search

GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.88k stars 1.44k forks source link

allow to set DOCKER_CONFIG to a file #2894

Open sebhoss opened 11 months ago

sebhoss commented 11 months ago

We are using GitLab CI pipelines and would like to set DOCKER_CONFIG to a file instead of a directory so that we can use CI variables of type file. The current working approach in GitLab looks similar to this (see official docs):

build:
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"${REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${USER}" "${PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor ...

The above examples requires 3 variables (REGISTRY, USER, PASSWORD) to write a file into the kaniko container. We can use file variables to reduce this to:

build:
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  variables:
    DOCKER_CONFIG: ${DOCKER_CONFIG_JSON}
  script:
    - /kaniko/executor ...

In this example, DOCKER_CONFIG_JSON is the file variable which contains the entire JSON document. GitLab will automatically add that file to the container and populate the DOCKER_CONFIG_JSON value with the path to the created file.

I have noticed that there is https://github.com/GoogleContainerTools/kaniko/blob/main/pkg/util/gcr_util.go which does the right thing(tm) but does not appear to be used anywhere. The various other places where DOCKER_CONFIG is read all assume that it is a directory.

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [x]
Please check if the build works in docker but not in kaniko
  • - [ ]
Please check if this error is seen when you use --cache flag
  • - [ ]
Please check if your dockerfile is a multistage dockerfile
  • - [ ]
braykov commented 11 months ago

Did you try this:

cp ${DOCKER_CONFIG_JSON} /kaniko/.docker/config.json

So, you don't have to keep 3 variables. You could still have the whole config file in one CI/CD variable (of type file) in GitLab.

sebhoss commented 11 months ago

Yeah that works and its my current workaround, however I would still prefer to just use the variables section as a nice-to-have feature.

That said, I have checked other tools and none of them seem to support setting DOCKER_CONFIG to a file, so I can understand if kaniko won't support this either..