managed registry (registry.cloudflare.com) currently still does not work with the Vite plugin.
@@ -5,12 +5,12 @@ import type {
 	BuildArgs,
 	ContainerDevOptions,
 	ImageURIConfig,
-	Logger,
+	WranglerLogger,
 } from "./types";
 
 export async function constructBuildCommand(
 	options: BuildArgs,
-	logger?: Logger
+	logger?: WranglerLogger
 ) {
 	const platform = options.platform ?? "linux/amd64";
 	const buildCmd = [

@@ -1,6 +1,6 @@
 /* istanbul ignore file */
 /* tslint:disable */
-import type { Logger } from "../../types";
+import type { WranglerLogger } from "../../types";
 import type { ApiRequestOptions } from "./ApiRequestOptions";
 
 type Resolver<T> = (options: ApiRequestOptions) => Promise<T>;
@@ -16,7 +16,7 @@ export type OpenAPIConfig = {
 	PASSWORD?: string | Resolver<string>;
 	HEADERS?: Headers | Resolver<Headers>;
 	ENCODE_PATH?: (path: string) => string;
-	LOGGER?: Logger | undefined;
+	LOGGER?: WranglerLogger | undefined;
 };
 
 export const OpenAPI: OpenAPIConfig = {

@@ -10,14 +10,46 @@ import {
 	runDockerCmd,
 	verifyDockerInstalled,
 } from "./utils";
-import type { ContainerDevOptions, DockerfileConfig } from "./types";
+import type {
+	ContainerDevOptions,
+	DockerfileConfig,
+	ViteLogger,
+	WranglerLogger,
+} from "./types";
 
 export async function pullImage(
 	dockerPath: string,
-	options: Exclude<ContainerDevOptions, DockerfileConfig>
+	options: Exclude<ContainerDevOptions, DockerfileConfig>,
+	logger: WranglerLogger | ViteLogger,
+	isVite: boolean
 ): Promise<{ abort: () => void; ready: Promise<void> }> {
 	const domain = new URL(`http://${options.image_uri}`).hostname;
-	await dockerLoginImageRegistry(dockerPath, domain);
+
+	const isExternalRegistry = domain !== getCloudflareContainerRegistry();
+	try {
+		// this will fail in two cases:
+		// 1. this is being called from the vite plugin (doesn't have the appropriate auth context)
+		// 2.
+		await dockerLoginImageRegistry(dockerPath, domain);
+	} catch (e) {
+		if (!isExternalRegistry) {
+			// horrible hack to check if this is from vite - vite logger doesn't have debug method
+			if (isVite) {
+				throw new UserError(
+					`Using images from the Cloudflare-managed registry is not currently supported with the Vite plugin.\n` +
+						`You should set \`containers.image\` to a Dockerfile or use a supported external registry and authenticate to that registry separately using \`docker login\` or similar.\n` +
+						`Supported external registries are currently: ${Object.values(ExternalRegistryKind).join(", ")}.`
+				);
+			}
+			throw e;
+		}
+		logger?.warn(
+			"Unable to retrieve configured registry credentials from Cloudflare." +
+				"\nYou will need to run `wrangler containers registries configure` before deploying." +
+				"\nAttempting to pull image anyway, in case you have authenticated this registry separately..."
+		);
+	}
+
 	const pull = runDockerCmd(dockerPath, [
 		"pull",
 		options.image_uri,
@@ -64,7 +96,9 @@ export async function prepareContainerImagesForDev(args: {
 	onContainerImagePreparationEnd: (args: {
 		containerOptions: ContainerDevOptions;
 	}) => void;
-}) {
+	logger: WranglerLogger | ViteLogger;
+	isVite: boolean;
+}): Promise<void> {
 	const {
 		dockerPath,
 		containerOptions,
@@ -94,7 +128,12 @@ export async function prepareContainerImagesForDev(args: {
 				containerOptions: options,
 			});
 		} else {
-			const pull = await pullImage(dockerPath, options);
+			const pull = await pullImage(
+				dockerPath,
+				options,
+				args.logger,
+				args.isVite
+			);
 			onContainerImagePreparationStart({
 				containerOptions: options,
 				abort: () => {

@@ -5,14 +5,19 @@ import type {
 } from "./client";
 import type { ApplicationAffinityHardwareGeneration } from "./client/models/ApplicationAffinityHardwareGeneration";
 
-export interface Logger {
+export interface WranglerLogger {
 	debug: (...args: unknown[]) => void;
 	debugWithSanitization: (label: string, ...args: unknown[]) => void;
 	log: (...args: unknown[]) => void;
 	info: (...args: unknown[]) => void;
 	warn: (...args: unknown[]) => void;
 	error: (...args: unknown[]) => void;
 }
+export interface ViteLogger {
+	info: (msg: string) => void;
+	warn: (msg: string) => void;
+	error: (msg: string) => void;
+}
 
 export type BuildArgs = {
 	/** image tag in the format `name:tag`, where tag is optional */

@@ -4,7 +4,7 @@
 	"compatibility_date": "2025-04-03",
 	"containers": [
 		{
-			"image": "./Dockerfile",
+			"image": "registry.cloudflare.com/8d783f274e1f82dc46744c297b015a2f/ci-container-dont-delete:latest",
 			"class_name": "Container",
 			"name": "http2",
 			"max_instances": 2,

@@ -206,6 +206,8 @@ export const devPlugin = createPlugin("dev", (ctx) => {
 						containerOptions: [...containerTagToOptionsMap.values()],
 						onContainerImagePreparationStart: () => {},
 						onContainerImagePreparationEnd: () => {},
+						logger: viteDevServer.config.logger,
+						isVite: true,
 					});
 
 					containerImageTags = new Set(containerTagToOptionsMap.keys());

@@ -47,6 +47,8 @@ export const previewPlugin = createPlugin("preview", (ctx) => {
 					containerOptions: [...containerTagToOptionsMap.values()],
 					onContainerImagePreparationStart: () => {},
 					onContainerImagePreparationEnd: () => {},
+					logger: vitePreviewServer.config.logger,
+					isVite: true,
 				});
 
 				const containerImageTags = new Set(containerTagToOptionsMap.keys());

@@ -273,6 +273,8 @@ export class LocalRuntimeController extends RuntimeController {
 					onContainerImagePreparationEnd: () => {
 						this.containerBeingBuilt = undefined;
 					},
+					logger: logger,
+					isVite: false,
 				});
 				if (this.containerBeingBuilt) {
 					this.containerBeingBuilt.abortRequested = false;

@@ -169,6 +169,8 @@ export class MultiworkerRuntimeController extends LocalRuntimeController {
 					onContainerImagePreparationEnd: () => {
 						this.containerBeingBuilt = undefined;
 					},
+					logger: logger,
+					isVite: false,
 				});
 				if (this.containerBeingBuilt) {
 					this.containerBeingBuilt.abortRequested = false;