Kaniko executor couldn't push the image into the container registry

gbalamurugan · January 2023

In Lab 4 Page 9, mentioned Kaniko excutor as

stage('Docker BnP') {
steps {
container('kaniko') {
sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd`
--insecure --skip-tls-verify --cache=true
--destination=docker.io/xxxxxx/dsodemo'
}
}
}

As the docker.io doesn't exists, I have changed it into.

sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=https://hub.docker.com/r/baladevsecops/dso:latest'

I am getting the below error, Could you please help me to resolve this issue?

+ /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=https://hub.docker.com/r/baladevsecops/dso:latest'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "https://hub.docker.com/r/baladevsecops/dso:latest": creating push check transport for https: failed: Get "https://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host; Get "http://https/v2/": dial tcp: lookup https on 10.68.0.10:53: no such host

gbalamurugan · January 2023

When I tried with sh '/kaniko/executor -fpwd/Dockerfile -cpwd--insecure --skip-tls-verify --cache=true --destination=docker.io/baladevsecops/dso' got the below error

+ /kaniko/executor -f /home/jenkins/agent/workspace/dso_main/Dockerfile -c /home/jenkins/agent/workspace/dso_main --insecure --skip-tls-verify '--cache=true' '--destination=docker.io/baladevsecops/dso'
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "docker.io/baladevsecops/dso": POST https://index.docker.io/v2/baladevsecops/dso/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:baladevsecops/dso Type:repository] map[Action:push Class: Name:baladevsecops/dso Type:repository]]

freddysf · January 2023

@gbalamurugan check your kaniko specs in your build-agent.yaml. I simplified it to:

- name: kaniko
      image: gcr.io/kaniko-project/executor:debug
      imagePullPolicy: Always
      command:
        - sleep
      args:
        - 99d
      volumeMounts:
        - name: jenkins-docker-cfg
          mountPath: /kaniko/.docker

and under volumes

    - name: jenkins-docker-cfg
      secret:
        secretName: regcred
        items:
        - key: .dockerconfigjson
          path: config.json

In Jenkinsfile the stage looks like this:

        stage('Docker BnP') {
          steps {
            container('kaniko') {
              sh '''
          /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/fingolfint/dsodemo:latest
          '''
            }
          }
        }

antonio200x · March 2023

According to this issue (https://github.com/GoogleContainerTools/kaniko/issues/1542), you have to declare below environment variable as part of Kaniko pod declaration in your build-agent.yaml:
env:
-name: container
value: kube

soundwave · October 2023

I Found that for newer version, you should mount credential volumes as the following:

    - name: jenkins-docker-cfg
      secret: 
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json

sabbih · December 2023

@soundwave said:
I Found that for newer version, you should mount credential volumes as the following:

    - name: jenkins-docker-cfg
      secret: 
        secretName: regcred
        items:
          - key: .dockerconfigjson
            path: config.json

Can you provide the reference, this solved my 2 weeks problems pushing to my private repo. Thanks so much

oskarq · February 2024

I this still valid?
I can't make it work even applying the suggested solution above.

kubectl create secret -n ci docker-registry regcred--docker-server=https://index.docker.io/v1/--docker-username=xxxxxx --docker-password=yyyyyy--docker-email=xyz@abc.org

kenzman · January 28

This worked for me by combining the suggestions above. I want to post it here, should anyone encounter the issue in the future.

In the build-agent.yaml file,

    - name: kaniko
      image: gcr.io/kaniko-project/executor:v1.6.0-debug
      imagePullPolicy: Always
      env:
        - name: container
          value: kube
      command:
        - sleep
      args:
        - 99d
      volumeMounts:
        - name: jenkins-docker-cfg
          mountPath: /kaniko/.docker

Under volumes:

    - name: jenkins-docker-cfg
       secret:
          secretName: regcred
          items:
          - key: .dockerconfigjson
             path: config.json

Finally for the jenkinsfile:

    stage('OCI Image BnP') {
steps {
container('kaniko') {
sh '''
  /kaniko/executor --verbosity debug -f `pwd`/Dockerfile -c `pwd` --insecure --skip-tls-verify --cache=true --destination=docker.io/<username>/dsodemo:latest
  '''
          }
        }
      }

Kaniko executor couldn't push the image into the container registry

Welcome!

Comments

Welcome!

Welcome!

Quick Links

Categories

Upcoming Training

Kubernetes Administration (LFS458)

Linux System Administration (LFS301)

Open Source Virtualization (LFS462)

Linux Kernel Debugging and Security (LFD440)