Ask questionsCannot build from local image with buildctl (OCI Worker)
Cannot build from a local image with
buildctl which always tries to resolve to
docker.io. This applies to a multi-stage setup or simply from a local image in a CI setup. The base image should not be expected to be pushed to any repository (either
docker.io or even private). It is only available locally (
This works with
docker build and even
DOCKER_BUILDKIT=1 using image names (but not SHA ID in the last case). See also https://github.com/moby/moby/issues/39769.
This looks similar to the problems with local cache described here: https://github.com/moby/moby/issues/39003.
Steps to reproduce the issue:
Describe the results you received:
+ buildctl build --frontend dockerfile.v0 --progress=plain --local context=src2 --local dockerfile=src2 --output type=docker,name=bk2 + docker load #2 [internal] load build definition from Dockerfile #2 transferring dockerfile: 66B done #2 DONE 0.1s #1 [internal] load .dockerignore #1 transferring context: 2B done #1 DONE 0.1s #3 [internal] load metadata for docker.io/library/bk1:latest #3 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed #4 [1/2] FROM docker.io/library/bk1:latest #4 resolve docker.io/library/bk1:latest #4 resolve docker.io/library/bk1:latest 0.4s done #4 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed ------ > [internal] load metadata for docker.io/library/bk1:latest: ------ ------ > [1/2] FROM docker.io/library/bk1:latest: ------ error: failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to build LLB: failed to load cache key: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed open /var/lib/docker/tmp/docker-import-259291410/repositories: no such file or directory
Describe the results you expected:
This should work as for
docker build when using image names (with or without
DOCKER_BUILDKIT=1. Note with SHA-ID it does not work either in the last case as described in https://github.com/moby/moby/issues/39769).
Additional information you deem important (e.g. issue happens only occasionally):
Client: Version: 18.09.6 API version: 1.39 Go version: go1.10.8 Git commit: 481bc77 Built: Sat May 4 02:35:57 2019 OS/Arch: linux/amd64 Experimental: false
Native install with Ubuntu 18.04. More info does not seem relevant for now, can provide if really needed.
Additional environment details (AWS, VirtualBox, physical, etc.):
Connected to a private repository on a different host but this should not have effect here since it works with standard
Answer questions gfrancesco
I'm experiencing the same issue. Looking into the
moby/buildkit image (
8ce8d3df040f) looks to me that there is no trace of
@tonistiigi since you suggested to start
buildkitd --oci-worker=false --containerd-worker=true, can you please explain the necessary steps?
I went through the docs of
containerd/containerd with no luck.
I'm also freshly started with docker, but from the official documentation
buildx is described as an improved version of
build, but I'm a bit puzzled on why it can fail the very simple (and common I think) use case of creating an image starting from a base image already available locally under