failed to get filesystem from image

[SL20523]

Actual behavior I want to build a Docker-Image which copies a jar file into the path app.jar.

I get during the build following error: error building image: error building stage: failed to get filesystem from image: error removing etc/ssl/certs to make way for new symlink: unlinkat /etc/ssl/certs/java/..data: read-only file system

How can I resolve this issue?

[aaron-prindle]

Thank you for flagging this issue @SL20523. Unfortunately I am not sure of the specific fix for this issue, there are a handful of related/similar Kaniko Github Issues including:

• https://github.com/GoogleContainerTools/kaniko/issues/1446
• https://github.com/GoogleContainerTools/kaniko/issues/1692

that have some additional investigation (unfortunately I don't see any workaround for this case). Are you attempting to use Kaniko with a readonly filesystem? From my analysis, I don't think Kaniko will work if it is not able to have access to a writeable filesystem

Can you perhaps supply a repro Github project or Dockerfile that the Kaniko maintainers can use to re-create this error?

[SL20523]

I am working the first time with Kaniko, thats why I am not fimiliar with it.

We have a simple docker file which looks like this:

FROM openjdk:17-jdk-slim
COPY target/service*.jar /application.jar

We execute Kaniko in a Jenkins-Pipeline where the command looks like this:

                  sh """ set +x
                      export SSL_CERT_DIR=/tmp/other-ssl-dir
                      export DOCKER_TLS_VERIFY=0
                      echo '{"auths":{"'$REGISTRY'":{"auth":"'\$(echo -n $USERNAME:$PASSWORD | base64 -w 0)'"}}}' > /kaniko/.docker/config.json
                      /kaniko/executor --context "${WORKSPACE}" --dockerfile "${WORKSPACE}/Dockerfile" --destination "${image_name}:${image_tag}"
                  """

Do I need to add soemthing in the shell scriipt to resolve this issue?

[natarg]

I also face the same issue with this image gcr.io/kaniko-project/executor:debug doing the dockerfile build.

My dockerfile: FROM node:10-alpine RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app WORKDIR /home/node/app COPY package*.json ./ USER node RUN npm install COPY --chown=node:node . . EXPOSE 8080

CMD [ "node", "app.js" ]

My Observations:

1. It fails at the first COPY command itself.
2. It works with centos as a base though: Example: FROM centos:7 RUN yum -y update RUN yum -y install zip unzip COPY package*.json ./

The above dockerfile gets built and image gets pushed.

Error seen: DEBU[0001] Not adding /var/run because it is ignored
error building image: error building stage: failed to get filesystem from image: removing whiteout home/node/.wh..wh..opq: fstatat /home/node/.wh..opq: operation not permitted