Question

Issues with do docker registry - 403 errors when building docker images from a gitlab pipeline Job

Posted February 18, 2021 914 views
KubernetesDigitalOcean Container Registry (DOCR)

Hi,

I am having some intermitting issues building and pushing docker images (via CI gitlab job)

I am encountering this error:

error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "registry.digitalocean.com/redacted/redacted:latest": 

creating push check transport for registry.digitalocean.com failed: GET https://registry.digitalocean.com/v2/: 

unsupported status code 403; 

body: <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
...

Retrying seems “fixing” the issue…

I was not encountering this issue the last week. My CI builds started failing at the begging if the week.

Any idea ?


Some more details:

  • My gitlab runners are hosted on a DOKS cluster.
  • Registry secrets were properly defined (It was flawlessly working the previous week)
  • I am building images using Kaniko

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

I was able to resolve my issue by creating a new pool for my k8s cluster and removing the old pool.

But I am not able to understand what caused this issue

hi,
maybe this will help you,
this is how my pipeline is looking in gitlab (and is working fine):

services:
  - docker:18-dind

stages:
  - build

variables:
  DOCKER_HOST: "tcp://localhost:2375"
  DOCKER_REGISTRY_ADDRESS: "registry.digitalocean.com"
  DOCKER_REGISTRY_NAMESPACE: "<my-registry>/<my-image>"

.master job: &master-pipe-job
  tags:
    - mvp
  only:
    refs:
      - master

build:
  <<: *master-pipe-job
  stage: build
  image: docker:stable
  before_script:
    - docker login -u $DO_REGISTRY_USER -p $DO_REGISTRY_PASSWORD $DOCKER_REGISTRY_ADDRESS
  script:
    - echo "Build & Package started"
    - echo $CI_COMMIT_SHA
    - docker build -t $DOCKER_REGISTRY_ADDRESS/$DOCKER_REGISTRY_NAMESPACE:$CI_COMMIT_SHA .
    - docker push $DOCKER_REGISTRY_ADDRESS/$DOCKER_REGISTRY_NAMESPACE:$CI_COMMIT_SHA

$DOREGISTRYUSER = $DOREGISTRYPASSWORD = API token from API in the DigitalOcean control panel