I am using minikube to develop my Kubernetes application. I have a private azure registry where my images are saved. Whenever I start the app, k8s start to pull an image. It throws the following error
Failed to pull image "myregistry.azurecr.io/myapp:mytag": rpc error: code = Unknown desc = Error response from daemon: Get https://myregistry.azurecr.io/v2/myapp/manifests/mytag: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
I am configuring my minikube using this documentation. where first, I log-in to acr using below command,
az acr login --name myregistry.azurecr.io --expose-token
And after using the token provided by the above command, I log-in to my private docker-registry by the below command in minikube ssh.
docker login myregistry.azurecr.io -u 00000000-0000-0000-0000-000000000000
After that as per mention in the document, I copy the .docker/config.json to /var/lib/kubelet/config.json in minikube ssh. Still I am facing above error.
If I manually pull the image using the docker pull command, it works. I tried with imagepullsecret also and it is working. But from the above method, getting an authentication error. Do I have missing any step here? Can you please help me?
Thanks...
It seems all the steps are right. Maybe you can check if you really copy the config file to all the minikube nodes. In default, the command minikube ssh connect the control plane. You can check if the nodes' IP addresses is right when you copy the config file to them.
But in my opinion, it's not a good way to use the way like this. It's better and more convenient to use the imagePullSecret and service account.
I used these two commands in cmd:
docker pull elasticsearch
show error:
Using default tag: latest
Error response from daemon: manifest for elasticsearch:latest not found: manifest unknown: manifest unknown
and this command with several different versions:
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.9.0
show error:
Error response from daemon: Get https://docker.elastic.co/v2/elasticsearch/elasticsearch/manifests/7.9.0: Get https://docker-auth.elastic.co/auth?scope=repository%3Aelasticsearch%2Felasticsearch%3Apull&service=token-service: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
how to resolve this problem?
please guide me.
latest version of elastic search does not work out of the box
https://github.com/elastic/elasticsearch-docker/issues/215
so, use specific version to install
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.11.1
Looking at your error message, while pulling the docker image, it seems that your network is blocking you to access the public docker repo to fetch the image.
request canceled while waiting for connection (Client.Timeout
exceeded while awaiting headers)
By any chance are you behind a VPN or firewall or having some restricition on public network/docker registry access?
docker run elasticsearch:{version} -d
use version, which you want to install
example -> docker run elasticsearch:8.4.3 -d
can other images be pulled?
Have you made any modifications to the docker default registry like adding new local registries to this file
/etc/containers/registries.conf
https://www.docker.com/blog/how-to-use-your-own-registry/
and also please check with the port rules for port 5000.
check your firewall, might likely be the culprit.
had the same issue running a compose file trying to pull image from image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} i modified it to image: elasticsearch:${VERSION} and it worked. i.e. removing the docker.elastic.co/elastisearch part of the original url
While pushing the docker image (after successful login) from my host I am getting "unauthorized: authentication required".
Details below.
-bash-4.2# docker login --username=asamba --email=anand.sambamoorthy#gmail.com
WARNING: login credentials saved in /root/.docker/config.json
*Login Succeeded*
-bash-4.2#
-bash-4.2# docker push asamba/docker-whale
Do you really want to push to public registry? [y/n]: y
The push refers to a repository [docker.io/asamba/docker-whale] (len: 0)
faa2fa357a0e: Preparing
unauthorized: authentication required
Docker version: 1.9.1 (both client and server)
http://hub.docker.com has the repo created as well (asamba/docker-whale).
The /var/log/messages shows 403, I dont know if this docker. See below.
Apr 16 11:39:03 localhost journal: time="2016-04-16T11:39:03.884872524Z" level=info msg="{Action=push, Username=asamba, LoginUID=1001, PID=2125}"
Apr 16 11:39:03 localhost journal: time="2016-04-16T11:39:03.884988574Z" level=error msg="Handler for POST /v1.21/images/asamba/docker-whale/push returned error: Error: Status 403 trying to push repository asamba/docker-whale to official registry: needs to be forced"
Apr 16 11:39:03 localhost journal: time="2016-04-16T11:39:03.885013241Z" level=error msg="HTTP Error" err="Error: Status 403 trying to push repository asamba/docker-whale to official registry: needs to be forced" statusCode=403
Apr 16 11:39:05 localhost journal: time="2016-04-16T11:39:05.420188969Z" level=info msg="{Action=push, Username=asamba, LoginUID=1001, PID=2125}"
Apr 16 11:39:06 localhost kernel: XFS (dm-4): Mounting V4 Filesystem
Apr 16 11:39:06 localhost kernel: XFS (dm-4): Ending clean mount
Apr 16 11:39:07 localhost kernel: XFS (dm-4): Unmounting Filesystem
Any help is appreciated, please let me know if you need further info. I did the push with -f as well. No luck!
You'll need to log in to Docker.
Step 1: log in to docker hub
Based on #KaraPirinc's comment, in Docker version 17 in order to log in:
docker login -u username --password-stdin
Then enter your password when asked.
Step 2: create a repository in the docker hub.
