Ask questionsCannot build from local image with buildctl (OCI Worker)
Cannot build from a local image with
buildctl which always tries to resolve to
docker.io. This applies to a multi-stage setup or simply from a local image in a CI setup. The base image should not be expected to be pushed to any repository (either
docker.io or even private). It is only available locally (
This works with
docker build and even
DOCKER_BUILDKIT=1 using image names (but not SHA ID in the last case). See also https://github.com/moby/moby/issues/39769.
This looks similar to the problems with local cache described here: https://github.com/moby/moby/issues/39003.
Steps to reproduce the issue:
Describe the results you received:
+ buildctl build --frontend dockerfile.v0 --progress=plain --local context=src2 --local dockerfile=src2 --output type=docker,name=bk2 + docker load #2 [internal] load build definition from Dockerfile #2 transferring dockerfile: 66B done #2 DONE 0.1s #1 [internal] load .dockerignore #1 transferring context: 2B done #1 DONE 0.1s #3 [internal] load metadata for docker.io/library/bk1:latest #3 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed #4 [1/2] FROM docker.io/library/bk1:latest #4 resolve docker.io/library/bk1:latest #4 resolve docker.io/library/bk1:latest 0.4s done #4 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed ------ > [internal] load metadata for docker.io/library/bk1:latest: ------ ------ > [1/2] FROM docker.io/library/bk1:latest: ------ error: failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to build LLB: failed to load cache key: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed open /var/lib/docker/tmp/docker-import-259291410/repositories: no such file or directory
Describe the results you expected:
This should work as for
docker build when using image names (with or without
DOCKER_BUILDKIT=1. Note with SHA-ID it does not work either in the last case as described in https://github.com/moby/moby/issues/39769).
Additional information you deem important (e.g. issue happens only occasionally):
Client: Version: 18.09.6 API version: 1.39 Go version: go1.10.8 Git commit: 481bc77 Built: Sat May 4 02:35:57 2019 OS/Arch: linux/amd64 Experimental: false
Native install with Ubuntu 18.04. More info does not seem relevant for now, can provide if really needed.
Additional environment details (AWS, VirtualBox, physical, etc.):
Connected to a private repository on a different host but this should not have effect here since it works with standard
Answer questions tonistiigi
As I wrote in https://github.com/moby/buildkit/issues/1142#issuecomment-524394554
moby/buildkit is made for
oci worker. It does not come with containerd binaries. If you want to run containerd you can refer to their getting started guide https://github.com/containerd/containerd/blob/master/docs/getting-started.md#getting-started-with-containerd . If you have containerd running you can start buildkitd binary with configuration pointing to your containerd daemon. As containerd runs in host and requires clients to share the filesystem, normally you would run buildkitd in host as well in that case. There's an old example of how to run them both in containers in https://github.com/moby/buildkit/pull/192#issue-156873378 but that's probably not what you want.
I'm also freshly started with docker, but from the official documentation buildx is described as an improved version of build, but I'm a bit puzzled on why it can fail the very simple (and common I think) use case of creating an image starting from a base image already available locally under docker images.
buildx doesn't have anything to do with the question in here that is about buildctl. in buildx results are automatically get/put to
docker images with docker driver, and with container driver
--load loads the build results into docker. buildx never interacts with containerd daemon, nor does running a containerd daemon have any influence on the output of