search

GoogleContainerTools / skaffold

Easy and Repeatable Kubernetes Development
https://skaffold.dev/
Apache License 2.0
14.93k stars 1.62k forks source link

[BUG] kaniko will not delete DockerConfigSecret when build fails #8517

Open catusax opened 1 year ago

catusax commented 1 year ago

building with kaniko and cluster.dockerConfig.path configured , if first build fails, skaffold wont delete the DockerConfigSecret, and it will prevent the second try.

seems that teardownDockerConfigSecret func is a PostBuild function, and postbuild function only runs when build success.

setting randomDockerConfigSecret to true can solve the problem temporarily ,but all failed builds will create docker-cfg secret and needs to delete manually.

i think skaffold should use kubectl apply instead of kubectl create to create docker-cfg at here if _, err := secrets.Create(ctx, secret, metav1.CreateOptions{}); err != nil {

should i make a pr?

Expected behavior

start building

Actual behavior

skaffold prints error creating docker config secret "docker-cfg": secrets "docker-cfg" already exists

Generating tags...
 - registry.filcoin.xyz:8900/filexplorer/miners -> registry.filcoin.xyz:8900/filexplorer/miners:latest-prod
Checking cache...
 - registry.filcoin.xyz:8900/filexplorer/miners: Not found. Building
Starting build...
Creating docker config secret [docker-cfg]...
creating docker config secret "docker-cfg": secrets "docker-cfg" already exists

Information


apiVersion: skaffold/v3
kind: Config
metadata:
  name: app
build:
  tagPolicy:
    envTemplate:
      template: "latest"
  artifacts:
    - image: app
      kaniko:
        buildArgs:
          gitlab_account: "{{ .GITLAB_TOKEN }}"

  cluster:
    dockerConfig:
      path: dockerconfig.json

deploy:
  kubectl: {}
  statusCheck: true
  statusCheckDeadlineSeconds: 300

manifests:
  rawYaml:
    - resources/*.yaml

Steps to reproduce the behavior

  1. skaffold build
  2. after build starts, use ctrl-c stop it.
  3. run skaffold build again
catusax commented 1 year ago

not just secret, failed kaniko pods also preserved

kubectl get pod
kaniko-pnwwj                             1/2     Error      0          8m46s
kaniko-xcfks                             1/2     Error      0          6m30s
jessequinn commented 1 year ago

yes. also happening for me.

    dockerConfig:
      secretName: docker-cfg

fixes the issue so you dont need to delete but the other issue is that this uses just default namespace. should be allowed to provide a namespace.