Hello! After upgrading to Docker Engine v23.0.1 our CI process started failing due to errors accessing internal Harbor registry.
As I see BuildKit became default in versions 23+.
Unfortunately Docker BuildKit disregards configuration insecure-registries in /etc/docker/daemon.json.
All attempts to build image fail with the following errors. Needless to say that address of our Harbor registry was added to insecure-registries. It used to work normally with previous versions of Docker.
Error getting v2 registry: Get \"https://harbor.company.local/v2/\/": http: server gave HTTP response to HTTPS client"
ERROR: failed to solve: harbor.company.local/hub/library/node:16.17.0-alpine3.16: failed to do request: Head "https://harbor.company.local/v2/hub/library/node/manifests/16.17.0-alpine3.16":
x509: certificate is valid for ingress.local, not harbor.company.local
/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
If we place commands like
docker pull harbor.company.local/hub/library/node:16.17.0-alpine3.16`
before docker build, all images are pulled successfully, which is proves that docker daemon is configured correctly and all other processes keep working.
Thanks to the discussion in #1613, we managed to implement a workaround with setting BUILDKIT_NO_CLIENT_TOKEN=true. 👍
For the sake of completeness, I have to mention another issue #1589, which is related to the same or very similar problem I believe.
Another workaround was to export DOCKER_BUILDKIT=0.
When this variable is set, the following message appear in the logs, which is expected, I'm convinced.
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0 environment-variable.
Anyway, we still shall appreciate if you can fix this behaviour and make BuildKit rely on insecure-registries in /etc/docker/daemon.json.
Hello! After upgrading to Docker Engine v23.0.1 our CI process started failing due to errors accessing internal Harbor registry.
As I see BuildKit became default in versions 23+.
Unfortunately Docker BuildKit disregards configuration
insecure-registriesin/etc/docker/daemon.json.All attempts to build image fail with the following errors. Needless to say that address of our Harbor registry was added to
insecure-registries. It used to work normally with previous versions of Docker.If we place commands like
docker pull harbor.company.local/hub/library/node:16.17.0-alpine3.16`before
docker build, all images are pulled successfully, which is proves that docker daemon is configured correctly and all other processes keep working.Thanks to the discussion in #1613, we managed to implement a workaround with setting
BUILDKIT_NO_CLIENT_TOKEN=true. 👍For the sake of completeness, I have to mention another issue #1589, which is related to the same or very similar problem I believe.
Another workaround was to
export DOCKER_BUILDKIT=0.When this variable is set, the following message appear in the logs, which is expected, I'm convinced.
Anyway, we still shall appreciate if you can fix this behaviour and make BuildKit rely on
insecure-registriesin/etc/docker/daemon.json.