GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.93k stars 1.45k forks source link

Build and push to DockerHub UNAUTHORIZED: authentication required #3273

Open tbernacchi opened 4 months ago

tbernacchi commented 4 months ago

Discussed in https://github.com/GoogleContainerTools/kaniko/discussions/3272

Originally posted by **tbernacchi** July 31, 2024 I'm new with `kaniko`, I ended up here because I was trying to build a pipeline with [argo](https://argoproj.github.io/workflows/) and one the steps I got the message that `docker not found`. Which it makes sense since my kubernetes cluster was build with containerd as a CRI. Now I'm trying to build a simple image using kaniko and I can't make it work. This is the `.yaml` file I'm using to try to build a Docker image and send to Docker registry. ``` --- apiVersion: v1 kind: Pod metadata: name: kaniko namespace: fibonacci spec: containers: - name: kaniko image: gcr.io/kaniko-project/executor:v1.23.1 args: ["--dockerfile=/Dockerfile/Dockerfile", "--context=/workspace", "--destination=tadeuuuuu/fibonacci:v0.1.6"] volumeMounts: - name: dockerfile mountPath: /Dockerfile - name: kaniko-secret mountPath: /kaniko/.docker/ readOnly: true restartPolicy: Never volumes: - name: dockerfile configMap: name: dockerfile-config - name: kaniko-secret secret: secretName: docker-registry-secret ``` For docker-registry-secret I've followed these steps: ``` kubectl create secret docker-registry docker-registry-secret --from-file=.dockerconfigjson=config.json -n fibonacci ``` My `config.json`: ``` { "auths": { "https://index.docker.io/v1/": { "auth": "MY-TOKEN-FROM-DOCKERHUB" } } } ``` ``` k create -f kaniko-test.yaml pod/kaniko created k get pods -n fibonacci | grep -i kaniko kaniko 0/1 Error 0 15m k logs pod/kaniko -n fibonacci error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "tadeuuuuu/fibonacci:v0.1.6": POST https://index.docker.io/v2/tadeuuuuu/fibonacci/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:tadeuuuuu/fibonacci Type:repository] map[Action:push Class: Name:tadeuuuuu/fibonacci Type:repository]] ``` Any ideas what I'm missing? Any help will be appreciate! Thank you
tkoeppen commented 3 months ago

you can use image: gcr.io/kaniko-project/executor:v1.23.2-debug instead of image: gcr.io/kaniko-project/executor:v1.23.2 to see more info why it failed.

eventually, also add "--verbosity debug" to the args in case above does not show enough info

https://github.com/GoogleContainerTools/kaniko?tab=readme-ov-file#flag---verbosity

arash87 commented 2 months ago

I recommend using a username and password instead of auth, as Docker Desktop (at least locally) doesn't seem to work with auth.