buildx: Failure to push when using multi-node context

I will try to describe my issue as good as I can… much of the setup is done by trail and error, so I could just be doing it wrong, but the documentation for multi-node buildx instances is quite sparse at the moment, so it’s the best I could!

Scenario: I have connected a ARM64 machines docker daemon to one of my AMD64 machines through buildx to be able to utilize the native ARM64 engine for ARM64 builds. While the engines seems to work great together while building, when they are about to push they stop after the AMD64 machine have pushed the first tag.

There are no errors in the build logs, so it looks like it was built and pushed successfully while no images are pushed to the registries.

I have tried both by connecting to the remote daemon over tcp and over ssh, while none of them seems to work for me. Connection was done through docker buildx create --append --name <builder-name> tcp://ip:2375

It does though, seem like the registries do notice that something was being pushed as they say that the last update was “1 minute ago”, while no images have been changed.

The last part of the build log looks like this when it fails to push successfully:

#11 exporting to image
#11 exporting layers
#11 exporting layers 15.1s done
#11 pushing layers
#11 exporting manifest sha256:e79069017c796a48ecd0122aa6bb4b5a71d5366dad15a22d8dae3cf3445ffe85 0.0s done
#11 exporting config sha256:7539d58986be67c54043cf7c10f759f17d9f2c27cf48baa904ce6601e915af89 0.0s done
#11 exporting manifest list sha256:c13816f3f05006682736fcba1eb7cc9e38fd972c31d3a26155d8a80a33de1539 0.0s done
#11 pushing layers 6.6s done
#11 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base
#11 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base 1.6s done
#11 pushing layers 5.0s done
#11 pushing manifest for docker.io/jitesoft/node-base
#11 pushing manifest for docker.io/jitesoft/node-base 0.8s done
#11 DONE 29.2s

#16 merging manifest list registry.gitlab.com/jitesoft/dockerfiles/node-base...
#16 DONE 4.4s

While a “real” successful one looks like the following (using only the AMD64 machine with Qemu):

#13 exporting to image
#13 exporting layers
#13 exporting layers 12.0s done
#13 exporting manifest sha256:120e8ce6e70745087f148f6991b9c072a331a42b15224d7b073382dbd7f8862f 0.0s done
#13 exporting config sha256:708ed343e10cf46f540039b355a21fa962be06dfb0be6adf88385e11974872fb 0.0s done
#13 exporting manifest sha256:0a495831b15cdf834d3d5fbd56acb2834a9161d42fac9fe8ec69c2435807a79f 0.0s done
#13 exporting config sha256:33d5f0ebafc4f4a6b33acd9726a2517e916713616c539f0c28c210976f84b424 0.0s done
#13 exporting manifest list sha256:c5a0e0562036da3573f03c609923266779df8dc4b2f3d5de6fa1d4b11aec108a 0.0s done
#13 pushing layers
#13 pushing layers 6.0s done
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:12.13.0-slim
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:12.13.0-slim 3.9s done
#13 pushing layers 4.9s done
#13 pushing manifest for docker.io/jitesoft/node-base:12.13.0-slim
#13 pushing manifest for docker.io/jitesoft/node-base:12.13.0-slim 1.5s done
#13 pushing layers 1.8s done
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:12-slim
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:12-slim 3.0s done
#13 pushing layers 1.4s done
#13 pushing manifest for docker.io/jitesoft/node-base:12-slim
#13 pushing manifest for docker.io/jitesoft/node-base:12-slim 1.1s done
#13 pushing layers 1.8s done
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:stable-slim
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:stable-slim 3.2s done
#13 pushing layers 1.0s done
#13 pushing manifest for docker.io/jitesoft/node-base:stable-slim
#13 pushing manifest for docker.io/jitesoft/node-base:stable-slim 1.4s done
#13 pushing layers 1.9s done
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:lts-slim
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:lts-slim 3.5s done
#13 pushing layers 1.1s done
#13 pushing manifest for docker.io/jitesoft/node-base:lts-slim
#13 pushing manifest for docker.io/jitesoft/node-base:lts-slim 1.1s done
#13 pushing layers 2.0s done
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:erbium-slim
#13 pushing layers
#13 pushing manifest for registry.gitlab.com/jitesoft/dockerfiles/node-base:erbium-slim 8.1s done
#13 pushing layers 1.0s done
#13 pushing manifest for docker.io/jitesoft/node-base:erbium-slim
#13 pushing manifest for docker.io/jitesoft/node-base:erbium-slim 1.0s done
#13 DONE 62.8s

If there are any logs that I can’t find that would help in debugging the issue or any more information that you could need, please let me know!

