Welcome to the Linux Foundation Forum!

Kaniko executor couldn't push the image into the container registry

In Lab 4 Page 9, mentioned Kaniko excutor as

stage('Docker BnP') {
steps {
container('kaniko') {
sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd`
--insecure --skip-tls-verify --cache=true
--destination=docker.io/xxxxxx/dsodemo'
}
}
}

As the docker.io doesn't exists, I have changed it into.

sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=https://hub.docker.com/r/baladevsecops/dso:latest'

I am getting the below error, Could you please help me to resolve this issue?

+ /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=https://hub.docker.com/r/baladevsecops/dso:latest'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "https://hub.docker.com/r/baladevsecops/dso:latest": creating push check transport for https: failed: Get "https://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host; Get "http://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host

Comments

  • When I tried with sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=docker.io/baladevsecops/dso' got the below error

    + /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=docker.io/baladevsecops/dso'
    error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "docker.io/baladevsecops/dso": POST https://index.docker.io/v2/baladevsecops/dso/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:baladevsecops/dso Type:repository] map[Action:push Class: Name:baladevsecops/dso Type:repository]]
    
  • @gbalamurugan check your kaniko specs in your build-agent.yaml. I simplified it to:

    - name: kaniko
          image: gcr.io/kaniko-project/executor:debug
          imagePullPolicy: Always
          command:
            - sleep
          args:
            - 99d
          volumeMounts:
            - name: jenkins-docker-cfg
              mountPath: /kaniko/.docker
    

    and under volumes

        - name: jenkins-docker-cfg
          secret:
            secretName: regcred
            items:
            - key: .dockerconfigjson
              path: config.json    
    

    In Jenkinsfile the stage looks like this:

            stage('Docker BnP') {
              steps {
                container('kaniko') {
                  sh '''
              /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/fingolfint/dsodemo:latest
              '''
                }
              }
            }
    
  • According to this issue (https://github.com/GoogleContainerTools/kaniko/issues/1542), you have to declare below environment variable as part of Kaniko pod declaration in your build-agent.yaml:
    env:
    -name: container
    value: kube

  • soundwave
    soundwave Posts: 1
    edited October 2023

    I Found that for newer version, you should mount credential volumes as the following:

        - name: jenkins-docker-cfg
          secret: 
            secretName: regcred
            items:
              - key: .dockerconfigjson
                path: config.json
    
  • @soundwave said:
    I Found that for newer version, you should mount credential volumes as the following:

        - name: jenkins-docker-cfg
          secret: 
            secretName: regcred
            items:
              - key: .dockerconfigjson
                path: config.json
    

    Can you provide the reference, this solved my 2 weeks problems pushing to my private repo. Thanks so much

  • oskarq
    oskarq Posts: 22

    I this still valid?
    I can't make it work even applying the suggested solution above.

    kubectl create secret -n ci docker-registry regcred--docker-server=https://index.docker.io/v1/--docker-username=xxxxxx --docker-password=yyyyyy--docker-email=xyz@abc.org
    

Categories

Upcoming Training