buildx icon indicating copy to clipboard operation
buildx copied to clipboard

Published 20 hours ago verified publisher icon docker

Neither modifing /etc/hosts nor adding '--add-host' flag worked for me

Open Placeboy opened this issue 1 year ago • 9 comments

Contributing guidelines

I've found a bug and checked that ...

  • [x] ... the documentation does not mention anything about my problem
  • [x] ... there are no open or closed issues that are related to my problem

Description

I modified the /etc/hosts file on my machine and changed the IP address of registry.my.example.com from 10.20.247.48 to 10.106.174.220, then I run "docker buildx build" command with '--add-host registry.my.example.com:10.106.174.220', but the modification seems not working.

Expected behaviour

the /etc/hosts file in the builder container should be like this:

10.106.174.220 registry.my.example.com

Actual behaviour

This is the output of sudo docker exec -t buildx_buildkit_zstd-builder0 cat /etc/hosts:

10.20.247.48 registry.my.example.com

Buildx version

github.com/docker/buildx v0.5.0-docker 780fad46f23e8d7c2d741d59144617aae5285b22

Docker info

No response

Builders list

NAME/NODE       DRIVER/ENDPOINT             STATUS   PLATFORMS
zstd-builder *  docker-container
  zstd-builder0 unix:///var/run/docker.sock running linux/amd64, linux/amd64/v2, linux/amd64/v3, 
                                                    linux/amd64/v4, linux/386
default         docker
  default       default                     running  linux/amd64, linux/386

Configuration

docker buildx create command:

sudo docker buildx create \
        --name zstd-builder \
        --driver docker-container \
        --driver-opt image=moby/buildkit:v0.10.3,network=host \
        --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' \
        --use

docker buildx build command:

sudo docker buildx build --pull -t <some_image_name_with_tag> --add-host registry.my.example.com:10.106.174.220 \
            --file Dockerfile \
            --output type=image,name="registry.my.example.com/<some_image_name_with_tag>",oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true,push=true .

Build logs

No response

Additional info

No response

Placeboy avatar May 19 '23 05:05 Placeboy

You need to add --network=host to your docker buildx build command.

omartrigui avatar Jun 29 '23 22:06 omartrigui

+1

huapox avatar Sep 28 '23 10:09 huapox

+1

uniemimu avatar Nov 11 '23 14:11 uniemimu

I can clarify this just a bit. The --add-host given host is found in the /etc/hosts file during the buildkit build step. It apparently vanishes in thin air or gets disregarded during the critical push step, preventing pushing the image to the desired registry.

uniemimu avatar Nov 11 '23 14:11 uniemimu

You need to add --network=host to your docker buildx build command.

Does add-host work with network=nat?

blowsie avatar Dec 12 '23 20:12 blowsie

You need to add --network=host to your docker buildx build command.

This isn't really that useful if your build process needs to use ports in the container that are already bound on the host.

Eeems avatar Dec 13 '23 23:12 Eeems

I have the same problem as my private registry has no dns support. It seems the --add-host only works in RUN environment not the FROM stage. As a workaround I have to docker exec into the builder and edit the /etc/hosts myself. Hopely it can be supported officially.

woshikid avatar Jan 26 '24 06:01 woshikid

I figured out a way to set the IP of a registry. in buildkitd.toml

[registry."registry.my.example.com"]
  mirrors = ["10.106.174.220"]
[registry."10.106.174.220"]
  http = true

That will work.

woshikid avatar Jan 26 '24 09:01 woshikid

I came to this page looking for a solution to the error with GitHub actions: docker/setup-buildx-action@v3 docker/build-push-action@v5

ERROR: buildx failed with: ERROR: failed to solve: failed to push ... : failed to do request: Head ... : dial tcp: lookup ... : no such host

My setup:

  • self-hosted runner
  • custom registry with mTLS connection over a local network
  • custom registry is not on DNS, so its IP is added to /etc/hosts file on the runner

Eventually, the following configuration of steps mentioned on this page let me muddle through. (Though it would be great if there were an option just to add a line to the hosts file on buildkit worker container :)


jobs:
  docker-build:
    name: docker build
    runs-on: self-hosted
    
    permissions:
      contents: read 
      statuses: write 

    steps:
      - name: Login to the local registry
        uses: docker/login-action@v3
        with:
          registry: registry.lan
          username: mtls
          password: mtls
      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: network=host
          config-inline: |
            [registry."registry.lan"]
              mirrors = ["192.168.1.7"]
              ca=["/etc/docker/certs.d/registry.lan/ca.crt"]
            [registry."192.168.1.7"]

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: true
          tags: registry.lan/app:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

devourer66 avatar Feb 13 '24 16:02 devourer66