microk8s ctr image pull fails to pull image from GitLab private registry
ruimaciel opened this issue · 0 comments
ruimaciel commented
Summary
While troubleshooting why microk8s failed to pull images from a private registry I own in GitLab, I tried manually pulling the container image with ctr image pull using a GitLab project access token with the following command:
~# microk8s ctr image pull --user <username> registry.gitlab.com/<username>/<project>:<tag>
The command shown above fails with the following error:
Password: me@somehostname:~# microk8s ctr image pull --user <username> registry.gitlab.com/<username>/<project>:latest
Password:
registry.gitlab.com/<username>/<project>:latest: resolving |--------------------------------------|
elapsed: 0.7 s total: 0.0 B (0.0 B/s)
INFO[0007] trying next host error="failed to authorize: failed to fetch oauth token: unexpected status from GET request to https://gitlab.com/jwt/auth?scope=repository%3A<username>%2F<project>%3Apull&service=container_registry: 403 Forbidden" host=registry.gitlab.com
ctr: failed to resolve reference "registry.gitlab.com/<username>/<project>:latest": failed to authorize: failed to fetch oauth token: unexpected status from GET request to https://gitlab.com/jwt/auth?scope=repository%3A<username>%2F<project>%3Apull&service=container_registry: 403 Forbidden
What Should Happen Instead?
The container image should be pulled. Docker is able to pull the image by first logging in with the same username:password used with containerd.
Reproduction Steps
microk8s ctr image pull --user <username> registry.gitlab.com/<username>/<project>:<tag>