Docker-credential-deskop - executable file not found

After working through the issues for the create-stack errors and websocket connection errors, I’m able to sign in to the self-hosted gitpod with Github oauth.

When I try to create a new workspace I get

“…docker-credential-deskop…executable file not found…”

image

I’m guessing this is related to the IMAGE_PULL_SECRET_FILE, docker-config.json which has these contents

{
	"auths": {
		"https://index.docker.io/v1/": {}
	},
	"credsStore": "desktop",
	"experimental": "disabled",
	"stackOrchestrator": "swarm"
}

I have Docker Desktop for Mac installed and that was how the file was created when I did docker login

Is that what is causing the issue? If so, how should I generate the IMAGE_PULL_SECRET_FILE?

@philcruz please check the next Kubernetes document to get details about the format of the file.

@aledbf Yes, I have checked the document. I think I’m running into the issue mentioned in that document

Note: If you use a Docker credentials store, you won’t see that auth entry but a credsStore entry with the name of the store as value.

and it’s not clear to me from the document how I can create the file with the auth entry. I remove the credStore key from the file but when I do docker login it just adds it back in.

I manually created the file by manually doing base64 encoding of username:password so I created the file like

{
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "cGhpbG...Q=="
        }
    }
}

I deleted the secret and pushed the updated file with

kubectl create secret generic gitpod-image-pull-secret --from-file=.dockerconfigjson=docker-config.json --type=kubernetes.io/dockerconfigjson

and then I did

kubectl rollout restart deployment/server

but I’m still getting the same error. Is there something else I need to do for the updated secret to take effect?

@philcruz please restart the image builder
kubectl rollout restart deployment/image-builder-mk3

@aledbf Thanks! That did the trick and I was able to create a new workspace

However, when I go to the workspace I get some SSL error

On the ALB, I have a cert for *.mydomain.com. Is that not sufficient to cover *.ws.gitpod.mydomain.com? Do I need to add a cert specific for that?

@philcruz yes, that requirement is mentioned in the doc

This is the value of the CNAME field that needs to be configured in the DNS domain, for the record <domain> , *.ws.<domain> and *.<domain>

*.mydomain.com

Wildcard certificates are valid only for one level, like gitpod.mydomain.com but is not for foo.gitpod.mydomain.com

@aledbf Thanks for clarifying. I created the additional certs and that issue is resolved. Though now I’m hitting “cannot initialize workspace” so I’ll create another thread for that.