Docker version output: AMD machine:

Client: Docker Engine - Community                                                                                                                                                                                                                                                                                                                                           Version:           19.03.4                                                                                                                                                                                                                                                                                                                                                 API version:       1.40                                                                                                                                                                                                                                                                                                                                                    Go version:        go1.12.10                                                                                                                                                                                                                                                                                                                                               Git commit:        9013bf583a                                                                                                                                                                                                                                                                                                                                              Built:             Fri Oct 18 15:54:09 2019                                                                                                                                                                                                                                                                                                                                OS/Arch:           linux/amd64                                                                                                                                                                                                                                                                                                                                             Experimental:      true                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Server: Docker Engine - Community                                                                                                                                                                                                                                                                                                                                           Engine:                                                                                                                                                                                                                                                                                                                                                                     Version:          19.03.4                                                                                                                                                                                                                                                                                                                                                  API version:      1.40 (minimum version 1.12)                                                                                                                                                                                                                                                                                                                              Go version:       go1.12.10                                                                                                                                                                                                                                                                                                                                                Git commit:       9013bf583a                                                                                                                                                                                                                                                                                                                                               Built:            Fri Oct 18 15:52:40 2019                                                                                                                                                                                                                                                                                                                                 OS/Arch:          linux/amd64                                                                                                                                                                                                                                                                                                                                              Experimental:     true                                                                                                                                                                                                                                                                                                                                                    containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

ARM machine:

Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf5
 Built:             Fri Oct 18 15:52:24 2019
 OS/Arch:           linux/arm64
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf5
  Built:            Fri Oct 18 15:50:53 2019
  OS/Arch:          linux/arm64
  Experimental:     true
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Buildx version:

AMD machine:

github.com/docker/buildx v0.3.1 6db68d029599c6710a32aa7adcba8e5a344795a7

ARM machine:

github.com/docker/buildx v0.3.1-tp-docker 6db68d029599c6710a32aa7adcba8e5a344795a7

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Reactions: 1
  • Comments: 44 (2 by maintainers)

Commits related to this issue

Most upvoted comments

Thanks! I actually fixed it already, working on creating pull-requests, building forked images, deployment to my CI etc …

It was a one-line-fix in containerd: https://github.com/StarGate01/containerd/commit/2caabd9cd073fa2be8de45674e94b4d5672646de

+4
StarGate01 on Feb 18, 2020

Each docker “image” consists of a manifest and a bunch of layers. The manifest references the layers and a tag references a manifest. When it comes to multi-arch, the manifest file is split up into the same image but with different architectures, so each tag points to a manifest, which have multiple architectures which each references a bunch of layers.

From my testing and research, the manifest is pushed fine, while that’s it, the layers are not pushed and the tags are not (as they comes after pushing of the layers).

+2
Johannestegner on May 23, 2020

@psalkowski If you are hitting a provenance-related issue, specifically with multi-node, then make sure you are using the latest buildx and if you still see the problem open a new issue with reproduction steps. This issue is for something different (likely registry related).

+1
tonistiigi on Feb 7, 2023

Ok I tried to work around this issue several ways:

  1. Build one tag only, then do docker tag aliases and push that. That failed because it only tags the current architecture so you have the main image multiarch and the tag aliases for one arch only.
  2. Do a docker buildx build for each tag in a loop. That almost works but for some reasons only the images that run on the buildx host get a new digest (You can search docker buildx build in the following log https://bit.ly/3cZ3RHT). The images that were built on the other node keep their digest.

Here’s how 2 was implemented:

for tag in $BUILD_TAGS; do
  docker buildx build --platform="$DOCKER_PLATFORMS" --pull --push --cache-from="$BUILD_TAG" --cache-to="type=inline" --tag="$tag" .
done

Here are the two resulting images: https://hub.docker.com/r/silex/emacs/tags?page=1&name=25-dev https://hub.docker.com/r/silex/emacs/tags?page=1&name=25.3-dev. We see that for arm the sha256 digests are the same but for amd64/i386 they changed.

How am I supposed to “docker tag” a multiarch image?

I’m now thinking of docker manifest inspect my way to copy a manifest to another tag, but I’m unsure how. Any pointers would be appreciated.

+1
Silex on May 23, 2020

Haha wow… Oh well, this will improve my build process a whole lot, I owe you one! 😃

+1
Johannestegner on Feb 18, 2020

To further support my argument, I pulled the access logs for a push from buildx from my nginx gateway:


[redacted-ip] - chonal [18/Feb/2020:14:49:31 +0000] "GET /v2/token?scope=repository%3Apublic%2Fhello-ci%3Apull&scope=repository%3Apublic%2Fhello-ci%3Apull%2Cpush&service=[redacted-registry-fqdn] HTTP/1.1" 200 710 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3 HTTP/1.1" 401 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc HTTP/1.1" 401 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db HTTP/1.1" 401 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be HTTP/1.1" 401 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9 HTTP/1.1" 401 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f HTTP/1.1" 401 0 "-" "Go-http-client/1.1",
[redacted-ip] - chonal [18/Feb/2020:14:55:02 +0000] "GET /v2/token?scope=repository%3Apublic%2Fhello-ci%3Apull&scope=repository%3Apublic%2Fhello-ci%3Apull%2Cpush&service=[redacted-registry-fqdn] HTTP/1.1" 200 709 "-" "Go-http-client/1.1",
[redacted-ip] - chonal [18/Feb/2020:14:55:02 +0000] "GET /v2/token?scope=repository%3Apublic%2Fhello-ci%3Apull&scope=repository%3Apublic%2Fhello-ci%3Apull%2Cpush&service=[redacted-registry-fqdn] HTTP/1.1" 200 702 "-" "Go-http-client/1.1",
[redacted-ip] - chonal [18/Feb/2020:14:55:02 +0000] "GET /v2/token?scope=repository%3Apublic%2Fhello-ci%3Apull&scope=repository%3Apublic%2Fhello-ci%3Apull%2Cpush&service=[redacted-registry-fqdn] HTTP/1.1" 200 706 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - chonal [18/Feb/2020:14:55:02 +0000] "GET /v2/token?scope=repository%3Apublic%2Fhello-ci%3Apull&scope=repository%3Apublic%2Fhello-ci%3Apull%2Cpush&service=[redacted-registry-fqdn] HTTP/1.1" 200 704 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9 HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3 HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/manifests/latest HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "PUT /v2/public/hello-ci/manifests/latest HTTP/1.1" 201 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:03 +0000] "HEAD /v2/public/hello-ci/manifests/latest HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:03 +0000] "PUT /v2/public/hello-ci/manifests/latest HTTP/1.1" 201 0 "-" "Go-http-client/1.1",
[redacted-ip] - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f HTTP/1.1" 200 0 "-" "Go-http-client/1.1",
192.168.1.1 - portus [18/Feb/2020:14:55:04 +0000] "GET /v2/token?account=portus&scope=repository%3Apublic%2Fhello-ci%3Apull&service=[redacted-registry-fqdn] HTTP/1.1" 200 703 "-" "Ruby"

As you can see, only the GET requests for auth tokens are properly authenticated using HTTP auth, the subsequent PUT requests actually uploading data are not, which is perfectly ok since auth is achieved with the token. However, the registry pulls the actor name from the HTTP auth user (I suppose) See below. The registry sends this notification:

Handling 'push' event:
{
  "id": "621b40f2-dc93-4fb7-b721-8fe140fb2a44",
  "timestamp": "2020-02-18T14:55:03.181921156Z",
  "action": "push",
  "target": {
    "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
    "size": 1076,
    "digest": "sha256:9ea58c192d477295f85fa5d85856768296da8ab98549445cc6818d733539779e",
    "length": 1076,
    "repository": "public/hello-ci",
    "url": "https://[redacted-registry-fqdn]/v2/public/hello-ci/manifests/sha256:9ea58c192d477295f85fa5d85856768296da8ab98549445cc6818d733539779e",
    "tag": "latest"
  },
  "request": {
    "id": "485bc065-c1df-4250-9ddf-5972b879542b",
    "addr": "[redacted-ip]",
    "host": "[redacted-registry-fqdn]",
    "method": "PUT",
    "useragent": "Go-http-client/1.1"
  },


  "actor": {
  },
  "source": {
    "addr": "ce2d2570cb42:5000",
    "instanceID": "0b6d7d0e-35f9-4ac6-8c37-9ca00c2fbbb6"
  }
}

Edit: Strange thing, regular docker push uses the same pattern:


