jib: Cannot pull nginx. Unauthorized for registry-1.docker.io/library/nginx: 401 Unauthorized

Environment:

  • *Jib version: 1.6.1
  • *Build tool: Maven
  • *OS: CentOS (Building maven on Jenkins)

Description of the issue:

Failed to execute goal com.google.cloud.tools:jib-maven-plugin:1.6.1:build (default-cli) on project remoteportal.client: Build image failed, perhaps you should make sure your credentials for 'registry-1.docker.io/library/nginx' are set up correctly. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-unauthorized for help: Unauthorized for registry-1.docker.io/library/nginx: 401 Unauthorized

Expected behavior: It should pull the public image without needing authorisation.

Steps to reproduce:

  1. I’m running this on a centOS instance with Jenkins pipeline.
  2. It works on local (Docker for Mac)
  3. It worked for me a week back, because I have an image of this app in ECR.

jib-maven-plugin Configuration: 

<plugin>
                <groupId>com.google.cloud.tools</groupId>
                <artifactId>jib-maven-plugin</artifactId>
                <configuration>
                    <from>
                        <image>nginx</image>
                    </from>
                    <to>
                        <image>${ecrEndpoint}/frontend-${docker-artifact-id}</image>
                        <tags>
                            <tag>${project.version}</tag>
                        </tags>
                    </to>
                    <container>
                        <ports>
                            <port>80</port>
                            <port>443</port>
                        </ports>
                        <entrypoint>
                            <command>nginx</command>
                            <arg>-g</arg>
                            <arg>daemon off;</arg>
                        </entrypoint>
                    </container>
                    <extraDirectories>
                        <paths>${project.build.directory}/it-temp/frontend-dist/</paths>
                    </extraDirectories>
                    <skip>false</skip>
                </configuration>
            </plugin>

Log output:

Additional Information: I’m running the mvn jib:build in the Jenkins pipeline.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (8 by maintainers)

Most upvoted comments

@chanseokoh Yeah, it was a mistake from our end. The picked up credentials were wrong. We had thought there are no credentials on the server, but somehow there were some present. It’s working fine without any credentials.

+1
nikhileshva on Nov 13, 2019

I understand, but I think we’re good with trying to be automatic. This is also similar to how the Docker CLI works. Actually, it is only this issue that is potentially affected, but even so, it is not confirmed yet. Others were due to different reasons. And we have opened #2056, so once that is fixed, this will become clear.

But if we see more people wanting to explicitly disable using any credentials, we could potentially introduce a flag like doNotUseAnyCredentials. However, it doesn’t look like people will use such a flag a lot, but we’ll see.

+1
chanseokoh on Oct 18, 2019
Read more comments on GitHub
← jib: Build image failed
jib: Cannot run image running with container generated by jib as non-root in k8s →