Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docker build --pull not working for insecure registry when using buildkit #2030

Closed
3 tasks done
tkowpt opened this issue Sep 1, 2023 · 3 comments
Closed
3 tasks done

Comments

@tkowpt
Copy link

tkowpt commented Sep 1, 2023

Contributing guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

I'm using an insecure registry and I've added the necessary configuration in /etc/docker/daemon.json.

{ "insecure-registries": ["example.com"] }

Furthermore, I'm able to pull images with

docker pull example.com/image:latest

However, I can not use images from this registry as base image for docker build because it tries to use HTTPS instead of HTTP for pulling images.

Expected behaviour

It should also be possible to build images based on images from an insecure registry.

docker build --pull --no-cache -t target .

Actual behaviour

docker build is not able to pull the necessary image from an insecure registry, because it tries to pull the image using HTTPS. However, docker pull is able to pull the same image using HTTP.

Buildx version

github.com/docker/buildx v0.11.2 9872040

Docker info

Client: Docker Engine - Community
 Version:    24.0.5
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 20
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
 runc version: v1.1.8-0-g82f18fe
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-1041-azure
 Operating System: Ubuntu 22.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.62GiB
 Name: myhostname
 ID: 2ae648a2-249e-4bd4-8e45-9e87035b475e
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  example.com
  127.0.0.0/8
 Live Restore Enabled: false

Builders list

NAME/NODE DRIVER/ENDPOINT STATUS  BUILDKIT             PLATFORMS
default * docker                                       
  default default         running v0.11.6+0a15675913b7 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/amd64/v4, linux/386

Configuration

/etc/docker/daemon.json:

{ "insecure-registries": ["example.com"] }

Dockerfile:

FROM example.com/image:latest

RUN echo hello world

Command to reproduce the problem:

docker build --pull -t target .

Build logs

docker build --pull -t target .
[+] Building 0.1s (3/3) FINISHED                                                                                                                                        docker:default
 => [internal] load build definition from Dockerfile                                                                                                                              0.0s
 => => transferring dockerfile: 117B                                                                                                                                              0.0s
 => [internal] load .dockerignore                                                                                                                                                 0.0s
 => => transferring context: 2B                                                                                                                                                   0.0s
 => ERROR [internal] load metadata for example.com/image:latest
------
 > [internal] load metadata for example.com/image:latest:
------
Dockerfile:1
--------------------
   1 | >>> FROM example.com/image:latest
   2 |     
   3 |     RUN echo hello world
--------------------
ERROR: failed to solve: example.com/image:latest: failed to do request: Head "https://example.com/v2/image/manifests/latest": http: server gave HTTP response to HTTPS client

Additional info

However the following is working fine:

docker pull example.com/image:latest
docker build -t target .

and even the following is working fine:

DOCKER_BUILDKIT=0 docker build --pull -t target .

I haven't had this problem with docker version 24.0.2, that I've installed through https://get.docker.com as well.

@jedevc
Copy link
Collaborator

jedevc commented Sep 1, 2023

This seems like the same as #1642, which should be fixed in docker 25.0.

@jedevc jedevc closed this as not planned Won't fix, can't repro, duplicate, stale Sep 1, 2023
@woshikid
Copy link

I'm from docker 25.0.0 and this issue is still not fixed 😭
moby/moby#47212

@uliss3s
Copy link

uliss3s commented Sep 26, 2024

Docker 27.3.1 still has the problem...

"docker pull my.registry:8082/image:latest" works fine.

$ docker build -t image-test .

[+] Building 0.2s (2/2) FINISHED                                                                                                                                                                                               docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                     0.0s
 => => transferring dockerfile: 328B                                                                                                                                                                                                     0.0s
 => ERROR [internal] load metadata for my.registry:8082/image:latest                                                                                                                                                 0.0s
------
 > [internal] load metadata for my.registry:8082/image:latest:
------
Dockerfile:1
--------------------
   1 | >>> FROM my.registry:8082/image:latest
   2 |     
   3 |     COPY file.tar.gz /tmp
--------------------
ERROR: failed to solve: my.registry:8082/image:latest: failed to resolve source metadata for my.registry:8082/image:latest: failed to do request: Head "https://my.registry:8082/image/manifests/8": remote error: tls: unrecognized name

$ cat /etc/docker/daemon.json

{
  "insecure-registries" : ["http://my.registry:8082"]
}

$ docker version

Client: Docker Engine - Community
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:40:59 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:40:59 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.22
  GitCommit:        7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc:
  Version:          1.1.14
  GitCommit:        v1.1.14-0-g2c9f560
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

$ docker builder version

github.com/docker/buildx v0.17.1 257815a

OS (fresh install)

NAME="Linux Mint"
VERSION="22 (Wilma)"
ID=linuxmint
ID_LIKE="ubuntu debian"
PRETTY_NAME="Linux Mint 22"
VERSION_ID="22"
HOME_URL="https://www.linuxmint.com/"
SUPPORT_URL="https://forums.linuxmint.com/"
BUG_REPORT_URL="http://linuxmint-troubleshooting-guide.readthedocs.io/en/latest/"
PRIVACY_POLICY_URL="https://www.linuxmint.com/"
VERSION_CODENAME=wilma
UBUNTU_CODENAME=noble

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants