Error response from daemon: Dockerfile parse error Unknown flag: mount

docker dockerfile

44,220

Solution 1

tl;dr

Dockerfile

# syntax=docker/dockerfile:experimental
FROM continuumio/miniconda3
RUN --mount=type=ssh pip install git+ssh://[email protected]/myrepo/[email protected]
RUN conda install numpy
...

Note: the comment on the first line is required voodoo

Then build your docker image with:

DOCKER_BUILDKIT=1 docker build --ssh default -t my_image .

With this, you will be able to use the --mount option for the RUN directive in your Dockerfile.

Long answer

As found in the documentation here, ssh forwarding when building docker image is enabled only when using the BuildKit backend:

External implementation features

This feature is only available when using the BuildKit backend.

Docker build supports experimental features like cache mounts, build secrets and ssh forwarding that are enabled by using an external implementation of the builder with a syntax directive. To learn about these features, refer to the documentation in BuildKit repository.

For this you need Docker 18.09 (or later) and you also need to run the docker build command with the DOCKER_BUILDKIT=1 environment variable and start your Docker file with the following magic comment : # syntax=docker/dockerfile:experimental.

Also you can edit /etc/docker/daemon.json and add :

{
    "experimental" : false,
    "debug" : true,
    "features": {
        "buildkit" : true
    }
}

Solution 2

If you are using sudo for docker commands, you might need:

sudo DOCKER_BUILDKIT=1 ...

Solution 3

The error message that you are getting due to writing --mount inside the Dockerfile. You have to enable Docker BuildKit first in order to use this syntax.

You can check all of the currently available build options through here

Solution 4

To anyone out there that might be struggling with this sort of error: ensure that the first line of the file is '# syntax=docker/dockerfile:experimental'. This will work:

# syntax=docker/dockerfile:experimental
FROM golang:1.14.1 as builder
...    
RUN --mount=type=ssh  GOSUMDB=off go get -d -v ./...

BUT if you add a comment at the start of the file like so:

# SOME SILLY COMMENT HERE  <--- this ostensibly innocent comment ruins everything!
# syntax=docker/dockerfile:experimental
FROM golang:1.14.1 as builder
...    
RUN --mount=type=ssh  GOSUMDB=off go get -d -v ./...

Then 'syntax=...' will not be taken into account because it's no longer on the very first line. This is why you get that weird error about 'mount' below! Gah!

Hopefully this will save a few hours from the lives of a few people.

View more solutions

44,220

Author by

PMende

Updated on June 03, 2021

Comments

PMende over 1 year

There is a previous question (Docker Unknown flag --mount) facing the same error that was due to having an out-of-date version of Docker running. I have an up-to-date version of Docker running.

I have the following Dockerfile:

FROM continuumio/miniconda3
RUN --mount=type=ssh pip install git+ssh://[email protected]/myrepo/[email protected]
RUN conda install numpy
...

According to the documentation, I should be able to simply run docker build --ssh default .. However, I receive the following error:

Sending build context to Docker daemon  2.048kB
Error response from daemon: Dockerfile parse error line 3: Unknown flag: mount

Output of docker version:

Client: Docker Engine - Community
 Version:           18.09.2
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        6247962
 Built:             Sun Feb 10 04:12:39 2019
 OS/Arch:           darwin/amd64
 Experimental:      false
Server: Docker Engine - Community
 Engine:
  Version:          18.09.2
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       6247962
  Built:            Sun Feb 10 04:13:06 2019
  OS/Arch:          linux/amd64
  Experimental:     true

I would like to build a Docker image without exposing my private SSH credentials, and this seemed to be the supported method. Anyone have thoughts on what's causing the issue?

PMende almost 4 years

Thanks for the response. I tried this, and got a new error: failed to create LLB definition: Dockerfile parse error line 3: Unknown flag: mount.
PMende almost 4 years

Turns out I had to put the following header in my Dockerfile: # syntax=docker/dockerfile:1.0.0-experimental. Now I'm getting failure on host key verification. Making progress!
Thomasleveil almost 4 years

oh, I missed that, I will update my answer so it is clearer for futur readers
Israel Perales about 3 years

2 hours , 2 hours and finally i need put this comment in my Dockerfile # syntax=docker/dockerfile:experimental
Alexis Wilke almost 3 years

Too bad that at the moment the Bocker BuildKit commands are not available through Docker Compose. github.com/docker/compose/issues/6440
Vinícius M over 2 years

And using the sudo after variable does not work haha just wasted hours before realising this.
pklaus over 2 years

@AlexisWilke Well use of Buildkit in general is possible with Docker Compose. Just run it with : COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build. It seems that the special --mount arguments such as build time secrets (github.com/docker/compose/pull/7046) or ssh (github.com/docker/compose/issues/7252) are not part of it yet.
Mahendar Patel about 2 years

This answer should have so much more appreciation.
eric.frederich over 1 year

Why does it work without this comment line locally but on a GitLab CI job it requires that magical comment?
PMende over 1 year

@eric.frederich Unsure personally. It may be that you have a newer version of Docker on your local, and that the syntax has been promoted from experimental? Been a while since I've done any work with Docker/Kubernetes.