Error pulling private image from GitHub Container Registry

Question

Error pulling private image from GitHub Container Registry

enbeec opened this issue 2 years ago · 5 comments

enbeec commented 2 years ago

Due diligence

My actions before raising this issue

Following the docs I have done the following:

using faasd on a fresh VM
logged in to faasd with faas login (on the host)
ran faas registry-login and installed config.json to /var/lib/faasd/.docker/ (on the VM)
- I re-did this step a few ways and ended up comparing against the docker configuration in my home directory.
set up my function repo with faas template pull and faas new (on the host)
did a faas build and faas push (on the host)
- confirmed the push by browsing to the package manually and pulling with docker
restarted the faasd VM

edited 2022-11-01

Why do you need this?

I'm trying to deploy my first function with OpenFaaS using the golang-middleware template.

Who is this for?

A personal weekend project. I exclusively work with Lambda at work and want a fresh perspective on FaaS.

Expected Behaviour

When running faas deploy -f my-function.yml against my local faasd VM with a valid configuration at /var/lib/faasd/.docker/config.json, I expect the image to be pulled and the function deployed.

Current Behaviour

Instead, there is an issue authenticating with ghcr.io.

I can docker pull this image with a config file that matches the installed faasd file (just with different token values).

Deploying: todo-api.
WARNING! You are not using an encrypted connection to the gateway, consider using HTTPS.

Unexpected status: 400, message: unable to pull image ghcr.io/enbeec/todo-api:latest: cannot pull: failed to resolve reference "ghcr.io/enbeec/todo-api:latest": failed to authorize: failed to fetch oauth token: unexpected status: 403 Forbidden


Function 'todo-api' failed to deploy with status code: 400

Are you a GitHub Sponsor (Yes/No?)

No

List All Possible Solutions and Workarounds

I wouldn't expect HTTPS between my host and the local VM to be an issue but is it? Time is short and I was planning to play around without fussing with certs on my local host.

Which Solution Do You Recommend?

Steps to Reproduce (for bugs)

using faasd, configure /var/lib/faasd/.docker/config.json with your ghcr.io credentials
try to deploy a function from one of your private images

Development/VM Host Environment

OS and architecture: Ubuntu on x86

`faasd` Host Environment

OS and architecture: Debian on x86 on KVM/QEMU
Versions:

go version
# not installed

containerd -version
containerd github.com/containerd/containerd v1.6.8 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6

uname -a
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
...

cat /etc/os-release
# see uname

faasd version
faasd version: 0.16.7 commit: 282b05802cccd311678a73efaee78af0086cc7fd

Answer 1 · 2022-10-31T08:31:06.000Z

Hi, thanks for your interest in faasd.

I spent a couple of hours trying to reproduce this issue for you with a brand new repo and installation on my Raspberry Pi.

https://github.com/alexellis/creates-private-ghcr-function/actions/runs/3359586196

pi@faasd-pi:~ $ faas-cli deploy --name private --image ghcr.io/alexellis/private-test-fn:0.0.2

Deployed. 200 OK.
URL: http://127.0.0.1:8080/function/private

I couldn't reproduce any problems, but I have updated the eBook instructions which I think will help you get past this, in version 1.8.

If you are still having issues after that, I'm not sure what to suggest.

Regards,

Alex

Answer 2 · 2022-11-01T03:13:52.000Z

Thanks for the prompt and decisive response

It would certainly appear that something inexplicable is happening. The good news is that means starting from scratch might inexplicably work!

Cheers,
Val

Answer 3 · 2022-11-01T12:13:46.000Z

Hi Val,

I can see the error in your instructions. You'll find the updated information you need in the eBook which is the manual for faasd.

Do you have a copy yet?