[redacted-ip] - chonal [18/Feb/2020:15:09:52 +0000] "GET /v2/token?account=chonal&scope=repository%3Apublic%2Fhello-ci%3Apush%2Cpull&service=[redacted-regsitry-fqdn] HTTP/1.1" 200 710 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))"
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "PUT /v2/public/hello-ci/manifests/test2 HTTP/1.1" 201 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:f16790039ef1d40f0b01b9807317809ad04e528cd631fdbfd40cd783d3078e4f HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:5c939e3a4d1097af8d3292ad3a41d3caa846f6333b91f2dd22b972bc2d19c5b5 HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:c63719cdbe7ae254b453dba06fb446f583b503f2a2c15becc83f8c5bc7a705e0 HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:19a861ea6baff71b05cd577478984c3e62cf0177bf74468d0aca551f5fcb891c HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:3976a685910e7b9752b1fb64e0db6c6af19115394e4bcc0ffbcf450363b7b4bb HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:651c9d2d6c4f37c56a221259e033e7e2353b698139c2ff950623ca28d64a9837 HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:f35234890e641ef10024b968edf6a8ef7221920f0f2492f4e7bc4a9c7d5aa0df HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
[redacted-ip] - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:f075fb918eb3e716dff06c93d6c6b9ea13b9fa6638ad1c17675e440341ebf811 HTTP/1.1" 200 0 "-" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \x5C(linux\x5C))",
192.168.1.1 - portus [18/Feb/2020:15:09:55 +0000] "GET /v2/token?account=portus&scope=repository%3Apublic%2Fhello-ci%3Apull&service=[redacted-regsitry-fqdn] HTTP/1.1" 200 703 "-" "Ruby",

But this time the notification sent by the registry contains the actor:

Handling 'push' event:
{
  "id": "b5b4064b-9703-4f2e-81b7-5056d77ef55d",
  "timestamp": "2020-02-18T15:09:53.6760806Z",
  "action": "push",
  "target": {
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "size": 1984,
    "digest": "sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6",
    "length": 1984,
    "repository": "public/hello-ci",
    "url": "https://[redacted-registry-fqdn]/v2/public/hello-ci/manifests/sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6",
    "tag": "test2"
  },
  "request": {
    "id": "73907ff4-bba0-4744-bbba-f6ad03c210d4",
    "addr": "[redacted-ip]",
    "host": "[redacted-registry-fqdn]",
    "method": "PUT",
    "useragent": "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
  },


  "actor": {
    "name": "chonal"
  },
  "source": {
    "addr": "ce2d2570cb42:5000",
    "instanceID": "0b6d7d0e-35f9-4ac6-8c37-9ca00c2fbbb6"
  }
}

So maybe it is an issue with the registry itself? Does anyone have a clue?

Here are the logs of the registry. For Buildx push:

