search

GoogleContainerTools / skaffold

Easy and Repeatable Kubernetes Development
https://skaffold.dev/
Apache License 2.0
15.01k stars 1.62k forks source link

Could not build with kaniko when docker proxy with auth #7615

Open yurchenkosv opened 2 years ago

yurchenkosv commented 2 years ago

Expected behavior

Successful build

Actual behavior

ImagePullBackOff in k8s cluster when skaffold build with kaniko

Information

build:
  artifacts:
    - image: <imagename>
      kaniko:
        dockerfile: build/Dockerfile
        buildArgs:
          BASE_IMAGE_NAME: "{{ .BASE_IMAGE_NAME }}"
        cache: {}
  cluster:
    concurrency: 1
    namespace: "default"
    randomDockerConfigSecret: false
    randomPullSecret: false
    pullSecretName: pullsecret
    dockerConfig:
      path: dockerconfig.json
    resources:
      requests:
        cpu: '200m'
        memory: '500Mi'
      limits:
        cpu: '200m'
        memory: '500Mi'       
  tagPolicy:
    envTemplate:
      template: "{{ or .IMAGE_TAG }}"

Steps to reproduce the behavior

  1. k8s cluster without internet for kanko build
  2. docker proxy only able to get docker images
  3. skaffold build
  4. kubectl describe pod ... ImagePullBackoff in status
tejal29 commented 2 years ago

@yurchenkosv Thanks for the fix. Looks like this is an issue in v1 skaffold versions. I am not sure how the PR you have fixes the issue. Can you please explain more?

nico151999 commented 2 years ago

Would be great if it was possible to easily pull the kaniko executor image and busybox initImage from a private registry that requires authentication. I am in a similar situation. The possibility to provide image pull secrets in skaffold.yaml would be enormously helpful.

One small hint: build.cluster.serviceAccount allows for specifying a non default service account. As a workaround one can specify a service account with an image pull secret connected.