search

docker / buildx

Docker CLI plugin for extended build capabilities with BuildKit
Apache License 2.0
3.52k stars 473 forks source link

docker buildx fails to authenticate with private repository #1724

Open immusk opened 1 year ago

immusk commented 1 year ago

Contributing guidelines

I've found a bug and checked that ...

Description

docker buildx build command fails to connect to the private registries(we are using Nexus) with the existing credentials present in ~/.docker/config.json

where as normal docker build command works fine.

Expected behaviour

docker buildx build command should use the existing credentials present in ~/.docker/config.json and successfully pull the referenced image from the given registry.

Actual behaviour

Screenshot 2023-04-06 at 3 47 38 PM

Buildx version

github.com/docker/buildx v0.10.4 c513d34049e499c53468deac6c4267ee72948f02

Docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.10.4)
  compose: Docker Compose (Docker Inc., v2.17.2)

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 46
 Server Version: 20.10.7
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc version: v1.1.5-0-gf19387a
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1127.8.2.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 249.5GiB
 Name: xxxxxxxxxx
 ID: LOJR:7W3K:S5M5:XW3W:PZ64:32TY:CPQF:ZX5P:3XS4:ANN2:P5N4:DHD6
 Docker Root Dir: /mnt1/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Builders list

NAME/NODE  DRIVER/ENDPOINT  STATUS  BUILDKIT PLATFORMS
mybuild *  docker-container
  mybuild0 amd_node         running v0.11.5  linux/amd64*, linux/amd64/v2, linux/amd64/v3, linux/386
  mybuild1 arm_node         running v0.11.5  linux/arm64*, linux/arm/v7, linux/arm/v6, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/mips64le, linux/mips64
amd_node   docker
  amd_node amd_node         running 20.10.7  linux/amd64, linux/386
arm_node   docker
  arm_node arm_node         running 20.10.7  linux/arm64, linux/arm/v7, linux/arm/v6, linux/amd64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386
default    docker
  default  default          running 20.10.7  linux/amd64, linux/386

Configuration

FROM /jdk11:11.0.7-20230322065433

Build logs

No response

Additional info

No response

crazy-max commented 1 year ago

Looks to be a network issue with your amd_node node. Similar to https://github.com/docker/buildx/issues/1683.

Can you give the output of docker buildx inspect mybuild and also try building for each platform:

$ docker buildx build --platform linux/amd64 . 
$ docker buildx build --platform linux/arm64 .
Shuu-Ri commented 1 year ago

Are you trying to build on the organization network? If your organization network has some kind of network monitoring, then perhaps you need the Root CA of the network monitoring. Then load the certificate to the buildx instance to let it acknowledge the organization network monitoring such as "I (buildx isntance) have permission (certificate) to access the private registry"