Open Kifok opened 5 months ago
Kifok
commented
5 months ago Adding more information, this is build command i've used to build docker image
docker run \ -v $PWD:/build \ gcr.io/kaniko-project/executor:debug \ --dockerfile=Dockerfile \ --tar-path /build/image.tar \ --no-push \ --context /build \ --destination myimage:1.2
Also if i build via gitlab-ci i get this kind of error:
Build command for gitlab:
/kaniko/executor --context ./ --destination ${IMAGE}:${IMAGE_TAG}
lordkekz
commented
4 months ago I think I'm missing some context on your issue. Which file exactly is a symlink in your container? I don't see any ln calls or anything else to indicate that there even is a symlink involved.
I'm facing a possibly related issue, I'm getting error building image: could not save file: copying ownership: chown /kaniko/1/<path>: no such file or directory which I suspect might be due to some symlink pointing to a non-existent file. I have confirmed that the file doesn't exist and doesn't need to exist.
Kifok
commented
4 months ago Hello @lordkekz sorry for unclear message, actually /var/run is symlink by default i think, and when i tried to create file through /var/run - it's actually created, but don't change permissions as i see. The main issue in this part i think
RUN chown -R nginx:nginx /var/cache/nginx && \ chown -R nginx:nginx /var/log/nginx && \ chown -R nginx:nginx /etc/nginx/conf.d && \ touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid
kt315
commented
4 months ago Lets cut off the unnecessary in the Dockerfile
FROM nginxinc/nginx-unprivileged:alpine-slim
RUN whoami
RUN touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid\ and run build
$ docker run -v $(pwd):/build gcr.io/kaniko-project/executor:debug --tar-path /build/image.tar --no-push --context /build --destination myimage:1.2
<...cutted...>
INFO[0004] Args: [-c whoami]
INFO[0004] Util.Lookup returned: &{Uid:101 Gid:101 Username:nginx Name:nginx HomeDir:/var/cache/nginx}
INFO[0004] Performing slow lookup of group ids for nginx
INFO[0004] Running: [/bin/sh -c whoami]
nginx
INFO[0004] Taking snapshot of full filesystem...
INFO[0004] No files were changed, appending empty layer to config. No layer added to image.
INFO[0004] RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
INFO[0004] Cmd: /bin/sh
INFO[0004] Args: [-c touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid]
INFO[0004] Util.Lookup returned: &{Uid:101 Gid:101 Username:nginx Name:nginx HomeDir:/var/cache/nginx}
INFO[0004] Performing slow lookup of group ids for nginx
INFO[0004] Running: [/bin/sh -c touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid]
touch: /var/run/nginx.pid: Permission denied
error building image: error building stage: failed to execute command: waiting for process to exit: exit status 1\
as we can see in the image nginx-unprivileged was set USER nginx
$ docker history nginxinc/nginx-unprivileged:alpine-slim
IMAGE CREATED CREATED BY SIZE COMMENT
2f3593930d21 6 days ago CMD ["nginx" "-g" "daemon off;"] 0B buildkit.dockerfile.v0
<missing> 6 days ago USER 101 0B buildkit.dockerfile.v0
...\
therefore we have to change the user in the Dockerfile
$ docker run -v $(pwd):/build gcr.io/kaniko-project/executor:debug --tar-path /build/image.tar --no-push --context /build --destination myimage:1.2
<...cutted...>
INFO[0005] Running: [/bin/sh -c whoami]
root
INFO[0005] Taking snapshot of full filesystem...
INFO[0005] No files were changed, appending empty layer to config. No layer added to image.
INFO[0005] RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
INFO[0005] Cmd: /bin/sh
INFO[0005] Args: [-c touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid]
INFO[0005] Util.Lookup returned: &{Uid:0 Gid:0 Username:root Name: HomeDir:/root}
INFO[0005] Performing slow lookup of group ids for root
INFO[0005] Running: [/bin/sh -c touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid]
touch: /var/run/nginx.pid: No such file or directory
error building image: error building stage: failed to execute command: waiting for process to exit: exit status 1\
now we have another error. the thing is that kaniko by default ignores the path /var/run
we can check this if we add RUN ls -la /var in the Dockerfile
$ docker run -v $(pwd):/build gcr.io/kaniko-project/executor:debug --tar-path /build/image.tar --no-push --context /build --destination myimage:1.2
<...cutted...>
INFO[0004] Running: [/bin/sh -c ls -la /var]
total 4
drwxr-xr-x 12 root root 126 Jul 14 09:51 .
dr-xr-xr-x 1 root root 4096 Jul 14 09:51 ..
