Hello, Bitbucket Community!

I’m running into an issue with Docker Buildx on a Bitbucket self-hosted runner deployed in Kubernetes. My goal is to use Docker Buildx to build and push multi-platform Docker images directly from my Bitbucket pipeline. The Buildx command runs perfectly on my local machine, but on the Kubernetes self-hosted runner, it fails with an authorization error.

Here’s my pipeline configuration:

pipelines: branches: master: - step: name: Docker Build runs-on: - 'self.hosted' - 'linux' services: - docker script: - echo "$DOCKERHUB_PASSWORD" | docker login --username "$DOCKERHUB_USERNAME" --password-stdin - wget https://github.com/docker/buildx/releases/download/v0.18.0/buildx-v0.18.0.linux-amd64 - chmod +x buildx-v0.18.0.linux-amd64 - mv buildx-v0.18.0.linux-amd64 docker-buildx - mkdir -p ~/.docker/cli-plugins - mv docker-buildx ~/.docker/cli-plugins - docker buildx build -t gurgenyegoryan/test-bitbucket:latest --push --platform linux/arm64 .

And here is the Kubernetes job configuration:

apiVersion: v1 kind: List items: - apiVersion: v1 kind: Secret metadata: name: runner-oauth-credentials labels: accountUuid: ************** repositoryUuid: **************** runnerUuid: ********************* data: oauthClientId: ********************* oauthClientSecret: *********************** - apiVersion: batch/v1 kind: Job metadata: name: runner spec: template: metadata: labels: accountUuid: ********************** repositoryUuid: ********************* runnerUuid: ****************** spec: containers: - name: runner image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner securityContext: privileged: true env: - name: ACCOUNT_UUID value: "{**********************}" - name: REPOSITORY_UUID value: "{*********************}" - name: RUNNER_UUID value: "{******************}" - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: runner-oauth-credentials key: oauthClientId - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: runner-oauth-credentials key: oauthClientSecret - name: WORKING_DIRECTORY value: "/tmp" - name: RUNTIME_PREREQUISITES_ENABLED value: "true" volumeMounts: - name: tmp mountPath: /tmp - name: docker-containers mountPath: /var/lib/docker/containers readOnly: true - name: var-run mountPath: /var/run - name: docker-in-docker image: docker:20.10.7-dind env: volumeMounts: - name: tmp mountPath: /tmp - name: docker-containers mountPath: /var/lib/docker/containers - name: var-run mountPath: /var/run restartPolicy: OnFailure volumes: - name: tmp - name: docker-containers - name: var-run

The runner status shows as online, but when it tries to execute the Docker Buildx command, it gives an error:

docker buildx build -t gurgenyegoryan/test-bitbucket:latest --push --platform linux/arm64 . #0 building with "default" instance using docker-container driver #1 [internal] booting buildkit #1 pulling image moby/buildkit:buildx-stable-1 #1 pulling image moby/buildkit:buildx-stable-1 6.0s done #1 creating container buildx_buildkit_default 0.0s done #1 ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed ------ > [internal] booting buildkit: ------ ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed

I would appreciate any help or suggestions on how to resolve this authorization error when running Docker Buildx on a Bitbucket Kubernetes self-hosted runner.