Welcome to the Linux Foundation Forum!

Kaniko executor couldn't push the image into the container registry

gbalamurugan
gbalamurugan Posts: 6
in LFS262 Class Forum

In Lab 4 Page 9, mentioned Kaniko excutor as

stage('Docker BnP') {
steps {
container('kaniko') {
sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd`
--insecure --skip-tls-verify --cache=true
--destination=docker.io/xxxxxx/dsodemo'
}
}
}

As the docker.io doesn't exists, I have changed it into.

sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=https://hub.docker.com/r/baladevsecops/dso:latest'

I am getting the below error, Could you please help me to resolve this issue?

+ /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=https://hub.docker.com/r/baladevsecops/dso:latest'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "https://hub.docker.com/r/baladevsecops/dso:latest": creating push check transport for https: failed: Get "https://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host; Get "http://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host

Comments

  • gbalamurugan
    gbalamurugan Posts: 6

    When I tried with sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=docker.io/baladevsecops/dso' got the below error

    + /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=docker.io/baladevsecops/dso'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "docker.io/baladevsecops/dso": POST https://index.docker.io/v2/baladevsecops/dso/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:baladevsecops/dso Type:repository] map[Action:push Class: Name:baladevsecops/dso Type:repository]]
  • freddysf
    freddysf Posts: 11

    @gbalamurugan check your kaniko specs in your build-agent.yaml. I simplified it to:

    - name: kaniko
      image: gcr.io/kaniko-project/executor:debug
      imagePullPolicy: Always
      command:
        - sleep
      args:
        - 99d
      volumeMounts:
        - name: jenkins-docker-cfg
          mountPath: /kaniko/.docker

    and under volumes

        - name: jenkins-docker-cfg
      secret:
        secretName: regcred
        items:
        - key: .dockerconfigjson
          path: config.json

    In Jenkinsfile the stage looks like this:

            stage('Docker BnP') {
          steps {
            container('kaniko') {
              sh '''
          /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/fingolfint/dsodemo:latest
          '''
            }
          }
        }
  • antonio200x
    antonio200x Posts: 1

    According to this issue (https://github.com/GoogleContainerTools/kaniko/issues/1542), you have to declare below environment variable as part of Kaniko pod declaration in your build-agent.yaml:
    env:
    -name: container
    value: kube

  • soundwave
    soundwave Posts: 1
    edited October 2023

    I Found that for newer version, you should mount credential volumes as the following:

        - name: jenkins-docker-cfg
      secret: 
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json
  • sabbih
    sabbih Posts: 1

    @soundwave said:
    I Found that for newer version, you should mount credential volumes as the following:

        - name: jenkins-docker-cfg
      secret: 
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json

    Can you provide the reference, this solved my 2 weeks problems pushing to my private repo. Thanks so much

  • oskarq
    oskarq Posts: 22

    I this still valid?
    I can't make it work even applying the suggested solution above.

    kubectl create secret -n ci docker-registry regcred--docker-server=https://index.docker.io/v1/--docker-username=xxxxxx --docker-password=yyyyyy--docker-email=xyz@abc.org
  • kenzman
    kenzman Posts: 1
    edited January 28

    This worked for me by combining the suggestions above. I want to post it here, should anyone encounter the issue in the future.

    In the build-agent.yaml file,

        - name: kaniko
      image: gcr.io/kaniko-project/executor:v1.6.0-debug
      imagePullPolicy: Always
      env:
        - name: container
          value: kube
      command:
        - sleep
      args:
        - 99d
      volumeMounts:
        - name: jenkins-docker-cfg
          mountPath: /kaniko/.docker

    Under volumes:

        - name: jenkins-docker-cfg
       secret:
          secretName: regcred
          items:
          - key: .dockerconfigjson
             path: config.json

    Finally for the jenkinsfile:

        stage('OCI Image BnP') {
steps {
container('kaniko') {
sh '''
  /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/<username>/dsodemo:latest
  '''
          }
        }
      }

Categories

Upcoming Training