Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
a
ambitious-jackal-29837
06/11/2022, 8:02 PMWhat is the preferred method for authenticating with a private Docker registry with Rancher Desktop 1.4.1 on a Mac?
nerdctl login $registryf
fast-garage-66093
06/11/2022, 8:48 PMThis is supposed to work; how does it fail for you?
a
ambitious-jackal-29837
06/11/2022, 8:51 PMI get
Login Succeedednerdctl build .failed to solve: $registry/$image:$tag: pulling from host $registry failed with status code [manifests $tag]: 403 Forbiddenf
fast-garage-66093
06/11/2022, 8:57 PMidk, it seems to work for me:
$ nerdctl logout registry.home
Removing login credentials for registry.home
$ nerdctl pull registry.home/nginx:test
FATA[0000] failed to resolve reference "registry.home/nginx:test": unexpected status from HEAD request to <https://registry.home/v2/nginx/manifests/test>: 401 Unauthorized
$ nerdctl login registry.home
Enter Username: user
Enter Password:
Login Succeeded
$ nerdctl pull registry.home/nginx:test
registry.home/nginx:test: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a0bcbecc962ed2552e817f45127ffb3d14be31642ef3548997f58ae054deb5b2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a2abf6c4d29d43a4bf9fbb769f524d0fb36a2edab49819c1bf3e76f409f953ea: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a9edb18cadd1336142d6567ebee31be2a03c0905eeefe26cb150de7b0fbc520b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:589b7251471a3d5fe4daccdddfefa02bdc32ffcba0a6d6a2768bf2c401faf115: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:186b1aaa4aa6c480e92fbd982ee7c08037ef85114fbed73dbb62503f24c1dd7d: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b4df32aa5a72e2a4316aad3414508ccd907d87b4ad177abd7cbd62fa4dab2a2f: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 6.4 s total: 54.1 M (8.5 MiB/s)I need to leave now; will try
nerdctl builda
ambitious-jackal-29837
06/11/2022, 10:02 PM$ nerdctl build
FATA[0000] context needs to be specifiedThis could be related to the use of the osxkeychain helper
I was prompted a single time to provide credentials
f
fast-garage-66093
06/11/2022, 10:09 PMIt must be something specific about your registry:
$ cat Dockerfile
from registry.home/nginx:test
run touch foo
$ nerdctl build -t foo:latest .
[+] Building 0.1s (3/3) FINISHED
=> [internal] load build definition from Dockerfile => => transferring dockerfile: 81B
=> [internal] load .dockerignore
=> => transferring context: 2B
=> ERROR [internal] load metadata for registry.home/nginx:test
------
> [internal] load metadata for registry.home/nginx:test:
------
Dockerfile:1
--------------------
1 | >>> from registry.home/nginx:test
2 | run touch foo
3 |
--------------------
error: failed to solve: registry.home/nginx:test: pulling from host registry.home failed with status code [manifests test]: 401 Unauthorized
FATA[0000] unrecognized image format
$ nerdctl login -u user -p password registry.home
WARN[0000] WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
$ nerdctl build -t foo:latest .
[+] Building 2.1s (7/7) FINISHED
=> [internal] load build definition from Dockerfile => => transferring dockerfile: 81B => [internal] load .dockerignore => => transferring context: 2B => [internal] load metadata for registry.home/nginx:test => [auth] sharing credentials for registry.home => [1/2] FROM registry.home/nginx:test@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 => => resolve registry.home/nginx:test@sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
=> CACHED [2/2] RUN touch foo
=> exporting to oci image format => => exporting layers => => exporting manifest sha256:911d0ec1b75fe69991b406e785c69e2a97d3c242646e99d97a9ee34fcc910212 => => exporting config sha256:8ba94ec8cdea311610a67be52df7a4495f0990ca06927259c17241c581163fbc => => sending tarball unpacking <http://docker.io/library/foo:latest|docker.io/library/foo:latest> (sha256:911d0ec1b75fe69991b406e785c69e2a97d3c242646e99d97a9ee34fcc910212)...done
$ nerdctl run --rm foo:latest ls -l foo
-rw-r--r-- 1 root root 0 Jun 11 22:04 fooSo the build fails unless I'm logged in, as expected, and succeeds when I'm logged in.
a
ambitious-jackal-29837
06/11/2022, 10:13 PMI understand how it should work - but it is not working this way for me
f
fast-garage-66093
06/11/2022, 10:14 PMThat's why I said it must be related to your registry, as it works for others (including me)
I'm using the regular docker "distribution" registry here with basic auth and TLS
a
ambitious-jackal-29837
06/11/2022, 10:15 PMWhat version of Rancher Desktop are you running on which OS @fast-garage-66093?
f
fast-garage-66093
06/11/2022, 10:16 PMRD 1.4.1 on macOS (amd64)
a
ambitious-jackal-29837
06/11/2022, 10:17 PMarm64 ? i'd be surprised if amd starting making chips for apple
f
fast-garage-66093
06/11/2022, 10:18 PMamd64x86_64arm64aarch64Anyways, yes, it is an Intel CPU
I doubt it makes any difference for your issue.
I find it interesting that you get a
403 Forbidden401 Unauthorized