search

buildpacks-community / kpack

Kubernetes Native Container Build Service
Apache License 2.0
944 stars 162 forks source link

'UNAUTHORIZED' when verifying repo write access for images, but pushing builder image works fine #1712

Open Milkshak3s opened 3 days ago

Milkshak3s commented 3 days ago

I'm running into an issue where supplying private repository credentials to an Image leads to UNAUTHORIZED , but supplying those same exact credentials in the same secret for a Builder leads to the builder image successfully being pushed to the repository.

Image build logs:

 Build reason(s): CONFIG

 CONFIG:

    resources: {}

    - source: {}

    + source:

    +   git:

    +     revision: 3be289517d320a47bb8f359acc1d1daf0829ed0b

    +     url: https://github.com/spring-projects/spring-petclinic

 Loading registry credentials from service account secrets

 Loading secret for "harbor.example.com/project" from secret "kpack-reg-creds-2" at location "/var/build-secrets/kpack-reg-creds-2"

 Loading cluster credential helpers

 Error verifying write access to "harbor.example.com/project/test": UNAUTHORIZED

Builder exists:

milkshak3s@ubuntu:~/kpack$ kp builder list -n kpack-test
NAME               READY    STACK                         IMAGE
default-builder    true     io.buildpacks.stacks.jammy    harbor.example.com/project/builder:builder-kpack-test-default-builder@sha256:d8044d1e15edbb8f2e6619e401e5bfc225c9269b8e786586cc72b199b32119d2
Milkshak3s commented 3 days ago

My workaround has been to use a secret of type type: kubernetes.io/basic-auth rather than type: kubernetes.io/dockerconfigjson