Open catalinbahrin opened 2 years ago
Cc @ktock
Same problem when using the local image as the base image in dockerfile
Cannot reproduce:
Running a registry on localhost using basic authentication.
compose.yaml:
services:
backend:
image: foobar
build:
context: .
dockerfile: Dockerfile.debug
Dockerfile.debug:
FROM localhost:5000/busybox
RUN echo lol
nerdctl login --username foo --password bar localhost:5000
nerdctl pull busybox
nerdctl tag busybox localhost:5000/busybox
nerdctl push localhost:5000/busybox
nerdctl rmi localhost:5000/busybox
nerdctl compose up --build
Confirming that buildkit does send authenticated requests to the registry (logs):
time="2024-07-30T05:16:57.302729994Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host="localhost:5000" http.request.id=3f6f7ee1-225d-4b2b-8ccb-7362a280a62a http.request.method=HEAD http.request.remoteaddr="10.4.0.1:38830" http.request.uri="/v2/busybox/manifests/latest" http.request.useragent="buildkit/v0.12" vars.name=busybox vars.reference=latest
10.4.0.1 - - [30/Jul/2024:05:16:57 +0000] "HEAD /v2/busybox/manifests/latest HTTP/1.1" 200 755 "" "buildkit/v0.12"
time="2024-07-30T05:16:57.303098829Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="localhost:5000" http.request.id=3f6f7ee1-225d-4b2b-8ccb-7362a280a62a http.request.method=HEAD http.request.remoteaddr="10.4.0.1:38830" http.request.uri="/v2/busybox/manifests/latest" http.request.useragent="buildkit/v0.12" http.response.contenttype="application/vnd.oci.image.index.v1+json" http.response.duration=91.910289ms http.response.status=200 http.response.written=755
I also tried with a private repository on Docker Hub and it worked as well.
@wonderfuwillard @catalinbahrin : can you provide an example demonstrating how to reproduce this?
Also, can you provide the versions of buildctl and buildkit you are using, and how you did install and configure them?
Description
I am able to pull an image from a private repository when I do
lima nerdctl pull REPOSITORY\IMAGE
. However, when I try to build withlima nerdctl compose up --build
a Dockerfile that uses the same image from a private repository, I get an error.Steps to reproduce the issue
Describe the results you received and expected
`=> [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 1.51kB 0.0s => [internal] load .dockerignore 0.1s => => transferring context: 166B 0.1s => ERROR [internal] load metadata for docker.io/REPOSITORY/image:tag: 2.8s
Dockerfile:1 1 | >>> FROM REPOSITORY/image:tag 2 |
3 | # general environment settings
error: failed to solve: REPOSITORY/image:tag: pull access denied, repository does not exist or may require authorization: authorization status: 401: authorization failed FATA[0003] unrecognized image format
FATA[0003] error while building image some_name: exit status 1 `
What version of nerdctl are you using?
Client: Version: v0.17.1 Git commit: 20233c26d26f11ca73a9a775fba87ca884ab14d2
Server: containerd: Version: v1.6.1 GitCommit: 10f428dac7cec44c864e1b830a4623af27a9fc70
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
Lima
Host information
Client: Namespace: default Debug Mode: false
Server: Server Version: v1.6.1 Storage Driver: overlayfs Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Log: json-file Storage: native overlayfs fuse-overlayfs stargz Security Options: apparmor seccomp Profile: default cgroupns rootless Kernel Version: 5.13.0-35-generic Operating System: Ubuntu 21.10 OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.827GiB Name: lima-default ID: 71cbe510-fc1b-4029-ac4a-c456e41560ff
WARNING: AppArmor profile "nerdctl-default" is not loaded. Use 'sudo nerdctl apparmor load' if you prefer to use AppArmor with rootless mode. This warning is negligible if you do not intend to use AppArmor. WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled