Docker Login fails with registry.gitlab.com

amit.pal · 2017-02-09 09:51:15 UTC

I have been following up this article for setting up Gitlab CI:

Everything has been set up except that the pod on Google container is not able to pull images from gitlab registry. Error message says:
“Error response from daemon: Get https://registry.gitlab.com/v2/username/actuator-sample/manifests/latest: unauthorized: HTTP Basic: Access denied”

I have tried all suggestions I can found on the internet however none of them worked. Moreover, if I try to login to gitlab.registry.com through Kubernetes cloud shell then below error message comes up:

“Error response from daemon: Get https://registry.gitlab.com/v2/: unauthorized: HTTP Basic: Access denied”

I know this will be trivial however somehow could not manage to pass through this. Any help would be appreciated.
Regards,

sammorrowdrums · 2017-02-24 18:42:13 UTC

Hey! I’m not sure if you solved it but basically, kubernetes currently only support docker registery api v1

For gitlab this means:

kubectl create secret -n testing docker-registry registry.gitlab.com --docker-server=https://registry.gitlab.com/v1/ --docker-username=gitlab-ci-token --docker-password=$CI_BUILD_TOKEN --docker-email=<your email>

endy.muhardin · 2017-04-02 02:33:04 UTC

I follow your advice, to no avail

Below is my command

kubectl create secret docker-registry $CI_REGISTRY --docker-server=https://registry.gitlab.com/v1/ --docker-username=$CI_REGISTRY_USER --docker-password=$CI_REGISTRY_PASSWORD --docker-email=$GITLAB_USER_EMAIL

And here is the result

Failed to pull image "registry.gitlab.com/endymuhardin/belajar-ci": Error response from daemon: Get https://registry.gitlab.com/v2/endymuhardin/belajar-ci/manifests/latest: unauthorized: HTTP Basic: Access denied

Kubernetes still pull from /v2/ url

sammorrowdrums · 2017-04-04 21:53:08 UTC

Are you correctly using an ImagePull Secret in the Spec? You need to do both parts for it to work.

spec:
  containers:
  - name: <container name>
    image: registry.gitlab.com/<YOUR IMAGE>
    ports:
    - containerPort: 8080
  imagePullSecrets:
  - name: registry.gitlab.com

sammorrowdrums · 2017-04-04 21:56:56 UTC

I ask the above, because

if the secret is created correctly (in the same namespace as the container you are pulling)
the secret is correctly referenced in the imagePullSecrets

Then it will work, if it is simple still pulling from v2 API it sounds like it isn’t even using the secret at all, and it’s assuming the registry will work, and using the URL directly from the image.

david.rouyer · 2017-04-20 19:19:01 UTC

Same problem here, can’t be forced to v1 …
How does it work with the v2 API?

alejdg · 2017-04-25 18:55:00 UTC

Same problem here and if I try to force to v1 the API does not work.

michael.sobota · 2017-07-26 01:03:42 UTC

Has anyone been able to resolve this? I am running into the same issue, tried created the K8s secret using with /v1/ in the docker-server with no luck!

GrigorievNick · 2017-10-31 09:25:32 UTC

Same here.

muzuro · 2017-11-11 19:46:32 UTC

I have same issue with gke, is any updates on it?

thijs1 · 2017-11-30 09:35:00 UTC

Similar issue here, odly most of the time just after deployment it works. But when a pod dies and sometimes directly after deployment, I get this issue.

ralese · 2017-12-31 04:09:03 UTC

Just want to confirm… it works for me…
Thanks a lot

robjampar · 2018-02-02 13:50:13 UTC

Hey this didn’t fix it for me,
but I found putting a delay at the end of the gitlab-ci (sleep 120) has worked.

maybe gitlab is only allowing the registry credentials to be used in the scope of the CI?