GHCR: Cannot pull docker image without auth in Kubernetes #26427
-
I have created a public docker image Using docker without being logged in to ghcr.io I can pull that image using:
When I use that image without image pull secrets in Kubernetes I get the error:
Steps to reproduce:
|
Beta Was this translation helpful? Give feedback.
Replies: 6 comments
-
Hi @clarkbw, I just saw your comment in Download from Github Package Registry without authentication so is my report a bug? |
Beta Was this translation helpful? Give feedback.
-
👋 @windsource I was able to pull your image into my cluster ok. Locally I have kubernetes running with minikube. Perhaps you have a similar issue? The “anonymous token” error message also isn’t one coming from Container Registry (I validated 😄) I think it’s coming from k8s
|
Beta Was this translation helpful? Give feedback.
-
Hi @whitneyimura, I also think that the problem might not be in GHCR but either in k3s or containerd. Switching to docker driver as you have described it is no solution for me as I want to get away from docker driver on Kubernetes. |
Beta Was this translation helpful? Give feedback.
-
👋 Hi @windsource from the GH Container Registry team! We just pushed a change this morning that should fix the issue you were seeing. It was a bug on our end with how we were handling certain requests from containerd. I’ll post an update on the k3s issue you created as well
|
Beta Was this translation helpful? Give feedback.
-
Hi @markphelps, i installed k3s a month ago. Can you suggest me a link about an article or blog post on how to upgrade k3s ( ubuntu 20.04 on digital ocean ) to make this change available on my droplet? Thanks in advance |
Beta Was this translation helpful? Give feedback.
-
Hi @batok, the change was not in k3s but in the Github Container Registry (GHCR) itself. The change was performed by Github. |
Beta Was this translation helpful? Give feedback.
👋 Hi @windsource from the GH Container Registry team! We just pushed a change this morning that should fix the issue you were seeing. It was a bug on our end with how we were handling certain requests from containerd. I’ll post an update on the k3s issue you created as well