search

GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.88k stars 1.44k forks source link

Kaniko multi-stage dockerfile build issue #2835

Open harshadjoshi619 opened 1 year ago

harshadjoshi619 commented 1 year ago

Actual behavior I am using kaniko-project/executor:v1.17.0-slim in my tekton pipeline. In case of normal dockerfiles it is working as expected but when we try with multi-stage dockerfiles it is giving me below error:

error pushing image: failed to push to destination ".../.../" UNAUTHORISED user is unauthorised to upload to ".../.../"

Expected behavior Kaniko should upload multi-stage dockerfile image to artifactory

To Reproduce Steps to reproduce the behavior:

  1. create a dockerfile with multiple FROM statements in it
  2. use kaniko version as kaniko-project/executor:v1.17.0-slim

Additional Information

I am already using /kaniko/.docker to store my credentials. Still facing same issue.

Kindly suggest some way to overcome this issue.

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [ ]
Please check if the build works in docker but not in kaniko
  • - [ ]
Please check if this error is seen when you use --cache flag
  • - [ ]
Please check if your dockerfile is a multistage dockerfile
  • - [ ]
aaron-prindle commented 1 year ago

@harshadjoshi619 thanks for flagging this issue. To help debug this, can you post the entire logs from the failing run (with any sensitive info redacted), preferably running with verbose logs - eg: --verbosity=debug. If you have a small repro docker file/repro-project that would be helpful as well. Currently I am a bit confused if the issue here is referring to kaniko not being able to push multi-stage images to JFrog Artifactory or if kaniko is not able to pull down intermediate FROM images in a multi-stage build from JFrog Artifactory

frami commented 12 months ago

I have the same problem. I found out, that kaniko deletes the docker configuration file in /root/.docker. I think it's the same issue as #2764

atorrembo commented 11 months ago

Maybe related to #2576 ?

zijiwork commented 10 months ago

What progress has been made

mzihlmann commented 1 month ago

kaniko removes everything outside of the /kaniko dir when switching over to the second build stage, so if your credentials are stored outside this directory they are indeed gone. You can safe a file across boundaries by putting it on the ingore list: https://github.com/GoogleContainerTools/kaniko#flag---ignore-path

--ignore-path=/root/.netrc

as an example