Plugins/kaniko ignoring registry?

myers · March 10, 2022, 1:53pm

My .drone.yml looks like this:

kind: pipeline
type: kubernetes
name: test-build-deploy

steps:
- name: build-image
  image: plugins/kaniko:1.4.1
  settings:
    registry: registry.private.net
    repo: goodstuff
    tags:
      - ${DRONE_COMMIT_SHA}
      - latest
    username:
      from_secret: registry-username
    password:
      from_secret: registry-password
  when:
    branch:
      - main

But when this is run it seems to ignore the registry in a pre run check:

+ /kaniko/executor --dockerfile=Dockerfile --context=dir://. --destination=goodstuff:b2a8c9195b944309e2ce0fa8b5ccf7d818590b84 --destination=goodstuff:latest --digest-file=/kaniko/digest-file

error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "goodstuff:b2a8c9195b944309e2ce0fa8b5ccf7d818590b84": POST https://index.docker.io/v2/library/goodstuff/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/goodstuff Type:repository] map[Action:push Class: Name:library/goodstuff Type:repository]]

exit status 1

myers · March 10, 2022, 1:53pm

Further research shows there already a PR to fix this: fix: Build.Repo now uses buildRepo() by hcsaustrup · Pull Request #40 · drone/drone-kaniko · GitHub. Leaving this up to help others.

myers · March 10, 2022, 3:26pm

.drone.yaml

kind: pipeline
type: kubernetes
name: test-build-deploy

steps:
- name: build-image
  image: plugins/kaniko:1.4.1
  settings:
    registry: registry.private.net
    repo: registry.private.net/goodstuff
    tags:
      - ${DRONE_COMMIT_SHA}
      - latest
    username:
      from_secret: registry-username
    password:
      from_secret: registry-password
  when:
    branch:
      - main

This got me past the point where I can use a private registry. You have to put the registry in both the repo and registry or you won’t be able to login.

Now I have another issue:

+ /kaniko/executor --dockerfile=Dockerfile --context=dir://. --destination=registry.private.net/goodstuff:3f39063d398d3aaab6bd9258c003dfba54d97811 --destination=registry.private.net/goodstuff:latest --digest-file=/kaniko/digest-file
INFO[0000] Using dockerignore file: /drone/src/.dockerignore 
INFO[0000] Retrieving image manifest registry.private.net/otherproject-base:main 
INFO[0000] Retrieving image registry.private.net/otherproject-base:main from registry registry.private.net 
INFO[0000] Built cross stage deps: map[]                
INFO[0000] Retrieving image manifest registry.private.net/otherproject-base:main 
INFO[0000] Returning cached image manifest              
INFO[0000] Executing 0 build triggers                   
INFO[0000] Unpacking rootfs as cmd RUN useradd -ms /bin/bash ${USER} requires it. 
error building image: error building stage: failed to get filesystem from image: removing whiteout .wh.dev: unlinkat //dev/shm: device or resource busy
exit status 1

drone · March 11, 2022, 6:25pm

@myers I did a quick search and it looks like that error can be reproduce independent of Drone or the Drone Kaniko plugin. Here is a recent thread where someone commented just a few weeks ago that they resolved by changing the default docker filesystem from aufs to overlay2. See https://github.com/GoogleContainerTools/kaniko/issues/1073.

There is also a Kubernetes Slack dedicated to Kaniko where you might be able to engage folks with expertise related to all matters Kaniko. See https://kubernetes.slack.com/messages/CQDCHGX7Y/.