search

buildpacks / docs

Web content for Cloud Native Buildpacks
https://buildpacks.io
Apache License 2.0
30 stars 162 forks source link

Cannot push to Docker Hub registry (Tekton) #361

Closed elessar-ch closed 9 months ago

elessar-ch commented 3 years ago

On Page: Tekton

Hi, I tried to follow the docs and push to a public repo of my personal Docker Hub account, however the PipelineRun fails with the following error message:

Saving docker.io/gabrielbespinian/tkntest...
*** Images (sha256:abf309c1f6381313b776f555cd4fa2bd3437bc6b8864642195ecb7f48424c9f6):
      docker.io/gabrielbespinian/tkntest - POST https://index.docker.io/v2/gabrielbespinian/tkntest/blobs/uploads/?from=paketobuildpacks%2Frun&mount=sha256%3A7a3dbe310959ca5d125c5afcdfb1bf029aef2c1cebb47b9c629613766b051c8b: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:gabrielbespinian/tkntest Type:repository] map[Action:push Class: Name:gabrielbespinian/tkntest Type:repository] map[Action:pull Class: Name:paketobuildpacks/run Type:repository]]
ERROR: failed to export: failed to write image to the following tags: [docker.io/gabrielbespinian/tkntest: POST https://index.docker.io/v2/gabrielbespinian/tkntest/blobs/uploads/?from=paketobuildpacks%2Frun&mount=sha256%3A7a3dbe310959ca5d125c5afcdfb1bf029aef2c1cebb47b9c629613766b051c8b: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:gabrielbespinian/tkntest Type:repository] map[Action:push Class: Name:gabrielbespinian/tkntest Type:repository] map[Action:pull Class: Name:paketobuildpacks/run Type:repository]]]

I replicated the steps quite exactly and the secret with the correct Docker Hub creds is present. To me it looks like it's not used.

Interestingly, at the beginning of most containers in the pod, the following message appears.

2021/04/19 21:24:20 warning: unsuccessful cred copy: ".docker" from "/tekton/creds" to "/tekton/home": unable to open destination: open /tekton/home/.docker/config.json: permission denied

However, it looks like it's due to different users being used in different steps, but the config is already there, which I confirmed by running a copy of the pods configuration with sleep infinity and exec ... -- /bin/bashing into.

Can anybody point me in the direction of fixing this issue?

elessar-ch commented 3 years ago

Addendum: I ensured my secret was set up completely right according to this doc: https://github.com/tektoncd/pipeline/blob/main/docs/auth.md#understanding-credential-selection

I also checked why that warning regarding the credential copy occurs (https://github.com/tektoncd/pipeline/blob/main/docs/auth.md#unsuccessful-cred-copy-warning). In my case this message is logged also by the create task. I checked the permissions on the file and it's 600, with owner cnb (1000), and the create step being executed as that user. I don't understand why it would occur in that step.

natalieparellano commented 3 years ago

Hi @elessar-ch the unsuccessful cred copy message is a red herring. I can't recall the exact details of why it occurs, but it is not a blocker.

This is a slightly maddening suggestion, but can you try configuring your registry URL with a trailing slash? Such as https://index.docker.io/v1/.

For more context, see https://github.com/buildpacks/lifecycle/issues/608