Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[nerdctl] cannot pull\push images with custom "credHelpers"

See original GitHub issue

Rancher Desktop Version

1.0.0

Rancher Desktop K8s Version

1.22.5

What operating system are you using?

macOS

Operating System / Build Version

Monterey 12.1

What CPU architecture are you using?

x64

Linux only: what package format did you use to install Rancher Desktop?

No response

Windows User Only

No response

Actual Behavior

Cannot pull/push images from/to yandex container images (an analog of AWS ECR). credHelpers in config.json file ignores.

Steps to Reproduce

nerdctl pull cr.yandex/<registry_id>/app:v1.0.0

Result

FATA[0001] failed to resolve reference "cr.yandex/<registry_id>/app:v1.0.0": pulling from host cr.yandex failed with status code [manifests master]: 401 Unauthorized

Expected Behavior

I can pull\push images without errors

Additional Information

It works with docker-desktop:

$ docker push cr.yandex/<registry_id>/app:v1.0.0
The push refers to repository [cr.yandex/<registry_id>/app]
c2708a6bd19c: Pushed 
930b18e2bd71: Pushed 
8d3ac3489996: Pushed 
master: digest: sha256:35cce2c4823dfdg34r4gfdg3434g4785a0c25 size: 946

My ~/.docker/config.json:

{
  "credHelpers": {
    "container-registry.cloud.yandex.net": "yc",
    "cr.cloud.yandex.net": "yc",
    "cr.yandex": "yc"
  },
  "credsStore": "desktop"
}

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:1
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
janduboiscommented, Jan 31, 2022

@Sebor On Linux and macOS you could use a provisioning script to make the changes on each boot. Just make sure the script is idempotent. Here is an example that makes some other changes, but you can really put whatever you want to be executed during boot in there:

$ cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
provision:
- mode: system
  script: |
    #!/bin/sh
    sysctl -w vm.max_map_count=262144
    cat <<'EOF' > /etc/security/limits.d/rancher-desktop.conf
    * soft     nofile         82920
    * hard     nofile         82920
    EOF
0reactions
Seborcommented, Feb 1, 2022

@jandubois sorry for my annoying questions, but it doesn’t work. I get the error:

$ nerdctl push cr.yandex/<registry_id>/demo-app:master
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:<>)
WARN[0000] cannot get auth config for authConfigHostname="cr.yandex" (refHostname="cr.yandex")  error="error getting credentials - err: exec: \"docker-credential-yc\": executable file not found in $PATH, out: ``"
...
elapsed: 1.0 s                                                                    total:   0.0 B (0.0 B/s)
FATA[0001] unexpected status: 401 Unauthorized

My override.yaml:

env:
  K3S_EXEC: --disable=traefik
provision:
  - mode: system
    script: |
      #!/bin/sh
      apk add curl bash
      YC_SDK_STORAGE_URL="${YC_SDK_STORAGE_URL:-"https://storage.yandexcloud.net/yandexcloud-yc"}"
      YC_VERSION="${YC_VERSION:-$(curl -s "${YC_SDK_STORAGE_URL}/release/stable")}"
      wget "${YC_SDK_STORAGE_URL}/release/${YC_VERSION}/linux/amd64/yc" -P /usr/local/bin/
      chmod +x /usr/local/bin/yc
      mkdir -p /root/.docker
      cat <<'EOF' > /root/.docker/config.json
      {
        "credHelpers": {
          "container-registry.cloud.yandex.net": "yc",
          "cr.cloud.yandex.net": "yc",
          "cr.yandex": "yc"
        }
      }
      EOF

I’ve checked inside VM:

# which yc
/usr/local/bin/yc

# yc -h
Command line interface helps you interact with Yandex.Cloud services

Usage:
  yc <group|command>
...

I’ve even tried to copy my YC credentials to /root/.config/yandex-cloud/ but no result

Read more comments on GitHub >

github_iconTop Results From Across the Web

Docker credential helpers not working · Issue #429 - GitHub
nerdctl.lima login --username AWS -p $(aws ecr get-login-password --region ... [nerdctl] cannot pull\push images with custom "credHelpers" ...
Read more >
AWS ECR docker login succeeded, but can not pull/push (root ...
Briefly: I have IAM and I am able to both push and pull from a working Ubuntu 20 host. There is another host,...
Read more >
[Solved]-Jib: how to use amazon-ecr-credential-helper without ...
Once Jib retrieves the pair, Jib just passes the username and password string literals to a server as-is without any processing at all....
Read more >
Replace Docker-Desktop in Mac with Lima-VM, nerdctl and ...
containerd is the container engine which manages the complete container lifecycle of its host system, from image transfer and storage to container execution...
Read more >
Authenticating Amazon ECR Repositories for Docker CLI with ...
In order to reliably store Docker images on AWS, ECR provides a ... Docker engine as the remote Docker Engine can't mount your...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

nerdctl exposing port is not working as expected

Next page

Documentation on how RD can be used on airgap environment