push cache to insecure registry by buildx

Question

How to push cache to an insecure registry? I have already added it to my docker config and can log in successfully by docker login. This is my docker command:

docker buildx build --cache-to=type=registry,ref=my-insecure-repo/lib/test:0730 \
    --output=type=image,push=true \
    -t test:0730 -f ut.dockerfile .

and get error msg:

#12 ERROR: server message: insufficient_scope: authorization failed
------
 > exporting to image:
------
failed to solve: rpc error: code = Unknown desc = server message: insufficient_scope: authorization failed

I tried to add --output=type=image,push=true,registry.insecure=true but same error. Also tried add --allow security.insecure but get: failed to solve: rpc error: code = Unknown desc = granting entitlement security.insecure is not allowed by build daemon configuration

Docker version: Docker version 19.03.8, build afacb8b

Thank you all in advance.

Answer 1

The current advice for buildkit is to configure your insecure registries in the docker engine with the http scheme prefixed:

$ cat /etc/docker/daemon.json
{
  "insecure-registries" : [ "http://my-insecure-repo" ]
}

Make sure to reload the docker engine after adjusting this file (systemctl reload docker).

However buildx calls buildkit directly so the above probably won't work for this question. Instead you'll want to pass a config file with http: true. See this comment for more details.