Certificate error when pulling within docker

I can pull an image from the command line, but when it is pulled from a docker container running K3s on containerd I get:

Failed to pull image" err="rpc error: code = Unknown desc = failed to pull and unpack image \"[ghcr.io/flyteorg/flytekit:py3.9-latest\](http://ghcr.io/flyteorg/flytekit:py3.9-latest%5C)": failed to resolve reference \"[ghcr.io/flyteorg/flytekit:py3.9-latest\](http://ghcr.io/flyteorg/flytekit:py3.9-latest%5C)": failed to do request: Head \"[https://ghcr.io/v2/flyteorg/flytekit/manifests/py3.9-latest\](https://ghcr.io/v2/flyteorg/flytekit/manifests/py3.9-latest%5C)": x509: certificate signed by unknown authority" image="[ghcr.io/flyteorg/flytekit:py3.9-latest](http://ghcr.io/flyteorg/flytekit:py3.9-latest)

Note the statement “x509: certificate signed by unknown authority

This fails on my Mac with an Apple M2 Max chip, but works on another Mac that I’ve got with an Intel chip. I don’t know if this is related.

To me, it looks like Docker isn’t using certificates properly, since I can pull the image on the command line

To understand it better, could you answer the following questions?

  • Are you trying to pull images from a container based on the same image on both machines?
  • Do you have the same version of Docker Desktop on both machines?
  • Can you pull images from other repositories like Docker Hub?
  • Are both machines in the same LAN network?

“unknown authority” usually means that the host machine doesn’t know about the certificate authority. It could happen when the host (container in this case) OS is not up to date or missing required packages like “ca-certificates” on debian based systems, but I wouldn’t try to guess more until you answer the above questions.