Comments (5)
Here are the env
lines that match 'example.com':
CI_DEPENDENCY_PROXY_SERVER=example.com:443
CI_SERVER_HOST=example.com
CI_SERVER_URL=https://example.com
CI_COMPONENT_FQDN=example.com
CI_REGISTRY_IMAGE=registry-example.com:443/me/registry-test
CI_PIPELINE_URL=https://example.com/me/registry-test/-/pipelines/3612
CI_SERVER_FQDN=example.com
CI_REPOSITORY_URL=https://gitlab-ci-token:[MASKED]@example.com/me/registry-test.git
CI_API_GRAPHQL_URL=https://example.com/api/graphql
CI_REGISTRY=registry-example.com:443
CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX=example.com:443/me/dependency_proxy/containers
CI_API_V4_URL=https://example.com/api/v4
CI_SERVER_SHELL_SSH_HOST=example.com
CI_JOB_URL=https://example.com/me/registry-test/-/jobs/7576
CI_PROJECT_URL=https://example.com/me/registry-test
CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX=example.com:443/me/dependency_proxy/containers
from kaniko.
I'm trying to compile a modified version of Kaniko for debugging purposes:
DOCKER_BUILDKIT=1 docker image build . -f deploy/Dockerfile --tag=kaniko
How can I build a -debug
version / flavor so it includes /bin/sh
, which is required by GitLab's CI runner?
from kaniko.
I'm trying to compile a modified version of Kaniko for debugging purposes:
DOCKER_BUILDKIT=1 docker image build . -f deploy/Dockerfile --tag=kaniko
How can I build a
-debug
version / flavor so it includes/bin/sh
, which is required by GitLab's CI runner?
I was able to add busybox with an extra Dockerfile
:
FROM busybox:musl AS busybox
FROM kaniko:latest AS kaniko
ENV PATH="/bin:/kaniko"
COPY --from=busybox /bin /bin
Which allowed me to run my locally compiled version with GitLab. I'm still not sure why Kaniko is failing to log in though.
from kaniko.
I added and used the following debug patch to Kaniko:
diff --git a/pkg/executor/push.go b/pkg/executor/push.go
index c95aecc3..393d345d 100644
--- a/pkg/executor/push.go
+++ b/pkg/executor/push.go
@@ -91,6 +91,7 @@ var (
// push to every specified destination.
func CheckPushPermissions(opts *config.KanikoOptions) error {
targets := opts.Destinations
+ fmt.Printf("destinations: %s\n", opts.Destinations)
// When no push and no push cache are set, we don't need to check permissions
if opts.SkipPushPermissionCheck {
targets = []string{}
Which prints the following, when adding a container name to the command, which should be necessary because we need more levels in the URL path:
$ /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile" --destination "${CI_REGISTRY_IMAGE}/foo:${CI_COMMIT_TAG}"
destinations: [registry-example.com:443/leaf-node/registry-test/foo:v0.0.19]
...
(same error seen originally)
The destination URL is correct. I get the same error with and without a the following in .gitlab-ci.yml
:
- mkdir -p /kaniko/.docker/
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json
from kaniko.
I found a workaround for this issue: explicitly enter the registry URL so it's possible to leave off the port number :443
.
# working:
--destination "registry-example.com/me/registry-test/my-container:${CI_COMMIT_TAG}"
# not working:
--destination "registry-example.com:443/me/registry-test/my-container:${CI_COMMIT_TAG}"
It may also be possible to configure GitLab to not include the port in the ${CI_REGISTRY_IMAGE}
variable:
/etc/gitlab/gitlab.rb
:
## comment out this line:
#gitlab_rails['registry_port'] = "443"
I haven't tested that yet, because our dev instance is currently facing another issue.
In any case, you'll still likely need to add something like /my-container
to the image URL.
from kaniko.
Related Issues (20)
- Recipe for adding bash to Kaniko HOT 1
- Required Socket Files Ignored
- mktemp present but non-functional HOT 3
- error building image: stream error: stream ID 13; NO_ERROR; received from peer
- During image push and pull, error building image: stream error: stream ID 13; NO_ERROR; received from peer HOT 2
- Even when `KANIKO_NO_PUSH="true"` there is a info message with "Pushed"
- Creating a custom kaniko image using a multi-stage Dockerfile fails
- Generated image is missing files generated via RUN HOT 7
- [TEST FLAKE] Intermittently seeing - `No such image: localhost:5000/<test-image>` HOT 3
- [Bug] --registry-mirror does not work with warmer since v1.21.0 HOT 1
- error removing bin to make way for new symlink: unlinkat //bin/sh: permission denied
- Question regarding a vulnerability (CVE-2023-45288), vuln scans & results publishing HOT 2
- Setting `--kaniko-dir` (or `KANIKO_DIR`) clobbers `DOCKER_CONFIG` if it is explicitly set. HOT 2
- Execution takes too long for "Unpacking rootfs as cmd COPY" HOT 2
- compression=zstd not working starting from v1.16
- After run kaniko in container, image is changed and part of local context stop to work HOT 2
- using Kaniko with a registry-mirror or registry-map which includes a path does not work for pulling images from DockerHub HOT 1
- Cannot pass empty value of --build-arg
- error pushing image: MANIFEST_BLOB_UNKNOWN: blob unknown to registry;
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kaniko.