Questions and answers about Container Registry
Why is the "latest" tag missing or why is it assigned to a Docker image that wasn't the last one pushed?
The reason is that you specified a different tag when pushing the Docker image.
The Docker client assigns the
latest tag automatically if the Docker image is created and pushed without a tag. You can also specify the
latest tag explicitly.
latest doesn't mean that the Docker image was the latest one pushed.
We don't recommend overwriting tags. Use a unique tag for each Docker image version. This way you can use the same Docker image version on all your VMs with identical specifications and more easily identify causes of problems.
How do I make a registry public?
This makes all images in the registry available without authentication.
Don't assign the
admin roles to the system group for the registry. This would allow anyone who learns your registry ID to use it at your expense.
I encountered an error. What should I do?
See Troubleshooting in Container Registry. It lists common errors and ways to solve them.
Can I get logs of my operations with services?
Yes, you can request log records about your resources from Yandex.Cloud services. For more information, see Data requests.
What does the "Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock" error mean?
You're not running commands as a
You can use
sudo or set up non-root access.
How do I diagnose Credential Helper performance?
Check under which OS user and on which host the CLI commands are run. This must be the user that the Credential Helper is configured for and on whose behalf the
yc container registry configure-dockercommand was run. The corresponding line must appear in the
/home/<user>/.docker/config.jsonfile. If you perform actions on a VM, make sure the Credential Helper is configured on it, too.
Check if the Credential Helper is displayed in
PATHwhen running commands. During authentication in Container Registry using the Credential Helper, Docker accesses the
docker-credential-ycbinary file. Make sure this binary file is available in
PATHfor the user working with Docker. For example, if Docker is used with
configure-dockermust be run with
sudo, too. You can check this with the
echo cr.yandex | docker-credential-yc getor
echo cr.yandex | sudo docker-credential-yc getcommand if you're running commands with
sudo. If everything is OK, you'll get a response like
If the commands run in interactive mode but fail in non-interactive mode, check the
docker-credential-ycprograms are installed in a directory that is not usually available in the default
PATH. In this case, the following lines are added to the
# The next line updates PATH for Yandex Cloud CLI if [ -f '/home/<user>/yandex-cloud/path.bash.inc' ]; then source '/home/<user>/yandex-cloud/path.bash.inc'; fi
.bashrcfile starts with a condition saying that the commands listed in it are not executed in non-interactive mode. That's why the commands can run when connecting to the VM manually, but fail to run when doing so via SSH.