-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authentication to other registries fails (cannot push or pull private images) #128
Comments
Update for Azure ACR, we have deployed a fix. With the latest img build, you can pull/push to ACR. |
As of #145, logging in to and pulling from/pushing to ECR should work. |
Thank you @pgavlin !!!! |
nm.. it works with gitlabs registry using basic auth both push and pull. |
I think this issue is related related to all repositories that require token based authentication I have intercepted traffic between me and the repository (using burp suite and proxy env var) and noticed that after successfully logging in and getting a token back, it does not use this token on subsequent requests to the registry resulting in a 401 again (it retries a few times but never is it setting the The versions I am using: |
In addition to my previous comment, I just tried to pull again without trying to login first and it successfully pulled my image. |
can you retest with master or the latest release i updated the vendored auth code in 3e187c6 |
Unfortunately it still does not seem to work I have the idea that the program does something different when credentials are being used then without. I Have created a gist with my captured data |
I have found the issue after I had a bright moment this morning. reference: https://docs.docker.com/registry/spec/auth/token/#requesting-a-token (token response fields) |
img: v0.5.4 I have a similar issue with pushing to Docker hub:
Please let me know if I can do something to help to debug it, or (with a hope) if there might possibly be a workaround. |
Here is the gist of the same commands but with |
I'm seeing the same issue as @grayhemp with Artifactory, his gist shows effectively my exact issues. I'm on 0.5.6 |
Hello,
|
@lefebsy, you probably should also send a issue to your registry provider as this is a issue that the back-end of img uses a oauth scheme for authenticating when pulling/pushing and the authentication server that your provider uses does not support oauth login, reference: https://docs.docker.com/registry/spec/auth/oauth/ as for the back-end of img that is responsible of pulling/pushing, it does not support falling back to basic auth when oauth fails. |
for those wanting to use gcr, you may be able to use the gcloud auth token feature of the CLI
|
Hello all,
Hello, for information, issued JFrog Artifactory support for this bug, but not very sure it will help, jfrog seems not to be very concerned about this problem with img... |
Hi, You can also directly refer to the tarball. Thanks to you this is currently in my Jenkinsfile (inside a withCredentials and running on Kubernetes):
I'm using a modified img-docker just adding skopeo and company CAs before the root user is locked:
|
Hi everyone. Did img push end up getting a fix to be able to push to an artifactory docker registry? If it should have parity with docker push (which works) we should not need extra cli tools such as skopeo. |
Can the checkboxes on this issue be updated yet? It seems like 1-2 of the I noticed that Artifactory from jFrog fails with some operations. Here is a related issue - containerd/containerd#3533 |
Pending the approval and merge of #276,
Installed should be able to authenticating automatically using |
@jessfraz GCP and ACR authentication helpers provided credentials are now supported as of our last merge. Mind resolving this? |
This applies to (GCR) #106 (ACR) #79 and (ECR) #127
Tracking all in one issue.
The text was updated successfully, but these errors were encountered: