This error occurs when trying to push an image to the public repository on Docker Hub. There have been no issues with other registries I have tried.
I have looked at numerous sites, blogs including StackOverflow and there is still no clear answer.
You can try to replicate this issue as follows.
As shown in the screenshot above, I have an image aspc-mvc-app on local docker host. As shown, it has 3 tags - 1.0.5, 1.0.5.latest and latest.
Assume that we are trying to push using an account name of janedoe at Docker Hub
Per documentation on Docker.io and numerous other sites, there are 3 steps to pushing.
(1) Login
docker login "index.docker.io" -u janedoe -p <password>
--> I get Login Succeeded which is good!
(2) Add one or more tags
Of the 3 tags, let's just tag the latest.
docker tag janedoe/aspc-mvc-app:latest janedoe/aspc-mvc-app
--> The prompt returns with no error. So far so good.
(3) Push
docker push janedoe/aspc-mvc-app
--> This is where the error occurs.
As shown on the screenshot below, initial checks seem to occur fine until you get the error denied: requested access to the resource is denied
At step (2), I have tried numerous other formats including the following.
docker tag janedoe/aspc-mvc-app:latest janedoe/aspc-mvc-app:latest
docker tag janedoe/aspc-mvc-app janedoe/aspc-mvc-app:latest
docker tag aspc-mvc-app:latest janedoe/aspc-mvc-app
docker tag aspc-mvc-app janedoe/aspc-mvc-app:latest
docker tag 306a8fd79d88 janedoe/aspc-mvc-app
docker tag 306a8fd79d88 janedoe/aspc-mvc-app:latest
All fail with the same error.
As a comparison, with the same exact image, I had no problem pushing to Azure Container Registry.
Since Docker Hub is so popular, can anyone shed light on what the mystery is, or if there is a detailed documentation anywhere?
Updated 5/9/2017
I am fairly up-to-date on docker cli and server versions. Right now, my cli is 17.05.0-ce-rc1 and server is 17.04.0-ce as shown below.
The solution is simply to change the way of logging in at step (1).
docker login -u janedoe -p <password>
Everything else can stay the way described above. The image was successfully pushed to Docker Hub!
First login by typing sudo docker login in the terminal. Enter username and password
Visit your docker account and create a new repository. In my case I created a repository crabigator1900/dockerhub
Say you have a docker image with repository name:crabigator/django and tag:latest.
In that case you will need to tag this image with a label of your wish. I decided to tag it with the label:myfirstimagepush. You tag the image by typing the command
sudo docker tag crabigator/django:latest crabigator1900/dockerhub:firstimagepush
Finally push the image to your repo using the command
sudo docker push crabigator1900/dockerhub:firstimagepush
That's all there is to it.
I too had the same issue, but after trying some combinations this worked.
Whenever you push - that refers to docker.io/ followed by registry path.
In my case my username is rushmith and I created a sample repository called docker under rushmith.
My link is : "hub.docker.com/r/rushmith/docker/"
Now I created a tag to my image that I want to push as: rushmith/docker
And It worked successfully.
$ docker login -u rushmith
(Give the password then type as below)
$ docker push rushmith/docker:latest
Output:
The push refers to a repository [docker.io/rushmith/docker]
7fbb0e1e64cb: Pushed
33f1a94ed7fc: Pushed
b27287a6dbce: Pushed
47c2386f248c: Pushed
2be95f0d8a0c: Pushed
2df9b8def18a: Pushed
latest: digest:
sha256:4d749d86b4a2d9304a50df474f6236140dc2d169b9aabc354cdbc6ac107390f2 size: 1569
I hope this late solution might help someone.
The reason of this error message was you haven't named your images properly.
Let say your account name on docker.io was your-name then your new repo name is going to be your-name/your-new-image-name.
In order to push your image, first you have to tag (name) your local images as:
docker tag local-image[:tag-name] your-name/your-new-image-name[:tag-name]
Things in the brackets is optional. You may want to check the result with docker image ls. Then let push your image to your docker repo:
docker push your-name/your-new-image-name[:tag-name]
Done! Your image was pushed to docker repos.
You can follow the following steps:
Step 1: docker login -u <username> -p <password>
A message with "Login Succeeded" will appear, confirming your successful login.
Step 2:
Now in order to push the image just make sure the path which you are using must have your username included in the tag.
e.g: Suppose link is: "hub.docker.com/u/xyz/"
Create a tag to image as docker push xyz/docker:latest.
If you already have some different tag change it using command
docker tag <old tag> <new tag>
Hope this helps.
after 1 hour's struggling with different ways mentioned above,
I reinstalled the neweast version of Docker Desktop app in my mbp, then it is solved.
the neweast version is 20.10.2
and the old version is 17.x, which was installed 5 years ago.
First you need to ensure you have logged into your account
You need to create a repository, below is the command to create a repository -
docker tag local-image:tagname YOUR-ACCOUNT-NAME/tagname
docker push YOUR-ACCOUNT-NAME/tagname
Create a repository from a website.
It possible that you don't have a permission for creating repository.
docker push does not create a repo name so if not present it says access not available
This worked for me.
> docker login -u janedoe
Password:
Login Succeeded
> docker tag myapp:0.0.1 janedoe/myflinkapp:0.0.1
> docker push janedoe/myapp:0.0.1
The push refers to repository [docker.io/janedoe/myapp]
b763be657a2c: Pushed
e534dae385a8: Pushed
5af3d5d57035: Pushed
0e44828b51e2: Pushed
fdd771f27095: Pushed
ef9a7b8862f4: Pushed
a1f2f42922b1: Pushed
4762552ad7d8: Pushed
0.0.1: digest: sha256:0069ee2c39b422e64f0493d2b2e9cbe7736a size: 2154
In my case, I was facing this issue even after logging into Docker registry successfully.
So, I tried running the docker push as sudo and it worked.
Make sure you follow these steps:
Run docker login
After logging in successfully, run the docker push command
If the push failed, run this: sudo docker push repoName:tagName
If you're using 2FA and run
docker login -u <your_docker_user_name>
you will get Login successful but you won't be able to push.
This is because you're using 2FA which requires one-time password to login into your account.
To be able to push with 2FA enabled you need to use an access token. To generate one go to Account settings/Security on Docker Hub website and click New Access Token. As of Access Permissions preferably choose Read & Write - this is the entry level for being able to push. Only generate Read, Write, Delete token if you really need it!
You'll be prompted with instructions on what to do next. Just to keep the answer full, you'll have to run
docker login -u <you_docker_username>
and when prompted for Password paste your Personal Access Token.
IMPORTANT: save your Personal Access Token in a password manager and never share with anyone and never push to github or add to your source code. NEVER! Please.
Now, when you run docker push <your_docker_username>/<your_docker_repo_name>:<tag_of_your_image> you should be able to push the image to the Docker Hub.
I have the same problem and it was solved by running the push command with sudo. I think it is only a privilege problem.
sudo docker push janedoe/aspc-mvc-app
Related
I have Docker Desktop, but create my images on a Linux ARM64 machine, not the MacBook with the Docker Desktop application on it. I want to push these ARM64 images from the Linux host itself, but have run into the following problem:
When I push my image to my Docker Hub private repo with the command:
docker push myDockerHubUserName/myPrivateRepoName:tagOfImage
It fails with the error:
invalid reference format
The form of the command Docker has provided in my Docker account is described as:
Docker commands
To push a new tag to this repository,
docker push myDockerHubUserName/myPrivateRepoName:tagname
I've double-checked the values and syntax: ALL are 100% correct. But the push nonetheless fails.
How is this broken?!?!
Intro:
The error:
invalid reference format
is actually a red herring that will mislead you into believing that there is a syntax error in your push command when there isn't and you'll waste your time...
Problem:
Feel free to jump to the "SOLUTION" section below if you don't care how the commands fails and just want to know how to make it execute successfully ;-)
The instructions for pushing the image that Docker provides in their user's accounts have some large & material gaps. You will waste your time- a fair bit of it- if you do not have the following context:
You must login to your Docker Account before trying to push anything to it:
docker login -u yourDockerAccountUsername
The command Docker Hub gives you implies that the image you're trying to push was already TAGGED with the private repo as part of the tag itself.
It just appears to be a string comprised of (3) parts:
<dockerUserName>/<privateRepoName>:<tagname>It is NOT. You CANNOT merely concatenate
"myDockerHubUserName/myPrivateRepoName"
with
"tagname"
delimited with a colon! "myDockerHubUserName/myPrivateRepoName" must itself be part of the tag or the command will fail!!!
This "help" from Docker I found to be worse than giving no "help" at all because it served to create undue confusion. This is absolutely fundamental stuff and deserves better treatment.
Solution:
Login to your Docker Account:
docker login -u yourDockerAccountUsername
Get the Image ID for the Image that you want to push:
docker image ls
Tag the image with your Docker Hub User ID, Docker Hub Repo Name AND Image Name:
docker tag ae1b95b73ef7 myDockerHubUserName/myPrivateRepoName:myImageName
Push the Image:
docker push myDockerHubUserName/myPrivateRepoName:myImageName
Note the COLON separating the repo & image name: I've seen this described as a forward slash in other answers but I found a colon is required for the command to succeed.
Conclusion:
This was a big and unnecessary time-waster that sent me down the rabbit hole. Hopefully this answer will save others wasted time.
Attribution:
This answer was actually pieced together from several different Stack questions which got me across the finish line. Kudos to Abhishek Dasgupta for the general procedure & kudos to Илья Хоришко for the form of the tag which worked in the end. You folks are stars!
I'm trying to push an image to gitlab registry.
I've done it many times, so I wonder why I get this error.
I build the image with latest tag:
Successfully tagged registry.gitlab.com/mycompany/rgpd_api:latest
Then I login and I push:
docker login registry.gitlab.com -u gitlab+deploy-token-91931
docker push registry.gitlab.com/mycompany/rgpd_api:latest
But I get:
The push refers to repository [registry.gitlab.com/mycompany/rgpd_api]
be679cc302b9: Preparing
denied: requested access to the resource is denied
I gave gitlab+deploy-token-91931 token both read_repository and read_registry rights.
My repo is:
https://gitlab.com/mycompany/rgpd_api
I checked with docs page: https://docs.gitlab.com/ee/user/project/container_registry.html
But when I do it through Gitlab CI, with gitlab-ci-token
I can push it normally.
I also tried to regenerate a new token, but still same issue.
How can I fix it ?
I've stumbled upon this question as well and it turns out that
Group level Deploy tokens can be used to push images to group level container registry similarly to a PAT token with API access or other applicable scopes.
The image must to be tagged with the tag that matches an existing project within the group.
Any image tagged differently will be rejected with the denied: requested access to the resource is denied error message.
So, with the setup below:
GitLab group called mytest
Project within that group called hello-world
Docker image tagged as registry.gitlab.com/mytest/hello-world
Deploy token created for an entire group
Docker daemon authorized to push to that registry by cat "<deploy_token>" | docker login -u "<token_username>" --password-stdin registry.gitlab.com
You will get the following results:
Successful push for docker push registry.gitlab.com/mytest/hello-world because such project exists within the group
denied: requested access to the resource is denied if you try to push an image tagged with the name of the project that does not exist in the group like docker push registry.gitlab.com/mytest/no-project
So, again, image must be tagged to match an existing path within te group, like an existing project within the group or a subgroup.
My error was to use a deploy token to push a image to a registry.
A deploy token can be used to pull an image, but not push it.
So, instead, you can generate a Personal Access Token. You should add at least permissions:
read_registry, write_registry
Make sure you have proper configuration in settings.
Go to Settings of project, then "Visibility, project features, permissions" and check "Container registry : Every project can have its own space to store its Docker images" (for members only or for everyone, up to you). Otherwise, the push and pull will be denied.
This happened to me and that's how I solved it.
you can make docker logout your registry and login again.
It's recreate your token.
this work in my case.
I have an internal company docker repository.
When I was added to it, I received a repository url of the format:
https://docker.mycompany.com/repositories/myusername/myrepository
Ok. great.
I've created a Dockerfile and I have built the docker image.
docker build -t business-services:latest .
Everything works.
I do a
docker images
and I see:
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
business-services latest aaaaaaaaaaaa 3 hours ago 120MB
openjdk 8-jdk-alpine bbbbbbbbbbbb 2 weeks ago 103MB
Great!
Now I'm trying to push "business-services:latest" to:
https://docker.mycompany.com/repositories/myusername/myrepository
...
Here is where things go awry.
First, before you ask, YES, I did a login.
docker login https://docker.mycompany.com/repositories/myusername/myrepository
Username: myusername
Password:
Login Succeeded
The issue comes when I try to "tag" it and then push it.
It looks like the tag name is some kind of mixture of concerns....between the remote docker repository and the image:release. :( Boo.
If I tag it this way:
docker tag business-services:latest docker.mycompany.com/repositories/myuserna/business-services:latest
and i do docker images I see this:
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
business-services latest aaaaaaaaaaaa 3 hours ago 120MB
docker.mycompany.com/myusername/myrepository/business-services latest aaaaaaaaaaaa 3 hours ago 120MB
openjdk 8-jdk-alpine 04060a9dfc39 2 weeks ago 103MB
and then try to push it like this
docker push docker.mycompany.com/myusername/myrepository/business-services
The push refers to repository [docker.mycompany.com/myusername/myrepository/business-services]
denied: requested access to the resource is denied
so its confusing the repository name
I did it this way too, just to make sure
docker push docker.mycompany.com/myusername/myrepository/business-services:latest
The push refers to repository [docker.mycompany.com/myusername/myrepository/business-services]
denied: requested access to the resource is denied
same error :(
Then I tried this:
docker tag business-services:latest docker.mycompany.com/business-services:latest
docker push docker.mycompany.com/business-services:latest
The push refers to repository [docker.mycompany.com/business-services]
denied: requested access to the resource is denied
That doesn't work because i'm not giving myuser/myrepository in the value.
Gaaaaaaaaaaa
This "mixture" of the remote url and the container name is driving me nuts.
At some point of trying to figure out the string voodoo, I got this error:
The push refers to a repository
An image does not exist locally with the tag:
What is the magic sauce for pushing to a url name like
docker.mycompany.com/myusername/myrepository
and who came up with this mix the target repository WITH the imagename voodoo?
Or am I completely off-base for how to push something to a internal company docker repository
RESEARCH stuff I found below:
https://docs.docker.com/engine/reference/commandline/push/#examples
Now, push the image to the registry using the image ID. In this
example the registry is on host named registry-host and listening on
port 5000. To do this, tag the image with the host name or IP address,
and the port of the registry:
$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd
$ docker push registry-host:5000/myadmin/rhel-httpd
Yes, I have researched this, thus how I got this far with my journey.
docker --version
Docker version 18.09.0, build 4d60db4
Thanks !!
Append
I followed these instructions:
http://karlcode.owtelse.com/blog/2017/01/25/push-a-docker-image-to-personal-repository/
under the "Push to your private repository" area.
Same error. can't find the URL
docker tag business-services docker.mycompany.com/myusername/myrepository/business-services:latest
docker push docker.mycompany.com/myusername/myrepository/business-services:latest
The push refers to repository [docker.mycompany.com/myusername/myrepository/business-services]
denied: requested access to the resource is denied
Do you have any other images from this repository? check the tags and make yours similar. Anyway, it is your company internals, it could be configured in different ways and better to ask internal guys who support this repo. Also, ask them to check your permissions.
for example, in my case works something like artifactory.company.com:10001/myusername/virtualreponame/imagename:latest
but in your case, it could be completely differ
So I finally got this to work
docker tag business-services
docker.mycompany.com/myusername/business-services:latest
docker push docker.mycompany.com/myusername/business-services:latest
It looks like the "short name" (in this case "business-services")... ~becomes~ the repository name. Or something like that.
and the repository on the docker trusted repository shows up as:
https://docker.mycompany.com/repositories/myusername/business-services
Anyways. It looks silly now. I hope that helps someone in the future.
I try to push my docker container to the google container registry, using this tutorial, but when I run
gcloud docker push b.gcr.io/my-bucket/image-name
I get the error :
The push refers to a repository [b.gcr.io/my-bucket/my-image] (len: 1)
Sending image list
Error: Status 403 trying to push repository my-bucket/my-image: "Access denied."
I couldn't find any more explanation (no -D, --debug, --verbose arguments were recognized), gcloud auth list and docker info tell me I'm connected to both services.
Anything I'm missing ?
You need to make sure the VM instance has enough access rights. You can set these at the time of creating the instance, or if you have already created the instance, you can also edit it (but first, you'll need to stop the instance). There are two ways to manage this access:
Option 1
Under the Identity and API access, select Allow full access to all Cloud APIs.
Option 2 (recommended)
Under the Identity and API access, select Set access for each API and then choose Read Write for Storage.
Note that you can also change these settings even after you have already created the instance. To do this, you'll first need to stop the instance, and then edit the configuration as mentioned above.
Use gsutil to check the ACL to make sure you have permission to write to the bucket:
$ gsutil acl get gs://<my-bucket>
You'll need to check which group the account you are using is in ('owners', 'editors', 'viewers' etc.)
EDIT: I have experienced a very similar problem to this myself recently and, as #lampis mentions in his post, it's because the correct permission scopes were not set when I created the VM I was trying to push the image from. Unfortunately there's currently no way of changing the scopes once a VM has been created, so you have to delete the VM (making sure the disks are set to auto-delete!) and recreate the VM with the correct scopes ('compute-rw', 'storage-rw' seems sufficient). It doesn't take long though ;-).
See the --scopes section here: https://cloud.google.com/sdk/gcloud/reference/compute/instances/create
I am seeing this but on an intermittent basis. e.g. I may get the error denied: Permission denied for "latest" from request "/v2/...."., but when trying again it will work.
Is anyone else experiencing this?
For me I forgot to prepend gcloud in the line (and I was wondering how docker would authenticate):
$ gcloud docker push <image>
In your terminal, run the code below
$ sudo docker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" https://[HOSTNAME]
Where
-[HOSTNAME] is your container registry location (it is either gcr.io, us.gcr.io, eu.gcr.io, or asia.gcr.io). Check your tagged images to be sure by running $ sudo docker images).
If this doesn't fix it, try reviewing the VM's access scopes.
If you are using Docker 1.7.0, there was a breaking change to how they handle authentication, which affects users who are using a mix of gcloud docker and docker login.
Be sure you are using the latest version of gcloud via: gcloud components update.
So far this seems to affect gcloud docker, docker-compose and other tools that were reading/writing the Docker auth file.
Hopefully this helps.
Same problem here, the troubleshooting section from https://cloud.google.com/tools/container-registry/#access_denied wasn't very helpful. I have Docker and GCloud full updated. Don't know what else to do.
BTW, I'm trying to push to "gcr.io".
Fixed. I was using a VM in compute engine as my development machine, and looks like I didn't give it enough rigths in Storage.
I had the same problem with access denied and I resolved it with creating new image using Tag:
docker tag IMAGE_WITH_ACCESS_DENIED gcr.io/my-project/my-new-image:test
After that I could PUSH It to Container registry:
gcloud docker -- push gcr.io/my-project/my-new-image:test
Today I also got this error inside Jenkins running on Google Kubernetes Engine when pushing the docker container. The reason was a node pool node version upgrade from 1.9.6-gke.1 to 1.9.7-gke.0 in gcp I did before. Worked again after the downgrade.
You need to login to gcloud from the machine you are:
gcloud auth login
I am running docker on CentOS 7 following the official documentation from https://docs.docker.com
When I try to pull a demo image I just created, I got this error:
FATA[0013] Repository not found
The strange thing is that the "Number of Pulls" increases every time I try to pull it. As if every pull is successful.
Every time I get this same error: FATA[0013] Repository not found
So what should I do now?
Lastest Update: Problem solved. Thanks to Jerry Baker, one of the Docker Staff.
Please refer to https://forums.docker.com/t/cant-find-or-pull-public-repos-on-docker-hub/1806/6
UPDATE: I am not running docker under a http_proxy.
UPDATE 2: #user2915097 After I run docker events:
UPDATE 3:
My repo was not even found by docker search:
UPDATE 4:
docker push failed, too. I've already logged in (by docker login).
docker pull wings27/centos-web-dev is not working because it does not have the 'latest' tag. It tries to pull the 'latest' tag by default if you do not provide any tag in your pull command.
Login to your docker account before accessing private repos
docker login
If it still helps, short answer
docker login
docker tag <image_id> wings27/centos-web-dev:<your-tag>
docker pull wings27/centos-web-dev:<your-tag>