Skip to main content

Container Registry Service Troubleshooting

This document provides solutions for resolving issues related to the Container Registry service.

Docker Login Failure Error

When attempting to log in to Docker with the issued access key ID and Secret access key, the following error may occur instead of Login Succeeded.

Get "RepositoryURI": unauthorized: login failed

Error response from daemon: Get "${repository_uri}": unauthorized: login failed

This error occurs when the Access key ID and Secret access key are incorrectly entered or have expired.

▶️ Solution: Verify if the Access key ID and Secret access key are entered correctly. If the Access key has expired, issue a new Access key and log in again. You can refer to the Access key Issuance Guide for further details.

Get "RepositoryURI": net/http: request canceled while waiting for connection

Error response from daemon: Get "${repository_uri}": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

This error can occur when domain queries are not being resolved properly in the requesting environment.

▶️ Solution: The issue will be resolved once the ${repository_uri} query runs successfully. Follow the steps below to troubleshoot:

  1. Check for DNS issues by targeting only the domain (hostname) part of the ${repository_uri} as identified in the error message. For example, if the ${repository_uri} is https://myproject.kr-central-2.kcr.dev/myrepo/, query using only myproject.kr-central-2.kcr.dev.

    # input
    nslookup ${repository_uri_domain}

    # output
    ;; communications error to ${dns_server_ip}#53: timed out

  2. This error occurs when there is an issue with the DNS server being used for the query. If you are using a custom DNS server, you may need to take action. If adjusting the DNS server is not feasible, consider using an external DNS server. However, ensure that there are no configuration issues when using an external DNS server.

Image Pull Error

failed to resolve reference "ImageURI": failed to do request: Head Image"

When performing an image pull operation in a Kubernetes Engine cluster environment, the following error may occur:

failed to resolve reference "${image_uri}": failed to do request: Head "${image_manifest_uri}": dial tcp 61.109.235.253:443: connect: network is unreachable

The Container Registry service is only supported in environments with internet connectivity. Therefore, the error message above can occur if the network connection to external sources (e.g., Container Registry) is blocked in the image download environment.

▶️ Solution: If you need to pull images from Container Registry in a private environment, you can configure external communication via a NAT instance.

Image Push Error

denied: requested access to the resource is denied

When pushing an image to a repository, the following error may occur:

denied: requested access to the resource is denied

This error can be caused by several factors, with solutions for each of the possible causes listed below.

1. The account making the image push request has only repository viewer permissions

The repository viewer permission only allows image pull operations and does not support push operations.

▶️ Solution: Change the repository to a public repository or adjust the account to have repository member permissions. For more details, refer to the access permissions.

2. The account making the image push request has project reader permissions

Project reader can only pull images and cannot push them.

▶️ Solution: Since project leader accounts cannot be directly granted repository member permissions, consider changing the IAM role of the account. It may be added as a repository member in other projects, but permission settings are restricted in the current project if it is set as a project leader.

3. The repository is set to private

Private repositories do not allow image pushes from users who are not part of the project or from anonymous users.

▶️ Solution: Change the permissions of the account that needs to push the image to repository member and grant access. For details on how to add repository members, refer to the Configure repository permission.

Permission Setting Error: "Failed to change permissions" Message

During permission setting, an error message may appear when adding a user: "Failed to change permissions."

▶️ Solution: This error is normal when adding a user to a project.

If the user has a project administrator or project member role, the Container Registry administrator permission is automatically granted. However, if the user is a project leader, the basic IAM user role with resource view-only access is applied first, and additional permission settings cannot be applied.