Crictl can pull images but ctr gives unauthorized, private registry with basic auth #5791
Replies: 8 comments 1 reply
-
Hello. ctr does not use CRI config.. Thus the auth you specified in the CRI section of the config.toml is not being read by the ctr client. To use auth for ctr you need to add |
Beta Was this translation helpful? Give feedback.
-
Should I specify this configuration elsewhere? I don't want to have to use |
Beta Was this translation helpful? Give feedback.
-
at this point in time we don't have another way to specify auth for the |
Beta Was this translation helpful? Give feedback.
-
Thank you, is it something that you guys are willing to implement later on? Would you accept a PR for it? |
Beta Was this translation helpful? Give feedback.
-
fair to have a discussion about it.. have not made a decision yet, as a team, regarding what path to take for host auth config improvements.. Note: https://github.com/containerd/containerd/blob/master/docs/hosts.md That ^ document covers the recent changes made to support host config for all but host auth.. We might want to implement it similarly.. or maybe store auth info somewhere else |
Beta Was this translation helpful? Give feedback.
-
Thanks, if you open a topic here or somewhere I'd be interested in following it. |
Beta Was this translation helpful? Give feedback.
-
nerdctl (another containerd CLI) supports .docker/config.json for authentication |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Running the following works
But not this:
which gives "unauthorized"
I am using this config file:
/etc/containerd/config.toml
Describe the results you received:
Pulling with
ctr images pull
yields Unauthorized, but pulling withcrictl pull
works well.Describe the results you expected:
Both commands to behave the same
Containerd version
** runc version **
crictl info
uname -a
Beta Was this translation helpful? Give feedback.
All reactions