Skip to content

Troubleshooting: sconify_image

Credentials

To build and deploy sconified images, you need to set up your credentials correctly to pull images. To do so, you probably want to put the following definitions in some script:

export GH_TOKEN=                 # GitHub Token for SconeApps - see https://sconedocs.github.io/helm/
export SCONE_HUB_ACCESS_TOKEN=   # Scontain Registry Token - see https://sconedocs.github.io/helm
export SCONE_HUB_USERNAME=       # Scontain Registry User name - see https://sconedocs.github.io/helm
export SCONE_HUB_EMAIL=          # Scontain Registry User name - see https://sconedocs.github.io/helm

export GH_TOKEN=${GH_TOKEN:?"GH_TOKEN is not set! Please set to a valid github token."}
export SCONE_HUB_ACCESS_TOKEN=${SCONE_HUB_ACCESS_TOKEN:?"SCONE_HUB_ACCESS_TOKEN is not set! Please set to a valid registry.scontain.com token."}
export SCONE_HUB_USERNAME=${SCONE_HUB_USERNAME:?"SCONE_HUB_USERNAME is not set! Please set to a valid username for registry.scontain.com"}
export SCONE_HUB_EMAIL=${SCONE_HUB_EMAIL:?"SCONE_HUB_EMAIL is not set! Please set to a valid username for registry.scontain.com"}

export PULL_SECRET_NAME=sconeapps
export MY_DOCKER_REPOSITORY=...
export K8S_IMAGE_PULL_SECRET=regcred

To deploy the SCONE SGX Plugin and the SCONE Local Attestation Service (LAS) as well as other SconeApps, you would need to create a Kubernetes secret for accessing the SCONE registry (more info):

kubectl create secret docker-registry sconeapps --docker-server=registry.scontain.com:5050 --docker-username=$SCONE_HUB_USERNAME --docker-password=$SCONE_HUB_ACCESS_TOKEN --docker-email=$SCONE_HUB_EMAIL
kubectl create secret docker-registry $K8S_IMAGE_PULL_SECRET --docker-server=$MY_DOCKER_REPOSITORY --docker-username="$..." --docker-password="$..." --docker-email="$..."

Apple MacOS

When executing sconify_image on MacOS, you might experience some issue regarding docker credentials.

Error docker-credential-osxkeychain not found

During sconification on MacOS, an error related to credentials might occur. This error might manifest itself in the log as follows (you need to switch on verbose and debug mode):

#3        error: "rpc error: code = Unknown desc = error getting credentials - err: exec: \"docker-credential-osxkeychain\": executable file not found in $PATH, out: ``"

failed to solve with frontend dockerfile.v0: failed to solve with frontend gateway.v0: rpc error: code = Unknown desc = error getting credentials - err: exec: "docker-credential-osxkeychain": executable file not found in $PATH, out: ``
# syntax=docker/dockerfile:1.2

To mitigate this error, you need to change your config on MacOS:

vi $HOME/.docker/config.json

This might look like this:

{
  "credsStore" : "osxkeychain",
  "auths" : {
    "registry.scontain.com:5050" : {

    },
    "gitlab.scontain.com" : {

    }
  },
  "experimental" : "disabled"
}

and you might want to change this to

{
  "auths" : {
    "registry.scontain.com:5050" : {

    },
    "gitlab.scontain.com" : {

    }
  },
  "experimental" : "disabled"
}

to mitigate this error.