kuby-core: Docker Hub login does not work
I found a related issue (https://github.com/getkuby/kuby-core/issues/5), but I still had trouble in the latest version of kuby (0.14.0)
$ bundle exec kuby -e production push
Pushing image kingdonb/kuby-test with tags 20211206144259, latest
Attempting to log in to registry at index.docker.io:443
Error response from daemon: login attempt to https://index.docker.io:443/v2/ failed with status: 503 Service Unavailable
Couldn't log in to the registry at index.docker.io:443
build failed: docker command exited with status code 1
Pushing image kingdonb/kuby-test with tags 20211206144259-assets, latest-assets
Attempting to log in to registry at index.docker.io:443
Error response from daemon: login attempt to https://index.docker.io:443/v2/ failed with status: 503 Service Unavailable
Couldn't log in to the registry at index.docker.io:443
build failed: docker command exited with status code 1
The issue appears to be some obscure detail about the index.docker.io service that prohibits accessing it in this way:
https://index.docker.io:443/v2/
If you hit it this way, it doesn’t have the error:
https://index.docker.io/v2/
No idea why, but updating this method to look like that solved the issue for me:
sig { returns(String) }
def image_host
# @image_host ||= "#{image_uri.host}:#{image_uri.port}"
@image_host ||= "#{image_uri.host}"
end
This is not a reasonable change so I have obviously not packed it into a PR as it will not help anyone other than Docker Hub users, but maybe an appropriate workaround can be incorporated somehow anyway?
Now inexplicably I am getting an error when I try to push the image to the registry, but I get the same error outside of kuby, so it is unlikely to be kuby’s fault 😉
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 18 (10 by maintainers)
Should actually be able to do away with the PAT now that the package repo is appropriately associated with the git repo, and lean on that
permissionsdirective section to grant the access to the ambient GITHUB_TOKEN instead 👍Awesome, thanks for providing all these details 😄
Right, so your image URL looks 100% fine, and after poking around a bit this afternoon I think I know what’s going on here. As you noted,
docker loginseems to not like being given a port at all. Some googling reveals that the Docker registry API is supposed to operate entirely over HTTPS, so I suppose port 443 is just assumed and therefore not required (or even allowed). I was able to fix that problem pretty easily by usingimage_hostnameinstead ofimage_hostin tasks.rb.There’s another problem too though. Apparently you can do
docker login docker.ioordocker login index.docker.io, butdocker pushonly works withdocker.io. I have no idea why. I guess it’s reasonable for part of the Docker registry API to be available at one URL and another part at a different URL? Whatever, that’s apparently how it works in practice, so who am I to argue. I ended up adding another option to Kuby’s Docker spec calledregistry_metadata_urlthat defaults to index.docker.io. Seems to work as expected. I should be able to publish a new release of kuby-core tomorrow.Hmm, that sounds interesting! From my (very rudimentary) understanding, GitOps is more a philosophy rather than a set of tooling though, right? What problems would a GitOps plugin solve?
You can run
kuby resourcesto get Kuby to spit out all the YAML files it would send to Kubernetes. Is that helpful?Cool! Happy to chat more about any ideas you have 😃
Ugh yeah, sorry about that. I need to document the supported k8s version on getkuby.io.
Thanks!! I really appreciate the feedback 😃