Buildkit not pulling from an insecure registry #6177
Description
- I am trying to use buildkit to build a Docker image and push to a locally hosted HTTP registry
- However even the base image is hosted on this locally hosted registry and this
- I get the following error when I run the job
error: failed to solve: femarketplace-registry-service:5000/febasebuild/ubuntu:22.04: failed to resolve source metadata for femarketplace-registry-service:5000/febasebuild/ubuntu:22.04: failed to do request: Head "https://femarketplace-registry-service:5000/v2/febasebuild/ubuntu/manifests/22.04": http: server gave HTTP response to HTTPS client
- the following code is using the Kubernetes python library to programatically start a build job.
{
"name": f"basebuild-construction-{slug}",
"image": "moby/buildkit:master",
"command": ["buildctl-daemonless.sh"],
"args": [
"build",
"--frontend",
"dockerfile.v0",
"--local",
"context=/workspace",
"--local",
"dockerfile=/workspace",
"--opt",
f"build-arg:BASE_IMG={basebuild_base_img}",
"--opt",
f"platform=linux/{platform_arch}",
"--output",
f"type=image,name={full_image_name},push=true,registry.insecure=true"
],
"securityContext": {
"privileged": True, # Required for Docker in Docker
},
"env": [
{
"name": "BUILDKIT_HOST",
"value": "docker-container://buildkitd"
},
{
"name": "DOCKER_CONFIG",
"value": "/workspace/.docker"
},
{
"name": "REGISTRY_USERNAME",
"valueFrom": {
"secretKeyRef": {
"name": "registry-auth-secret",
"key": "username",
}
},
},
{
"name": "REGISTRY_PASSWORD",
"valueFrom": {
"secretKeyRef": {
"name": "registry-auth-secret",
"key": "password",
}
},
},
],
"volumeMounts": [
{
"name": "workspace",
"mountPath": "/workspace",
},
{
"name": "buildkit-cache",
"mountPath": "/var/lib/buildkit"
},
{
"name": "registry-config",
"mountPath": "/root/.docker",
}
],
"resources": {
"requests": {
"memory": "2Gi",
"cpu": "1000m"
},
"limits": {
"memory": "4Gi",
"cpu": "2000m"
}
}
}
- How do I ensure that buildkit can pull from insecure registries just like how it pushes to insecure registries.