drwxr-xr-x 5 root root 42 Jul 14 09:51 cache
dr-xr-xr-x 2 root root 6 Jul 14 09:51 empty
drwxr-xr-x 4 root root 32 Jul 14 09:51 lib
drwxr-xr-x 2 root root 6 Jul 14 09:51 local
drwxr-xr-x 3 root root 20 Jul 14 09:51 lock
drwxr-xr-x 3 root root 19 Jul 14 09:51 log
drwxr-xr-x 2 root root 6 Jul 14 09:51 mail
drwxr-xr-x 2 root root 6 Jul 14 09:51 opt
drwxr-xr-x 3 root root 30 Jul 14 09:51 spool
drwxrwxrwt 2 root root 6 Jul 14 09:51 tmp\ To bypass this limitation you need to use the --ignore-var-run flag\ (full build log βββ)
$ docker run -v $(pwd):/build gcr.io/kaniko-project/executor:debug --tar-path /build/image.tar --no-push --context /build --destination myimage:1.2 --ignore-var-run=false
INFO[0000] Retrieving image manifest nginxinc/nginx-unprivileged:alpine-slim
INFO[0000] Retrieving image nginxinc/nginx-unprivileged:alpine-slim from registry index.docker.io
INFO[0001] Built cross stage deps: map[]
INFO[0001] Retrieving image manifest nginxinc/nginx-unprivileged:alpine-slim
INFO[0001] Returning cached image manifest
INFO[0001] Executing 0 build triggers
INFO[0001] Building stage 'nginxinc/nginx-unprivileged:alpine-slim' [idx: '0', base-idx: '-1']
INFO[0001] Unpacking rootfs as cmd RUN whoami requires it.
INFO[0004] USER root
INFO[0004] Cmd: USER
INFO[0004] RUN whoami
INFO[0004] Initializing snapshotter ...
INFO[0004] Taking snapshot of full filesystem...
INFO[0004] Cmd: /bin/sh
INFO[0004] Args: [-c whoami]
INFO[0004] Util.Lookup returned: &{Uid:0 Gid:0 Username:root Name: HomeDir:/root}
INFO[0004] Performing slow lookup of group ids for root
INFO[0004] Running: [/bin/sh -c whoami]
root
INFO[0004] Taking snapshot of full filesystem...
INFO[0004] No files were changed, appending empty layer to config. No layer added to image.
INFO[0004] RUN ls -la /var
INFO[0004] Cmd: /bin/sh
INFO[0004] Args: [-c ls -la /var]
INFO[0004] Util.Lookup returned: &{Uid:0 Gid:0 Username:root Name: HomeDir:/root}
INFO[0004] Performing slow lookup of group ids for root
INFO[0004] Running: [/bin/sh -c ls -la /var]
total 4
drwxr-xr-x 12 root root 137 Jul 14 09:56 .
dr-xr-xr-x 1 root root 4096 Jul 14 09:56 ..
drwxr-xr-x 5 root root 42 Jul 14 09:56 cache
dr-xr-xr-x 2 root root 6 Jul 14 09:56 empty
drwxr-xr-x 4 root root 32 Jul 14 09:56 lib
drwxr-xr-x 2 root root 6 Jul 14 09:56 local
drwxr-xr-x 3 root root 20 Jul 14 09:56 lock
drwxr-xr-x 3 root root 19 Jul 14 09:56 log
drwxr-xr-x 2 root root 6 Jul 14 09:56 mail
drwxr-xr-x 2 root root 6 Jul 14 09:56 opt
lrwxrwxrwx 1 root root 4 Jul 14 09:56 run -> /run
drwxr-xr-x 3 root root 30 Jul 14 09:56 spool
drwxrwxrwt 2 root root 6 Jul 14 09:56 tmp
INFO[0004] Taking snapshot of full filesystem...
INFO[0004] No files were changed, appending empty layer to config. No layer added to image.
INFO[0004] RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
INFO[0004] Cmd: /bin/sh
INFO[0004] Args: [-c touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid]
INFO[0004] Util.Lookup returned: &{Uid:0 Gid:0 Username:root Name: HomeDir:/root}
INFO[0004] Performing slow lookup of group ids for root
INFO[0004] Running: [/bin/sh -c touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid]
INFO[0004] Taking snapshot of full filesystem...
INFO[0004] USER nginx
INFO[0004] Cmd: USER
INFO[0007] Skipping push to container registry due to --no-push flag
\ finnaly Dockerfile some like this...
FROM nginxinc/nginx-unprivileged:alpine-slim
USER root
COPY --from=builder /app/dist /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY ./nginx.conf /etc/nginx/conf.d
RUN chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx && \
chown -R nginx:nginx /etc/nginx/conf.d && \
touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid
USER nginxand add --ignore-var-run=false to build command
===========================================\
Also in this image in default config /etc/nginx/nginx.conf using
pid /tmp/nginx.pid;and not using user directive, because main process not starting as root. May be you should change your config... \
Nginx must have rights to create and delete pid file, but /run directory have
drwxr-xr-x 1 root root 42 Jul 14 10:01 rununlike from
drwxrwxrwt 1 root root 115 Jul 14 10:01 tmp
Actual behavior I've found out that kaniko doesn't support symlinks it's make issues like on screenshot below.
Expected behavior In my approach, we need to build docker images without any changes in Dockerfile
To Reproduce Steps to reproduce the behavior: You should create dockerfile with symlinks like below
Additional Information
COPY --from=builder /app/dist /usr/share/nginx/html RUN rm /etc/nginx/conf.d/default.conf COPY ./nginx.conf /etc/nginx/conf.d
RUN chown -R nginx:nginx /var/cache/nginx && \ chown -R nginx:nginx /var/log/nginx && \ chown -R nginx:nginx /etc/nginx/conf.d && \ touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid