Docker-credential-deskop - executable file not found

After working through the issues for the create-stack errors and websocket connection errors, I’m able to sign in to the self-hosted gitpod with Github oauth.

When I try to create a new workspace I get

“…docker-credential-deskop…executable file not found…”


I’m guessing this is related to the IMAGE_PULL_SECRET_FILE, docker-config.json which has these contents

	"auths": {
		"": {}
	"credsStore": "desktop",
	"experimental": "disabled",
	"stackOrchestrator": "swarm"

I have Docker Desktop for Mac installed and that was how the file was created when I did docker login

Is that what is causing the issue? If so, how should I generate the IMAGE_PULL_SECRET_FILE?

@philcruz please check the next Kubernetes document to get details about the format of the file.

@aledbf Yes, I have checked the document. I think I’m running into the issue mentioned in that document

Note: If you use a Docker credentials store, you won’t see that auth entry but a credsStore entry with the name of the store as value.

and it’s not clear to me from the document how I can create the file with the auth entry. I remove the credStore key from the file but when I do docker login it just adds it back in.

I manually created the file by manually doing base64 encoding of username:password so I created the file like

    "auths": {
        "": {
            "auth": "cGhpbG...Q=="

I deleted the secret and pushed the updated file with

kubectl create secret generic gitpod-image-pull-secret --from-file=.dockerconfigjson=docker-config.json

and then I did

kubectl rollout restart deployment/server

but I’m still getting the same error. Is there something else I need to do for the updated secret to take effect?

@philcruz please restart the image builder
kubectl rollout restart deployment/image-builder-mk3

@aledbf Thanks! That did the trick and I was able to create a new workspace

However, when I go to the workspace I get some SSL error

On the ALB, I have a cert for * Is that not sufficient to cover * Do I need to add a cert specific for that?

@philcruz yes, that requirement is mentioned in the doc

This is the value of the CNAME field that needs to be configured in the DNS domain, for the record <domain> , *.ws.<domain> and *.<domain>


Wildcard certificates are valid only for one level, like but is not for

@aledbf Thanks for clarifying. I created the additional certs and that issue is resolved. Though now I’m hitting “cannot initialize workspace” so I’ll create another thread for that.