Kaniko executor couldn't push the image into the container registry

gbalamurugan

In Lab 4 Page 9, mentioned Kaniko excutor as

stage('Docker BnP') {
steps {
container('kaniko') {
sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd`
--insecure --skip-tls-verify --cache=true
--destination=docker.io/xxxxxx/dsodemo'
}
}
}

As the docker.io doesn't exists, I have changed it into.

sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=https://hub.docker.com/r/baladevsecops/dso:latest'

I am getting the below error, Could you please help me to resolve this issue?

+ /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=https://hub.docker.com/r/baladevsecops/dso:latest'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "https://hub.docker.com/r/baladevsecops/dso:latest": creating push check transport for https: failed: Get "https://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host; Get "http://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host

gbalamurugan

When I tried with sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=docker.io/baladevsecops/dso' got the below error

+ /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=docker.io/baladevsecops/dso'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "docker.io/baladevsecops/dso": POST https://index.docker.io/v2/baladevsecops/dso/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:baladevsecops/dso Type:repository] map[Action:push Class: Name:baladevsecops/dso Type:repository]]

freddysf

@gbalamurugan check your kaniko specs in your build-agent.yaml. I simplified it to:

- name: kaniko
      image: gcr.io/kaniko-project/executor:debug
      imagePullPolicy: Always
      command:
        - sleep
      args:
        - 99d
      volumeMounts:
        - name: jenkins-docker-cfg
          mountPath: /kaniko/.docker

and under volumes

    - name: jenkins-docker-cfg
      secret:
        secretName: regcred
        items:
        - key: .dockerconfigjson
          path: config.json    

In Jenkinsfile the stage looks like this:

        stage('Docker BnP') {
          steps {
            container('kaniko') {
              sh '''
          /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/fingolfint/dsodemo:latest
          '''
            }
          }
        }

antonio200x

According to this issue (https://github.com/GoogleContainerTools/kaniko/issues/1542), you have to declare below environment variable as part of Kaniko pod declaration in your build-agent.yaml:
env:
-name: container
value: kube

soundwave

I Found that for newer version, you should mount credential volumes as the following:

    - name: jenkins-docker-cfg
      secret: 
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json

sabbih

@soundwave said:
I Found that for newer version, you should mount credential volumes as the following:

    - name: jenkins-docker-cfg
      secret: 
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json

Can you provide the reference, this solved my 2 weeks problems pushing to my private repo. Thanks so much

oskarq

I this still valid?
I can't make it work even applying the suggested solution above.

kubectl create secret -n ci docker-registry regcred--docker-server=https://index.docker.io/v1/--docker-username=xxxxxx --docker-password=yyyyyy--docker-email=xyz@abc.org

kenzman

This worked for me by combining the suggestions above. I want to post it here, should anyone encounter the issue in the future.

In the build-agent.yaml file,

    - name: kaniko
      image: gcr.io/kaniko-project/executor:v1.6.0-debug
      imagePullPolicy: Always
      env:
        - name: container
          value: kube
      command:
        - sleep
      args:
        - 99d
      volumeMounts:
        - name: jenkins-docker-cfg
          mountPath: /kaniko/.docker

Under volumes:

    - name: jenkins-docker-cfg
       secret:
          secretName: regcred
          items:
          - key: .dockerconfigjson
             path: config.json

Finally for the jenkinsfile:

    stage('OCI Image BnP') {
steps {
container('kaniko') {
sh '''
  /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/<username>/dsodemo:latest
  '''
          }
        }
      }