docker build --pull not working for insecure registry when using buildkit #2030
Description
Contributing guidelines
- I've read the contributing guidelines and wholeheartedly agree
I've found a bug and checked that ...
- ... the documentation does not mention anything about my problem
- ... there are no open or closed issues that are related to my problem
Description
I'm using an insecure registry and I've added the necessary configuration in /etc/docker/daemon.json.
{ "insecure-registries": ["example.com"] }Furthermore, I'm able to pull images with
docker pull example.com/image:latestHowever, I can not use images from this registry as base image for docker build because it tries to use HTTPS instead of HTTP for pulling images.
Expected behaviour
It should also be possible to build images based on images from an insecure registry.
docker build --pull --no-cache -t target .Actual behaviour
docker build is not able to pull the necessary image from an insecure registry, because it tries to pull the image using HTTPS. However, docker pull is able to pull the same image using HTTP.
Buildx version
github.com/docker/buildx v0.11.2 9872040
Docker info
Client: Docker Engine - Community
Version: 24.0.5
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.20.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 20
Server Version: 24.0.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: false
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
runc version: v1.1.8-0-g82f18fe
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.0-1041-azure
Operating System: Ubuntu 22.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.62GiB
Name: myhostname
ID: 2ae648a2-249e-4bd4-8e45-9e87035b475e
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
example.com
127.0.0.0/8
Live Restore Enabled: false
Builders list
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
default * docker
default default running v0.11.6+0a15675913b7 linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/amd64/v4, linux/386
Configuration
/etc/docker/daemon.json:
{ "insecure-registries": ["example.com"] }Dockerfile:
FROM example.com/image:latest
RUN echo hello worldCommand to reproduce the problem:
docker build --pull -t target .Build logs
docker build --pull -t target .
[+] Building 0.1s (3/3) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 117B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> ERROR [internal] load metadata for example.com/image:latest
------
> [internal] load metadata for example.com/image:latest:
------
Dockerfile:1
--------------------
1 | >>> FROM example.com/image:latest
2 |
3 | RUN echo hello world
--------------------
ERROR: failed to solve: example.com/image:latest: failed to do request: Head "https://example.com/v2/image/manifests/latest": http: server gave HTTP response to HTTPS client
Additional info
However the following is working fine:
docker pull example.com/image:latest
docker build -t target .and even the following is working fine:
DOCKER_BUILDKIT=0 docker build --pull -t target .I haven't had this problem with docker version 24.0.2, that I've installed through https://get.docker.com as well.