time="2020-02-18T14:55:02.179798053Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=345ef571-0d91-4894-8a1b-a4cf3d0f2bd5 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc HTTP/1.1" 401 158 "" "Go-http-client/1.1"
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db HTTP/1.1" 401 158 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.190803592Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=3242de1a-3fbd-4140-b248-5ec61acf5deb http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.193644246Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=71fe33c1-362e-4df2-b2ae-f4797c32588b http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9 HTTP/1.1" 401 158 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.205166998Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=478d7154-455e-4181-81b6-5c4d73db730d http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be HTTP/1.1" 401 158 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.210777842Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=4ad05b89-b509-47ff-80f4-8227df48203f http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f HTTP/1.1" 401 158 "" "Go-http-client/1.1"
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3 HTTP/1.1" 401 158 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.215028675Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=e24c24ac-c0a2-492b-af61-dcc73de54ef3 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.612831903Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=b5b27514-a4b7-418e-85cd-2a1b1c168aab http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.613936381Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=b5b27514-a4b7-418e-85cd-2a1b1c168aab http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/octet-stream" http.response.duration=3.288499ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4b43bc1432667384cc7804a344d7f09ecda21e64cd74557d36d4df9d670676bc HTTP/1.1" 200 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.642570742Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=2f969494-747a-4f28-a9bb-ab00ddc95c82 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.643644999Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=2f969494-747a-4f28-a9bb-ab00ddc95c82 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/octet-stream" http.response.duration=4.884003ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:a500ce965033a66dfc4f42b7075d36fb523d7f1c188dc4f45eeeafdd773967db HTTP/1.1" 200 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.65861904Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=f4d0077c-f9eb-41a9-9b59-505a07e70cf0 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be HTTP/1.1" 200 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.66335199Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=f4d0077c-f9eb-41a9-9b59-505a07e70cf0 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:c2e531a682bf960449368b943a3a2646b979256a9412712822bd3759600881be" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/octet-stream" http.response.duration=8.220233ms http.response.status=200 http.response.written=0 
time="2020-02-18T14:55:02.696087438Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=85baa728-9812-4905-9a72-60f0e7e2599c http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.703428475Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=85baa728-9812-4905-9a72-60f0e7e2599c http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/octet-stream" http.response.duration=19.645656ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b6f32fe9e99eb867b3ee67d62c01ed4d811bfb6f341c6f6500dd21d54ab720e9 HTTP/1.1" 200 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.717278163Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=0bfa1d79-979e-4dff-9730-836364fde6a5 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.717958958Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=0bfa1d79-979e-4dff-9730-836364fde6a5 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/octet-stream" http.response.duration=2.587956ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:4dbc2ebf6782e665546eef55b84c4a93b578f829cbe55ed1b38579e4a3257dc3 HTTP/1.1" 200 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.751755046Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=8df45743-fe59-4bf9-bb5a-7f4042bf1c3b http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f" http.request.useragent="Go-http-client/1.1" vars.digest="sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f" vars.name="public/hello-ci" 
time="2020-02-18T14:55:02.752130286Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=8df45743-fe59-4bf9-bb5a-7f4042bf1c3b http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/octet-stream" http.response.duration=1.865483ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:b02a8f490bc868eb3f484717ff2deae91bf8df998a83cea8655c6adf0c22180f HTTP/1.1" 200 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.793796052Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=121773b6-164b-45bd-abe9-4ef69b1c7c57 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
time="2020-02-18T14:55:02.795594755Z" level=info msg="rewriting manifest list sha256:9ea58c192d477295f85fa5d85856768296da8ab98549445cc6818d733539779e in schema1 format to support old client" auth.user.name= go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=121773b6-164b-45bd-abe9-4ef69b1c7c57 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/manifests/latest HTTP/1.1" 200 528 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.796219551Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=121773b6-164b-45bd-abe9-4ef69b1c7c57 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.response.duration=5.536113ms http.response.status=200 http.response.written=528 
