Docker Login fails with registry.gitlab.com

amit.pal 2017-02-09 09:51:15 UTC #1

I have been following up this article for setting up Gitlab CI:

Everything has been set up except that the pod on Google container is not able to pull images from gitlab registry. Error message says:
"Error response from daemon: Get https://registry.gitlab.com/v2/username/actuator-sample/manifests/latest: unauthorized: HTTP Basic: Access denied"

I have tried all suggestions I can found on the internet however none of them worked. Moreover, if I try to login to gitlab.registry.com through Kubernetes cloud shell then below error message comes up:

"Error response from daemon: Get https://registry.gitlab.com/v2/: unauthorized: HTTP Basic: Access denied"

I know this will be trivial however somehow could not manage to pass through this. Any help would be appreciated.
Regards,

sammorrowdrums 2017-02-24 18:42:13 UTC #2

Hey! I'm not sure if you solved it but basically, kubernetes currently only support docker registery api v1

For gitlab this means:

kubectl create secret -n testing docker-registry registry.gitlab.com --docker-server=https://registry.gitlab.com/v1/ --docker-username=gitlab-ci-token --docker-password=$CI_BUILD_TOKEN --docker-email=<your email>

endy.muhardin 2017-04-02 02:33:04 UTC #3

I follow your advice, to no avail

Below is my command

kubectl create secret docker-registry $CI_REGISTRY --docker-server=https://registry.gitlab.com/v1/ --docker-username=$CI_REGISTRY_USER --docker-password=$CI_REGISTRY_PASSWORD --docker-email=$GITLAB_USER_EMAIL

And here is the result

Failed to pull image "registry.gitlab.com/endymuhardin/belajar-ci": Error response from daemon: Get https://registry.gitlab.com/v2/endymuhardin/belajar-ci/manifests/latest: unauthorized: HTTP Basic: Access denied

Kubernetes still pull from /v2/ url

sammorrowdrums 2017-04-04 21:53:08 UTC #4

Are you correctly using an ImagePull Secret in the Spec? You need to do both parts for it to work.

spec:
  containers:
  - name: <container name>
    image: registry.gitlab.com/<YOUR IMAGE>
    ports:
    - containerPort: 8080
  imagePullSecrets:
  - name: registry.gitlab.com

sammorrowdrums 2017-04-04 21:56:56 UTC #5

I ask the above, because

if the secret is created correctly (in the same namespace as the container you are pulling)
the secret is correctly referenced in the imagePullSecrets

Then it will work, if it is simple still pulling from v2 API it sounds like it isn't even using the secret at all, and it's assuming the registry will work, and using the URL directly from the image.

david.rouyer 2017-04-20 19:19:01 UTC #6

Same problem here, can't be forced to v1 ...
How does it work with the v2 API?

alejdg 2017-04-25 18:55:00 UTC #7

Same problem here and if I try to force to v1 the API does not work.

michael.sobota 2017-07-26 01:03:42 UTC #8

Has anyone been able to resolve this? I am running into the same issue, tried created the K8s secret using with /v1/ in the docker-server with no luck!