'On stack deploy, unable to pin image to digest: unauthorized: the client does not have permission for manifest

I'm running a Docker stack using a custom image which I have pushed to an Artifactory repository.

docker-compose.yml:

version: "3"

services:
  app:
    image: repo.example.com/my_image:latest

I can pull the image fine, and I can deploy the stack fine, but if I try to redeploy the stack, I get an error.

$ docker stack deploy --with-registry-auth -c docker-compose.yml my_stack
Creating network my_stack_default
Creating service my_stack_app

$ docker stack deploy --with-registry-auth -c docker-compose.yml my_stack
Updating service my_stack_app (id: 8po6oepjdgo8kwsb7n4ig64dt)
unable to pin image repo.example.com/my_image:latest to digest: unauthorized: The client does not have permission for manifest

I expect Docker to update the image when I redeploy the stack, just like it would if I used an image from Docker Hub.

I've seen Docker say unable to pin image before, but that was when I did not specify a repository (e.g. docker.io). I know I have permission from repo.example.com because I pushed the image there, I can still pull from it, and I can start the stack. I just can't update it.

What does this client does not have permission for manifest error mean, and how do I fix this issue?

dockerartifactorydocker-swarmdocker-stack


Solution 1:[1]

This looks like your user does not have the "Delete / Overwrite" permission to this repository. Please ask your Artifactory admin to add this permission to your user for this repository and try again.

Hope this helps!

Solution 2:[2]

If you have all of your permissions approved then the issue may be that your local .docker\config.json file has not been created.

If that is the case then you may want to run this command in the terminal at the root of your folder:

docker login repo.example.com

That will take your credentials and store them in an unecrypted .docker\config.json file.

After that your deploy should work (and you might want to consider configuring a credential helper to keep your credentials safe)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Adi Vizgan
Solution 2 Timothy Morales

Related Questions

docker image - merged/diff/work/LowerDir components of GraphDriver

docker image - merged/diff/work/LowerDir components of GraphDriver

In docker-compose, is it possible to reuse volume configuration between services?

Installing imagemagick in docker container

How to set docker container name in Pycharm Docker Interpreter

Docker. Communication between Laravel containers

E: Package 'mysql-client' has no installation candidate in php-fpm image build using docker compose

M1 chip, Install Puppeteer in Docker NodeJs, The chromium binary is not available for arm64

How do I configure "ulimits" for a Docker container running in AWS ECS?

Travis-ci installs packages from requirements.txt file automatically

How critical is dumb-init for Docker?

docker build failed after pip installed requirements with exit code 137

Error with docker and react, digital envelope routines::unsupported

npm ERR! Tracker "idealTree" already exists while creating the Docker image for Node project

How to access gradle test reports from a docker container