time="2020-02-18T14:55:02.842040361Z" level=info msg="authorized request" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=7ab238eb-f39c-4ca2-b706-3e03b1152587 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "PUT /v2/public/hello-ci/manifests/latest HTTP/1.1" 201 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.877043685Z" level=info msg="response completed" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=7ab238eb-f39c-4ca2-b706-3e03b1152587 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.duration=37.186966ms http.response.status=201 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "HEAD /v2/public/hello-ci/manifests/latest HTTP/1.1" 200 528 "" "Go-http-client/1.1"
time="2020-02-18T14:55:02.920270863Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=c03dfda1-b005-43ad-a676-861b99cb6708 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
time="2020-02-18T14:55:02.92137006Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=c03dfda1-b005-43ad-a676-861b99cb6708 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.response.duration=10.568877ms http.response.status=200 http.response.written=528 
time="2020-02-18T14:55:02.964788728Z" level=info msg="authorized request" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=883732db-774b-49fd-a61e-8b8b700870d3 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
time="2020-02-18T14:55:02.979119762Z" level=info msg="response completed" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=883732db-774b-49fd-a61e-8b8b700870d3 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.duration=17.181858ms http.response.status=201 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:02 +0000] "PUT /v2/public/hello-ci/manifests/latest HTTP/1.1" 201 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:03.019278722Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=59ddded9-d745-4939-b2f8-aac79a1ce524 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
192.168.1.6 - - [18/Feb/2020:14:55:03 +0000] "HEAD /v2/public/hello-ci/manifests/latest HTTP/1.1" 200 528 "" "Go-http-client/1.1"
time="2020-02-18T14:55:03.020641218Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=59ddded9-d745-4939-b2f8-aac79a1ce524 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.response.duration=4.567566ms http.response.status=200 http.response.written=528 
time="2020-02-18T14:55:03.058573061Z" level=info msg="authorized request" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=f642b72a-3740-44e2-8bc4-47590a0b6022 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
time="2020-02-18T14:55:03.095574793Z" level=info msg="response completed" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=f642b72a-3740-44e2-8bc4-47590a0b6022 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.duration=39.107148ms http.response.status=201 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:14:55:03 +0000] "PUT /v2/public/hello-ci/manifests/latest HTTP/1.1" 201 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:03.133811445Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=394902e0-ad84-40fe-a604-17c325434ee0 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
time="2020-02-18T14:55:03.136046402Z" level=info msg="rewriting manifest sha256:f623e417f232c240a4e7daf305789840c7b9197b91e1c396e07c995789e8b61b in schema1 format to support old client" auth.user.name= go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=394902e0-ad84-40fe-a604-17c325434ee0 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
192.168.1.6 - - [18/Feb/2020:14:55:03 +0000] "HEAD /v2/public/hello-ci/manifests/latest HTTP/1.1" 200 1262 "" "Go-http-client/1.1"
time="2020-02-18T14:55:03.137389934Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=394902e0-ad84-40fe-a604-17c325434ee0 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/vnd.docker.distribution.manifest.v1+prettyjws" http.response.duration=6.319593ms http.response.status=200 http.response.written=1262 
time="2020-02-18T14:55:03.17776804Z" level=info msg="authorized request" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.list.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=485bc065-c1df-4250-9ddf-5972b879542b http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" vars.name="public/hello-ci" vars.reference=latest 
192.168.1.6 - - [18/Feb/2020:14:55:03 +0000] "PUT /v2/public/hello-ci/manifests/latest HTTP/1.1" 201 0 "" "Go-http-client/1.1"
time="2020-02-18T14:55:03.189751486Z" level=info msg="response completed" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.list.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=485bc065-c1df-4250-9ddf-5972b879542b http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/latest" http.request.useragent="Go-http-client/1.1" http.response.duration=14.035456ms http.response.status=201 http.response.written=0 
192.168.1.2 - - [18/Feb/2020:14:55:04 +0000] "GET /v2/public/hello-ci/tags/list?n=100 HTTP/1.1" 401 158 "" "Ruby"
time="2020-02-18T14:55:04.528732579Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=104576ee-5a86-4ba4-a887-f9cb6a4d9e14 http.request.method=GET http.request.remoteaddr="192.168.1.2:47984" http.request.uri="/v2/public/hello-ci/tags/list?n=100" http.request.useragent=Ruby vars.name="public/hello-ci" 
time="2020-02-18T14:55:04.696586348Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=95dc099f-a60d-46ed-88bb-7653d2a847dd http.request.method=GET http.request.remoteaddr="192.168.1.2:47992" http.request.uri="/v2/public/hello-ci/tags/list?n=100" http.request.useragent=Ruby vars.name="public/hello-ci" 
192.168.1.2 - - [18/Feb/2020:14:55:04 +0000] "GET /v2/public/hello-ci/tags/list?n=100 HTTP/1.1" 200 60 "" "Ruby"
time="2020-02-18T14:55:04.696931437Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=95dc099f-a60d-46ed-88bb-7653d2a847dd http.request.method=GET http.request.remoteaddr="192.168.1.2:47992" http.request.uri="/v2/public/hello-ci/tags/list?n=100" http.request.useragent=Ruby http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.425003ms http.response.status=200 http.response.written=60

