search

GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.88k stars 1.44k forks source link

Kaniko remove file copied from an other image if a link (sym or hard) is created on this or a file copied in folder #2314

Open emeric-martineau opened 2 years ago

emeric-martineau commented 2 years ago

Actual behavior When we copy file from another image:

COPY --from=kaniko /kaniko/executor /kaniko/executor

and create a link (sym or hard) on this:

RUN  ln -s /kaniko/executor /usr/local/bin/kaniko

the folder /kaniko is removed.

Same behavior if create a file in /kaniko folder:

RUN touch /kaniko/empty

Expected behavior Buildkit compatibility. With buildkit link exists and /kaniko/ is keep.

To Reproduce Create a image with this Dockerfile:

FROM gcr.io/kaniko-project/executor:v1.9.1 as kaniko

FROM ubuntu:22.04 as target

ENV TERM xterm
ENV DEBIAN_FRONTEND noninteractive

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Initial required packages
RUN \
  apt-get update && \
  apt-get install -y --no-install-recommends \
    ca-certificates \
    apt-utils \
    bash \
    curl \
    unzip \
    git \
    tzdata \
    gettext-base 

COPY --from=kaniko /kaniko/executor /kaniko/executor
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=kaniko /kaniko/ssl/certs/ /kaniko/ssl/certs/
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf

ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json

RUN  ln -s /kaniko/executor /usr/local/bin/kaniko

Error happend when we use docker image gcr.io/kaniko-project/executor:v1.9.1

Additional Information Workaround:

FROM gcr.io/kaniko-project/executor:v1.9.1 as kaniko

FROM ubuntu:22.04 as target

ENV TERM xterm
ENV DEBIAN_FRONTEND noninteractive

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

COPY --from=kaniko /kaniko/executor /kaniko/executor
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=kaniko /kaniko/ssl/certs/ /kaniko/ssl/certs/
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf

ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json

#--------------------------------------------------------------------------------------------------
# Just move here, now, it's working 
#--------------------------------------------------------------------------------------------------
# Initial required packages
RUN \
  apt-get update && \
  apt-get install -y --no-install-recommends \
    ca-certificates \
    apt-utils \
    bash \
    curl \
    unzip \
    git \
    tzdata \
    gettext-base 

RUN  ln -s /kaniko/executor /usr/local/bin/kaniko

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing no
Please check if the build works in docker but not in kaniko yes
Please check if this error is seen when you use --cache flag yes
Please check if your dockerfile is a multistage dockerfile yes
emeric-martineau commented 2 years ago

I found another case:

FROM gcr.io/kaniko-project/executor:v1.9.1 as kaniko

FROM ubuntu:22.04 as target

ENV TERM xterm
ENV DEBIAN_FRONTEND noninteractive

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN mkdir -p /kaniko/

COPY --from=kaniko /kaniko/executor /kaniko/executor
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=kaniko /kaniko/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=kaniko /kaniko/ssl/certs/ /kaniko/ssl/certs/
COPY --from=kaniko /kaniko/.docker /kaniko/.docker
COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf

ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json

RUN echo "ddd" > /toto

if I remove RUN mkdir -p /kaniko/ I don't have issue.

No issue if I use Docker to build