Let's say "mysqlserver:sql".
docker push <user username>/mysqlserver:sql
OK! never mind; I found the solution. with 403 Suspected that the HTTP is not going to the right URL.
Change the file which has the login credentials stored the ~/.docker/config.json from the default generated of
{
"auths": {
"docker.io": {
"auth": "XXXXXXXXXXXXX",
"email": "x.y#gmail.com"
}
}
}
to - Note the change from docker.io -> index.docker.io/v1. That is the change.
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "XXXXXXXXXXXXX",
"email": "x.y#gmail.com"
}
}
}
Hope that helps.
Note that the auth field should be 'username:password" base64 encoded.
for example: "username:password" base64 encoded is "dXNlcm5hbWU6cGFzc3dvcmQ="
so your file would contain:
"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="
The solution you posted is not working for me...
This is what works for me:
Create the repository with the desired name.
When committing the image, name the image like the repository, including the username <dockerusername>/desired-name. For example, radu/desired-name.
if you are using heroku, be sure you did not forget to "heroku container:login" before pushing.
The problem newbies face is that we tend to treat docker hub repository just like a maven repository and think that it might contain many a different files, folders and other contents.
A docker repository on the other hand is just a single image, it does not contain anything else. It can hold different versions of the same image, but its going to contain just one image.
So, name your repository on docker hub the same name as the image you want to push into it, and use your dockerhub username as prefix. For eg, if your username is myusername and your image name is docker-whale , make sure to name your dockerhub repository as docker-whale and use the below commands to tag and push your image to repository:
docker logout # to make sure you're logged out and not cause any clashes
docker tag <imageId> myusername/docker-whale # use :1.0.0 for specific version, default is 'latest'
docker login --username=myusername # use the username/pwd to login to docker hub
docker push myusername/docker-whale # use :1.0.0 for pushing specific version, default is 'latest'
I had the same problem but i fixed it with push with specified url.
as: docker login -u https://index.docker.io/v1/
console output:
The push refers to a repository [docker.io/<username>/richcity]
adc9144127c1: Preparing
4db5654f7a64: Preparing
ce71ae73bc60: Preparing
e8e980243ee4: Preparing
d773e991f7d2: Preparing
bae23f4bbe95: Waiting
5f70bf18a086: Waiting
3d3e4e34386e: Waiting
e72d5d9d5d30: Waiting
8d1d75696199: Waiting
bdf5b19f60a4: Waiting
c8bd8922fbb7: Waiting
unauthorized: authentication required
1010deiMac:dockerspace whoami$ docker login -u <username> https://index.docker.io/v1/
Password:
Login Succeeded
1010deiMac:dockerspace whoami$ docker push <username>/richcity
The push refers to a repository [docker.io/<username>/richcity]
adc9144127c1: Pushed
4db5654f7a64: Pushed
ce71ae73bc60: Pushed
e8e980243ee4: Pushed
d773e991f7d2: Pushed
bae23f4bbe95: Pushed
5f70bf18a086: Pushed
3d3e4e34386e: Pushing [=============> ] 45.07 MB/165.4 MB
e72d5d9d5d30: Pushed
8d1d75696199: Pushing [> ] 1.641 MB/118.1 MB
bdf5b19f60a4: Pushing [============> ] 142 MB/568.4 MB
c8bd8922fbb7: Pushing [========================> ] 59.44 MB/121.8 MB
I was running into a similar issue with a similarly unhelpful error message, but it turned out to be because I was trying to push an image that I had built against a docker-machine managed instance.
When I logged into the instance itself, did docker login and docker push everything worked fine.
In case it helps anyone, I managed to resolve this with the following command at the prompt:
az acr login -n MyContainerName
After this, I could run docker push successfully.
Though the standard process is to login and then push to docker registry, trick to get over this particular problem is to login by providing username and password in same line.
So :
docker login -u xxx -p yyy sampledockerregistry.com/myapp
docker push sampledockerregistry.com/myapp
Works
whereas
docker login sampledockerregistry.com
username : xxx
password : yyy
Login Succeeded
docker push sampledockerregistry.com/myapp
Fails
Even I logged in and checked all the configuration, it still does not work !!!
It turned out that when I build my docker, I forget to put my username before the repo name
docker build docker-meteor-build
(build successfully)
And then when I pushed to my repository, I used
docker push myname/docker-meteor-build
It will show the unauthorized authentication required
So, solution is then name of build and the push should be exactly the same
docker build myname/docker-meteor-build
docker push myname/docker-meteor-build
Here the solution for my case ( private repos, free account plan)
https://success.docker.com/Datacenter/Solve/Getting_%22unauthorized%3A_authentication_required%22_when_trying_to_push_image_to_DTR
The image build name to push has to have the same name of the repos.
Example:
repos on docker hub is: accountName/resposName
image build name "accountName/resposName" -> docker build -t accountName/resposName
then type
docker push accountName/resposName:latest
That's all.
My problem was an invalid Authorization token after 5 minutes.
The push took more than 5 minutes because of the image size.
I've fixed it by increasing the "Authorization token duration" to 10 minutes.
If you are pushing a new private image for the first time, make sure your subscription supports this extra image.
Docker allows you to have 6 private images named, even if you only pay for 5, but not to push that 6th image. The lack of an informative message is confusing and irritating.
What worked for me was to create a new repository and rename the image with
$ docker tag image_id myname/server:latest
Make sure you have more slots for private images.
In my case I converted a user into an organization and it lost it's one free private image, so previous pushes that worked, no longer worked.
Same problem here, during pushing image:
unauthorized: authentication required
What I did:
docker login --username=yourhubusername --email=youremail#company.com
Which it printed:
--email is deprecated (but login succeeded still)
Solution: use the latest login syntax.
docker login
It will ask for both username and password interactively. Then the image push just works.
Even after using the new syntax, my ~/.docker/config.json looks like this after logged in:
{
"auths": {
"https://index.docker.io/v1/": {}
},
"credsStore": "osxkeychain"
}
So the credential is in macOS' keychain.
Try docker logout first, then relogin with docker login
You can mv the xxx/.docker/config.json file somewhere for handle it.
Then try to login again for create new config.json file.
#mv xx/.docker/config.json xx/.docker/config_old.json
#docker login https://index.docker.io/v1/
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: YOUR USERNAME
Password: YOUR PASSWORD
WARNING! Your password will be stored unencrypted in /xxx/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
I had a similar problem.
Error response from daemon: Get https://registry-1.docker.io/v2/hadolint/hadolint/manifests/latest: unauthorized: incorrect username or password
I found out out that even if I login successfully with the docker login command, any pull failed.
I tried to clean up the ~/.docker/config.json but nothing improved.
Looking in the config file I've seen that the credentials were not saved there but in a "credsStore": "secretservice".
In Linux this happen to be the seahorse or Passwords and Keys tool.
I checked there and I cleanup all the docker hub login.
After this a new docker login worked as expected.
in your configuration file ~/.docker/config.json add
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "XXXXXXXXXXXXX",
"email": "my_email#gmail.com"
}
}
}
where XXXXX is base64 encoding of your username:password (the : is included) of https://hub.docker.com
in my case i had the same error with a pull. the problem (under windows) was provoked by double docker running process, so a kill them all and restart one service and it works .
I have received similar error for sudo docker push /sudo docker pull on ecr repository.This is because aws cli installed in my user(abc) and docker installed in root user.I have tried to run sudo docker push on my user(abc)
Fixed this by installed aws cli in root , configured aws using aws configure in root and run sudo docker push to ecr on root user
If you running windows 7 docker Registry
Start **Docker Quick Start terminal** run (this terminal enables connection ) Until you pushed images , that will keep token alive .
Login
docker login
Make sure you tag the image with username
docker build -f Dockerfile -t 'username'/imagename
push image
docker image push username/imagename
Note: image name all lowercase
I tried all the methods I can find online and failed. Then I read this post and get some ideas from #Alex answer. Then I search about ""credsStore": "osxkeychain"" which is used in my config.json. The I follow this link https://docs.docker.com/engine/reference/commandline/login/ to logout and then login again. Finally, I can push my image successfully.
I had the same problem and I can fix it.
change the ~/.docker/config.json file as below
{
"auths": {
"XxX": {
"auth": "XxX"
}
}
}
and do not forget to restart docker service.
service docker restart
enjoy
i was facing the same problem with Heroku and Docker, the solution was
docker login
docker build . -t <project_name>
heroku container:login
heroku container:push web -a <project_name>
I had the same problem but I fixed it with push with a specified URL:
docker login -u https://index.docker.io/v1/
Just curious to know what could be the cause for this issue?
Old post but had same issue and couldn't find the answer.
NOTE: the Docker tag is case sensitive to Azure loginserver name.
I was uploading to Azure container. Container was named "LearnContainer81"
Loginserver was "learncontainer81.azurecr.io"
When I did the tag in Docker, I did it with "LearnContainer81.azurecr.io/X" and it gives unauthorised. Did tag again in lowercase as per Loginserver for Azure. This then uploaded fine.
Its the problem with the proxy.
Turn off the VPN if you are working on any.
https://forums.docker.com/t/failed-with-status-401-unauthorized/11023/3
I'm using my self-hosted docker registry, where I terminate HTTPS/SSL first on another server (such as nginx or trafficserver), and then pass the traffic to registry over non-encrypted HTTP. After a lot of research, I managed to get it to work.
i) the problem is caused by not having X-Forwarded-Proto -header set in PATCH -requests, resulting in 401 error. See https://github.com/distribution/distribution/issues/1177#issuecomment-155718420
ii) nginx version 18 (and lower such as Ubuntu Bionic and Focal) seems not to pass the
proxy_set_header X-Forwarded-Proto https;
for PATCH (POST works ok), but nginx version 21 works ok.
Also Apache Trafficserver seems to pass the headers properly, once enabled.
Make sure your docker repositry name matches your local docker repo name.
e.g lets say if you local repo name "kavashgar/nodjsapp"
then your should also have a repo names "kavashgar" in docker hub