And for regular docker push (which generated correct notifications):

time="2020-02-18T15:09:52.682213286Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=f8b022e5-0bf1-466b-93e0-5ab5857b7677 http.request.method=GET http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" 
192.168.1.6 - - [18/Feb/2020:15:09:52 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.222645883Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=91035cfd-263b-411f-8308-211d4501396e http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:f075fb918eb3e716dff06c93d6c6b9ea13b9fa6638ad1c17675e440341ebf811" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:f075fb918eb3e716dff06c93d6c6b9ea13b9fa6638ad1c17675e440341ebf811" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:f075fb918eb3e716dff06c93d6c6b9ea13b9fa6638ad1c17675e440341ebf811 HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.223275571Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=91035cfd-263b-411f-8308-211d4501396e http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:f075fb918eb3e716dff06c93d6c6b9ea13b9fa6638ad1c17675e440341ebf811" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.989498ms http.response.status=200 http.response.written=0 
time="2020-02-18T15:09:53.229190193Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=610bbd51-5320-4648-a2d8-4be592931a9f http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:f35234890e641ef10024b968edf6a8ef7221920f0f2492f4e7bc4a9c7d5aa0df" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:f35234890e641ef10024b968edf6a8ef7221920f0f2492f4e7bc4a9c7d5aa0df" vars.name="public/hello-ci" 
time="2020-02-18T15:09:53.229522242Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=610bbd51-5320-4648-a2d8-4be592931a9f http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:f35234890e641ef10024b968edf6a8ef7221920f0f2492f4e7bc4a9c7d5aa0df" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.789449ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:f35234890e641ef10024b968edf6a8ef7221920f0f2492f4e7bc4a9c7d5aa0df HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.250579411Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=c957c5cb-abab-46a8-9431-0ddb0996cc12 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:3976a685910e7b9752b1fb64e0db6c6af19115394e4bcc0ffbcf450363b7b4bb" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:3976a685910e7b9752b1fb64e0db6c6af19115394e4bcc0ffbcf450363b7b4bb" vars.name="public/hello-ci" 
time="2020-02-18T15:09:53.250718841Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=6793b385-f071-43ca-b2a2-ad5d5fd7e82b http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:651c9d2d6c4f37c56a221259e033e7e2353b698139c2ff950623ca28d64a9837" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:651c9d2d6c4f37c56a221259e033e7e2353b698139c2ff950623ca28d64a9837" vars.name="public/hello-ci" 
time="2020-02-18T15:09:53.251069885Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=6793b385-f071-43ca-b2a2-ad5d5fd7e82b http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:651c9d2d6c4f37c56a221259e033e7e2353b698139c2ff950623ca28d64a9837" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.127827ms http.response.status=200 http.response.written=0 
time="2020-02-18T15:09:53.251214783Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=c957c5cb-abab-46a8-9431-0ddb0996cc12 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:3976a685910e7b9752b1fb64e0db6c6af19115394e4bcc0ffbcf450363b7b4bb" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.280981ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:651c9d2d6c4f37c56a221259e033e7e2353b698139c2ff950623ca28d64a9837 HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:3976a685910e7b9752b1fb64e0db6c6af19115394e4bcc0ffbcf450363b7b4bb HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.256909131Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=4664a638-8ad9-4655-9d0f-61cd5f67cfcf http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:19a861ea6baff71b05cd577478984c3e62cf0177bf74468d0aca551f5fcb891c" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:19a861ea6baff71b05cd577478984c3e62cf0177bf74468d0aca551f5fcb891c" vars.name="public/hello-ci" 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:19a861ea6baff71b05cd577478984c3e62cf0177bf74468d0aca551f5fcb891c HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.257333517Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=4664a638-8ad9-4655-9d0f-61cd5f67cfcf http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:19a861ea6baff71b05cd577478984c3e62cf0177bf74468d0aca551f5fcb891c" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=3.174941ms http.response.status=200 http.response.written=0 
time="2020-02-18T15:09:53.355907185Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=97b70d20-02f2-4055-9691-85f4934ff946 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:c63719cdbe7ae254b453dba06fb446f583b503f2a2c15becc83f8c5bc7a705e0" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:c63719cdbe7ae254b453dba06fb446f583b503f2a2c15becc83f8c5bc7a705e0" vars.name="public/hello-ci" 
time="2020-02-18T15:09:53.356252408Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=97b70d20-02f2-4055-9691-85f4934ff946 http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:c63719cdbe7ae254b453dba06fb446f583b503f2a2c15becc83f8c5bc7a705e0" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=1.920595ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:c63719cdbe7ae254b453dba06fb446f583b503f2a2c15becc83f8c5bc7a705e0 HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.365684892Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=dc059c62-ff99-4d94-a14a-7b71e070294a http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:5c939e3a4d1097af8d3292ad3a41d3caa846f6333b91f2dd22b972bc2d19c5b5" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:5c939e3a4d1097af8d3292ad3a41d3caa846f6333b91f2dd22b972bc2d19c5b5" vars.name="public/hello-ci" 
