Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cog can't access docker through a proxy registry #1959

Open
danbgoldman opened this issue Sep 18, 2024 · 3 comments
Open

cog can't access docker through a proxy registry #1959

danbgoldman opened this issue Sep 18, 2024 · 3 comments

Comments

@danbgoldman
Copy link

danbgoldman commented Sep 18, 2024
edited
Loading

For security reasons, my development environment requires a proxy registry to access docker base images. I couldn't find any info in the docs about configuring cog to access a proxy instead of docker.io. Here is the stdout/stderr from running cog in this air-gapped environment:

> cog run python
Building Docker image from environment in cog.yaml...
[+] Building 0.4s (2/2) FINISHED                                 docker:default
 => [internal] load build definition from Dockerfile                       0.1s
 => => transferring dockerfile: 162B                                       0.0s
 => ERROR resolve image config for docker-image://docker.io/docker/docker  0.2s
------
 > resolve image config for docker-image://docker.io/docker/dockerfile:1.4:
------
Dockerfile:1
--------------------
   1 | >>> #syntax=docker/dockerfile:1.4
   2 |     FROM r8.im/cog-base:python3.11
   3 |     WORKDIR /src
--------------------
ERROR: failed to solve: failed to resolve source metadata for docker.io/docker/dockerfile:1.4: failed to do request: Head "https://registry-1.docker.io/v2/docker/dockerfile/manifests/1.4": read tcp XX.XX.XX.XX:37026->3.219.239.5:443: read: connection reset by peer
ⅹ Failed to build Docker image: exit status 1
@mattt
Copy link
Contributor

mattt commented Sep 19, 2024
edited
Loading

Hi @danbgoldman. Cog wraps docker CLI invocations when building and pushing images, so it should be straight forward to use behind a proxy.

In this case specifically, it looks like the issue is that your proxy needs the BuildKit Dockerfile syntax repository to build. You should be able to load it by running these commands:

# Pull the syntax image from Docker Hub
docker pull docker/dockerfile:1.4

# Tag it for your internal registry
docker tag docker/dockerfile:1.4 your-internal-registry.example.com/docker/dockerfile:1.4

# Push it to your internal registry
docker push your-internal-registry.example.com/docker/dockerfile:1.4

The same goes for the Cog base image on the next line.

You can see the Dockerfile that Cog will use to build the image by running cog debug.

@danbgoldman
Copy link
Author

Even after pushing it to my internal registry, I get exactly the same error. And, if I run cog debug the syntax line still refers to the original docker/dockerfile:1.4, not the fully-qualified name in my internal registry. So even though I have a local copy of the image, cog isn't referring to it. Is there a flag or config to force cog to prepend the full host name of the internal registry?

> cog debug
#syntax=docker/dockerfile:1.4
FROM r8.im/cog-base:python3.11
WORKDIR /src
EXPOSE 5000
CMD ["python", "-m", "cog.server.http"]
COPY . /src

@mattt
Copy link
Contributor

mattt commented Sep 23, 2024

@danbgoldman Cog doesn't currently have a way to prepend host names. But you should be able to configure your internal registry as a mirror to get docker/dockerfile:1.4 resolving correctly.

If all else fails, you can eject from Cog by doing cog debug > Dockerfile, making any changes you need, running docker build, and then running cog push.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattt @danbgoldman