Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker build does not respect "insecure-registries" in /etc/docker/daemon.json #2712

Open
3 tasks done
uliss3s opened this issue Sep 26, 2024 · 2 comments
Open
3 tasks done

docker build does not respect "insecure-registries" in /etc/docker/daemon.json #2712

uliss3s opened this issue Sep 26, 2024 · 2 comments
Labels
status/triage

Comments

@uliss3s
Copy link

uliss3s commented Sep 26, 2024
edited
Loading

Contributing guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

Buiding an image from another image from an insecure registry results in error.

Just did a fresh install of docker in a new machine and configured the "insecure-registries" in /etc/docker/daemon.json.

Expected behaviour

That the image is built

Actual behaviour

ERROR: failed to solve: my.registry:8082/image:latest: failed to resolve source metadata for my.registry:8082/image:latest: failed to do request: Head "https://my.registry:8082/image/manifests/8": remote error: tls: unrecognized name

Buildx version

github.com/docker/buildx v0.17.1 257815a

Docker info

Client: Docker Engine - Community
 Version:    27.3.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.7
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 1
 Server Version: 27.3.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc version: v1.1.14-0-g2c9f560
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-45-generic
 Operating System: Linux Mint 22
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 3.807GiB
 Name: srv-123456789
 ID: 896206df-aa13-417b-ab29-37c77b2267dd
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  my.registry:8082
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Builders list

NAME/NODE     DRIVER/ENDPOINT   STATUS    BUILDKIT   PLATFORMS
default*      docker                                 
 \_ default    \_ default       running   v0.16.0    linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/386

Configuration

build command:

$ docker build -t test-image .

Dockerfile

FROM my.registry:8082/image:latest

RUN echo "teste"

$ cat /etc/docker/daemon.json

{
  "insecure-registries" : ["http://my.registry:8082"]
}

Build logs

[+] Building 0.2s (2/2) FINISHED                                                                                                                                                                                               docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                     0.0s
 => => transferring dockerfile: 328B                                                                                                                                                                                                     0.0s
 => ERROR [internal] load metadata for my.registry:8082/image:latest                                                                                                                                                 0.0s
------
 > [internal] load metadata for my.registry:8082/image:latest:
------
Dockerfile:1
--------------------
   1 | >>> FROM my.registry:8082/image:latest
   2 |     
   3 |     RUN echo "teste"
--------------------
ERROR: failed to solve: my.registry:8082/image:latest: failed to resolve source metadata for my.registry:8082/image:latest: failed to do request: Head "https://my.registry:8082/image/manifests/8": remote error: tls: unrecognized name

Additional info

Doing a "docker pull my.registry:8082/image:latest" works normally.

OS

NAME="Linux Mint"
VERSION="22 (Wilma)"
ID=linuxmint
ID_LIKE="ubuntu debian"
PRETTY_NAME="Linux Mint 22"
VERSION_ID="22"
HOME_URL="https://www.linuxmint.com/"
SUPPORT_URL="https://forums.linuxmint.com/"
BUG_REPORT_URL="http://linuxmint-troubleshooting-guide.readthedocs.io/en/latest/"
PRIVACY_POLICY_URL="https://www.linuxmint.com/"
VERSION_CODENAME=wilma
UBUNTU_CODENAME=noble
@thompson-shaun
Copy link
Collaborator

AFAIK buildkitd is configured by the buildkitd.toml file and won't read the daemon.json (which is for dockerd).

I believe you would need an http=true option set in a buildkitd.toml (reference).

There might be a CLI route as well... @tonistiigi?

@thompson-shaun
Copy link
Collaborator

MIght have my wires crossed here, any insight @vvoland?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@uliss3s @thompson-shaun