time="2020-02-18T15:09:53.36626949Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=dc059c62-ff99-4d94-a14a-7b71e070294a http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:5c939e3a4d1097af8d3292ad3a41d3caa846f6333b91f2dd22b972bc2d19c5b5" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.676085ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:5c939e3a4d1097af8d3292ad3a41d3caa846f6333b91f2dd22b972bc2d19c5b5 HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.512738836Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=48ac4a43-0c42-4d25-853c-c9ac443b118c http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:f16790039ef1d40f0b01b9807317809ad04e528cd631fdbfd40cd783d3078e4f" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.digest="sha256:f16790039ef1d40f0b01b9807317809ad04e528cd631fdbfd40cd783d3078e4f" vars.name="public/hello-ci" 
time="2020-02-18T15:09:53.51322823Z" level=info msg="response completed" go.version=go1.11.2 http.request.host=[redacted-registry-fqdn] http.request.id=48ac4a43-0c42-4d25-853c-c9ac443b118c http.request.method=HEAD http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/blobs/sha256:f16790039ef1d40f0b01b9807317809ad04e528cd631fdbfd40cd783d3078e4f" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.contenttype="application/octet-stream" http.response.duration=2.602999ms http.response.status=200 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "HEAD /v2/public/hello-ci/blobs/sha256:f16790039ef1d40f0b01b9807317809ad04e528cd631fdbfd40cd783d3078e4f HTTP/1.1" 200 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:53.670882224Z" level=info msg="authorized request" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=73907ff4-bba0-4744-bbba-f6ad03c210d4 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/test2" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" vars.name="public/hello-ci" vars.reference=test2 
time="2020-02-18T15:09:53.681112232Z" level=info msg="response completed" go.version=go1.11.2 http.request.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.request.host=[redacted-registry-fqdn] http.request.id=73907ff4-bba0-4744-bbba-f6ad03c210d4 http.request.method=PUT http.request.remoteaddr=[redacted-ip] http.request.uri="/v2/public/hello-ci/manifests/test2" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\))" http.response.duration=13.72949ms http.response.status=201 http.response.written=0 
192.168.1.6 - - [18/Feb/2020:15:09:53 +0000] "PUT /v2/public/hello-ci/manifests/test2 HTTP/1.1" 201 0 "" "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(linux\\))"
time="2020-02-18T15:09:55.096296498Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=00c30124-384e-43c6-a0fd-d487913daeee http.request.method=GET http.request.remoteaddr="192.168.1.2:51164" http.request.uri="/v2/public/hello-ci/manifests/sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6" http.request.useragent=Ruby vars.name="public/hello-ci" vars.reference="sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6" 
192.168.1.2 - - [18/Feb/2020:15:09:55 +0000] "GET /v2/public/hello-ci/manifests/sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6 HTTP/1.1" 401 158 "" "Ruby"
time="2020-02-18T15:09:55.251478197Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=c8212702-df9a-4726-9fa8-465f1be139d8 http.request.method=GET http.request.remoteaddr="192.168.1.2:51172" http.request.uri="/v2/public/hello-ci/manifests/sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6" http.request.useragent=Ruby vars.name="public/hello-ci" vars.reference="sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6" 
time="2020-02-18T15:09:55.260861525Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=c8212702-df9a-4726-9fa8-465f1be139d8 http.request.method=GET http.request.remoteaddr="192.168.1.2:51172" http.request.uri="/v2/public/hello-ci/manifests/sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6" http.request.useragent=Ruby http.response.contenttype="application/vnd.docker.distribution.manifest.v2+json" http.response.duration=14.100453ms http.response.status=200 http.response.written=1984 
192.168.1.2 - - [18/Feb/2020:15:09:55 +0000] "GET /v2/public/hello-ci/manifests/sha256:48613f5687e841d1877c95dbb76a78d16a3d29c2e86b2308a5e4d4ca11f12de6 HTTP/1.1" 200 1984 "" "Ruby"
192.168.1.2 - - [18/Feb/2020:15:09:57 +0000] "GET /v2/public/hello-ci/tags/list?n=100 HTTP/1.1" 401 158 "" "Ruby"
time="2020-02-18T15:09:57.326236742Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=b90358ef-3550-4905-be08-faca0a2ac714 http.request.method=GET http.request.remoteaddr="192.168.1.2:51184" http.request.uri="/v2/public/hello-ci/tags/list?n=100" http.request.useragent=Ruby vars.name="public/hello-ci" 
time="2020-02-18T15:09:57.482531814Z" level=info msg="authorized request" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=bdcd800d-9b27-4ff7-a4f7-74a08cd12592 http.request.method=GET http.request.remoteaddr="192.168.1.2:51196" http.request.uri="/v2/public/hello-ci/tags/list?n=100" http.request.useragent=Ruby vars.name="public/hello-ci" 
time="2020-02-18T15:09:57.482794819Z" level=info msg="response completed" go.version=go1.11.2 http.request.host="registry:5000" http.request.id=bdcd800d-9b27-4ff7-a4f7-74a08cd12592 http.request.method=GET http.request.remoteaddr="192.168.1.2:51196" http.request.uri="/v2/public/hello-ci/tags/list?n=100" http.request.useragent=Ruby http.response.contenttype="application/json; charset=utf-8" http.response.duration=1.678623ms http.response.status=200 http.response.written=60 
192.168.1.2 - - [18/Feb/2020:15:09:57 +0000] "GET /v2/public/hello-ci/tags/list?n=100 HTTP/1.1" 200 60 "" "Ruby"

Apparently the registry never even receives any form of HTTP auth. Which makes sense, since Portus handles my digest auth using tokens. So maybe a registry bug?

Edit: The critical difference is that buildx does not append the account GET parameter to the HTTP token request: compare /v2/token?scope=repository to /v2/token?account=chonal&scope=repository in the logs above.

So probably a buildx/buildkit bug?

+1
StarGate01 on Feb 18, 2020
Read more comments on GitHub
← buildx: Failed to solve with frontend dockerfile.v0: failed to create LLB definition
buildx: GitHub Actions cache fails with cache key: blob not found →