Hi Guys,
Problem:
I use the pull-through contrainer registry. Recently (after a rebuild of my pulp lab setup) I noticed that its no longer authenticating with docker.io remote.
I create the basically the same as the documentation, except that i include the username and password fields.
PULP_PASS=$(k get secrets pulp-mpe-admin-password -o json | jq -r '.data.password | @base64d')
BASE_ADDR=my-pulp.local
USERNAME=dockerHUBuser
PASSWORD="dockerHUBpassword"
BASE_NAME=docker
REMOTE_HREF=$(http -a admin:${PULP_PASS} --verify no ${BASE_ADDR}/pulp/api/v3/remotes/container/pull-through/ name=${BASE_NAME} password=${PASSWORD} username=${USERNAME} url=https://registry-1.docker.io | jq -r ".pulp_href")
http -a admin:${PULP_PASS} --verify no ${BASE_ADDR}/pulp/api/v3/distributions/container/pull-through/ remote=${REMOTE_HREF} name=${BASE_NAME} base_path=${BASE_NAME}
then i try pull images from docker… Images that are “default/public” are working but anything that required authentication, is giving errors:
pulp [1bbaffa466bc45f1b16373674be32fc6]: django.request:WARNING: Unauthorized: /v2/
('pulp [1bbaffa466bc45f1b16373674be32fc6]: 192.168.46.39 - - [10/Apr/2025:08:08:40 +0000] "GET /v2/ HTTP/1.1" 401 106 "-" "docker/25.0.9m1 go/go1.22.12-m1 git-commit/3e221e1ebba07a15ade1e75ea6917a162b61e740 kernel/6.2.0-39-generic os/linux arch/amd64 UpstreamClient(Docker-Client/25.0.7m3 \(linux\))"',)
The commands i use to pull:
capkrugen@itu378 ~ $ docker pull my-pulp.local/docker/busybox
Using default tag: latest
latest: Pulling from docker/busybox
97e70d161e81: Pull complete
Digest: sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f
Status: Downloaded newer image for my-pulp.local/docker/busybox:latest
my-pulp.local/docker/busybox:latest
lvcapkrugen@itu378 ~ $ docker pull my-pulp.local/docker/cybersamurai/hello
Using default tag: latest
Error response from daemon: repository my-pulp.local/docker/cybersamurai/hello not found: name unknown: Repository not found.
lvcapkrugen@itu378 ~ $ docker pull my-pulp.local/docker/cybersamurai/pvt
Using default tag: latest
Error response from daemon: repository my-pulp.local/docker/cybersamurai/pvt not found: name unknown: Repository not found.
lvcapkrugen@itu378 ~ $ docker pull my-pulp.local/docker-cache/cybersamurai/hello
Expected outcome:
I had this working before… no idea why its not working now…
Expected outcome is that pulling from dockerhub private repositories should work
The obvious things out the way:
- I have confirmed the remote accounts by using docker-cli directly to docker hub.
- I have confirmed pulp RBAC is correctly in place so i can pull from the new pull-through.
- I have set image_pull_policy to always and to ensure i am running all latest (stable) pulp-minimal images
Pulpcore version:
“versions”: {
“deb”: “3.5.1”,
“npm”: “0.3.2”,
“rpm”: “3.29.1”,
“core”: “3.75.2”,
“file”: “3.75.2”,
“maven”: “0.10.0”,
“ostree”: “2.4.7”,
“python”: “3.13.3”,
“ansible”: “0.24.4”,
“certguard”: “3.75.2”,
“container”: “2.24.1”
}
Pulp plugins installed and their versions:
Operating system - distribution and version:
Running full kubernetes on Ubuntu 22.04 as pulp-operator version 0.2.0 (helm)
image: quay.io/pulp/pulp-operator:v1.0.0-beta.5
Other relevant data:
listed above