Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create workspace fails with enforced sign-in in docker #1348

Open
artmoskvin opened this issue Nov 19, 2024 · 1 comment · May be fixed by #1350
Open

create workspace fails with enforced sign-in in docker #1348

artmoskvin opened this issue Nov 19, 2024 · 1 comment · May be fixed by #1350
Assignees
@Tpuljak
Labels
bug Something isn't working

Comments

@artmoskvin
Copy link

Describe the bug
Creating workspace fails with failed to create workspace: Error response from daemon: Please run 'docker login' when Docker Desktop has enforced sign-in enabled https://docs.docker.com/security/for-admins/enforce-sign-in/

To Reproduce
Steps to reproduce the behavior:

  1. Enforce sign-in according to instructions https://docs.docker.com/security/for-admins/enforce-sign-in/
  2. Run daytona create with a sample project and a local provider
  3. See error

Expected behavior
Workspace is created.

Screenshots
image

Desktop (please complete the following information):

  • OS: macOS 14.7
  • Daytona Version: v0.45.0

Additional context
The problem occurs when pulling "daytonaio/workspace-project" here

daytona/pkg/docker/create.go

Line 44 in 59fa89a

err := d.PullImage("daytonaio/workspace-project", nil, opts.LogWriter)

By default, Docker doesn't require Docker Hub credentials when pulling public images. But some organizations enforce sign-in for their employees meaning that you can't pull any image (even a public one) without being signed into your Docker Hub account.

Normally, credentials are stored on the client side after you sign in through Docker Desktop or docker login. The default location is ~/.docker/config.json. When pulling image, the client (Docker Desktop or Docker CLI) sends a pull image request containing the base64-encoded credentials in the header. So it is client's responsibility (not engine's) to provide proper credentials when needed.

Docker SDK for Go is another client and it does not handle credentials automatically. To quote one of the SDK maintainers: "The go client is a thin wrapper around the engine API. If you want to use the cred helpers you need to set that up" (source: moby/moby#39377 (comment)). As a source of inspiration, they propose to check how Docker CLI works: https://github.com/docker/cli/blob/master/cli/command/image/pull.go

From a quick glance, there's a bunch of utility methods for reading config.json and extracting credentials from it.
@artmoskvin artmoskvin added the bug Something isn't working label Nov 19, 2024
@Tpuljak Tpuljak self-assigned this Nov 19, 2024
@Tpuljak
Copy link
Member

Tpuljak commented Nov 19, 2024

Nice catch! Thanks for such a detailed issue.

Will get on this asap.

@Tpuljak Tpuljak linked a pull request Nov 19, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Tpuljak Tpuljak

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: custom builder image daytonaio/daytona
2 participants
@artmoskvin @Tpuljak