Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Container Registry
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Authentication in Container Registry
    • Managing a Docker image
      • Getting information about available Docker images
      • Creating a Docker image
      • Pushing a Docker image to a registry
      • Pulling a Docker image from a registry
      • Deleting a Docker image from a registry
    • Managing Helm charts
      • Getting information about available Helm charts
      • Pushing a Helm chart to a registry
      • Pulling a Helm chart from a registry
      • Deleting a Helm chart from a registry
    • Managing a registry
      • Getting information about existing registries
      • Creating a registry
      • Updating a registry
      • Deleting a registry
    • Managing a repository
      • Getting information about existing repositories
      • Creating a repository
    • Managing Docker image lifecycle policies
      • Getting information about existing lifecycle policies
      • Creating a lifecycle policy
      • Updating a lifecycle policy
      • Performing lifecycle policy dry runs
      • Deleting a lifecycle policy
    • Scanning Docker images for vulnerabilities
    • Working with roles
      • Assigning a role
      • Viewing assigned roles
      • Revoking a role
  • Yandex Container Solution
  • Practical guidelines
    • All tutorials
    • Running a Docker image on a VM
    • Creating a trigger with Yandex Cloud Functions
    • Setting up automatic scanning of a Docker image
  • Concepts
    • Overview
    • Docker image
    • Docker volume
    • Registry
    • Repository
    • Docker image lifecycle policies
    • Vulnerability scanner
    • Yandex Cloud Functions trigger
    • Backups
    • Quotas and limits
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ImageService
      • LifecyclePolicyService
      • RegistryService
      • RepositoryService
      • ScannerService
      • OperationService
    • REST
      • Overview
      • Image
        • Overview
        • delete
        • get
        • list
      • LifecyclePolicy
        • Overview
        • create
        • delete
        • dryRun
        • get
        • getDryRunResult
        • list
        • listDryRunResultAffectedImages
        • listDryRunResults
        • update
      • Registry
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listIpPermission
        • setAccessBindings
        • setIpPermission
        • update
        • updateAccessBindings
        • updateIpPermission
      • Repository
        • Overview
        • delete
        • get
        • getByName
        • list
        • listAccessBindings
        • setAccessBindings
        • updateAccessBindings
        • upsert
      • Scanner
        • Overview
        • get
        • getLast
        • list
        • listVulnerabilities
        • scan
  • Troubleshooting
  • Questions and answers
  1. Questions and answers

Questions and answers about Container Registry

Written by
Yandex Cloud
,
improved by
amatol

    Why is the latesttag missing or why is it assigned to a Docker image that wasn't the last one pushed?

    The reason is that you specified a different tag when pushing the Docker image.

    The Docker client assigns the latest tag automatically if the Docker image is created and pushed without a tag. You can also specify the latest tag explicitly.

    Warning

    The tag latest doesn't mean that the Docker image was the latest one pushed.

    We don't recommend overwriting tags. Use a unique tag for each Docker image version. This way you can use the same Docker image version on all your VMs with identical specifications and more easily identify causes of problems.

    How do I make a registry public?

    You can issue the container-registry.images.puller role for your registry to the allUsers system group.

    Alert

    This makes all images in the registry available without authentication.

    Don't assign the container-registry.images.pusher, editor or admin roles to the system group for the registry. This will enable anyone with your registry ID to use the registry.

    I encountered an error. What should I do?

    See Troubleshooting in Container Registry. It lists common errors and ways to solve them.

    Can I get logs of my operations with services?

    Yes, you can request log records about your resources from Yandex Cloud services. For more information, see Data requests.

    What does the "Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock" error mean?

    You're not running commands as a root user.

    You can use sudo or configure non-root access.

    How do I diagnose Credential Helper performance?

    • Check under which OS user and on which host the CLI commands are run. This must be the user that the Credential Helper is configured for and on whose behalf the yc container registry configure-docker command was run. The corresponding line must appear in the file /home/<user>/.docker/config.json. If you are working on a virtual machine, make sure you have the Credential helper configured there as well.

    • Check if the Credential Helper is displayed in PATH when running commands. During authentication in Container Registry using the Credential Helper, Docker accesses the docker-credential-yc binary file. Make sure this binary file is available in PATH for the user working with Docker. For example, if Docker is used with sudo, then configure-docker must be run with sudo, too. You can check this with the echo cr.yandex | docker-credential-yc get command or with echo cr.yandex | sudo docker-credential-yc get if you're running commands with sudo. If everything is working, you'll get a response in the format {"Username":"iam","Secret":"***<iam-token>***"}.

    • If the commands run in interactive mode but fail in non-interactive mode, check the .bashrc file. The yc and docker-credential-yc programs are installed in a directory that is not usually available in the default PATH. In this case, the following lines are added to the .bashrc file:

      # The next line updates PATH for Yandex Cloud CLI
      if [ -f '/home/<user>/yandex-cloud/path.bash.inc' ]; then source '/home/<user>/yandex-cloud/path.bash.inc'; fi
      

      The top section of the .bashrc file contains a condition preventing its commands from running non-interactively. That's why the commands can run when connecting to the VM manually, but fail to run when doing so via SSH.

    Was the article helpful?

    Language / Region
    © 2022 Yandex.Cloud LLC