banzaicloud / drone-kaniko Goto Github PK

Describe the bug
When running drone-kaniko from a drone kubernetes runner, I get the following error:

standard_init_linux.go:211: exec user process caused "permission denied"

Steps to reproduce the issue:
Running on GKE cluster (on COS_containerd type node)

Pipeline:

---
kind: pipeline
type: kubernetes
name: Kapitan Compile

clone:
  depth: 10

steps:
- name: publish
  image: banzaicloud/drone-kaniko
  settings:
    cache: true
    registry: eu.gcr.io
    repo: eu.gcr.io/antha-images/kapitan
    dockerfile: kapitan/Dockerfile
    tags: latest
    build_args:
    - KAPITAN_RELEASE=0.27.4-ci
    json_key:
      from_secret: google_credentials

---
kind: secret
name: google_credentials
get:
  path: drone-runner
  name: google_credentials

Expected behavior
Drone builds the image

Screenshots

Additional context

• Using drone kubernetes runners
• running on GKE 1.16 with COS_Containerd nodes

Hi,

I am testing this plugins with cache: true and a docker hub registry. For some reason the cache layers are not pushed to the registry but the final image is. All subsequent build are rebuilding all the layers. I noticed the following message at the beginning of the builds: Error while retrieving image from cache: geting file info: stat /cache/sha256:***************: no such file or directory.

And during the push at the end:
WARN[0269] error uploading layer to cache: failed to push to destination index.docker.io/*/*/cache:*************: unsupported status code 401;

It would be awesome if you could push a file like the README of the repo to the DockerHub description automatically.

Describe the bug
GoogleContainerTools/kaniko#1110

Tl;dr
This happens during a COPY . .

error building image: error building stage: failed to execute command: read /drone/src/deps/absinthe/priv: is a directory

Steps to reproduce the issue:
build a docker image with the latest banzaicloud/drone-kaniko (e.g. omitting the image tag)

- name: build-docker-image
    image: banzaicloud/drone-kaniko
    settings:
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      repo: my-repo
      registry: my.private-registry.com
      tags:
        - latest
        - ${DRONE_COMMIT_SHA}

Expected behavior
It should build correctly.

Additional context
When pinning the version to banzaicloud/drone-kaniko:0.5.1 it does build correctly.

Drone docker plugin has support for auto tag, may be we can borrow some code from there..

Describe the bug
Hi! I am trying this plugin now and have a problem. I can see that it pushes layers to Github Package Registry because it says so. However when the build starts it seems it tries to read from a local /cache directory for the first layer instead of the cache repo. I see this in the log:

INFO[0001] Resolved base name ubuntu:bionic to ubuntu:bionic
--
2 | INFO[0001] Resolved base name ubuntu:bionic to ubuntu:bionic
3 | INFO[0001] Downloading base image ubuntu:bionic
4 | 2019/10/07 17:36:07 No matching credentials were found, falling back on anonymous
5 |  
6 | INFO[0003] Error while retrieving image from cache: getting file info: stat /cache/sha256:1bbdea4846231d91cce6c7ff3907d26fca444fd6b7e3c282b90c7fe4251f9f86: no such file or directory
7 | INFO[0003] Downloading base image ubuntu:bionic

This means that every time it starts the build from scratch. Is there a way to avoid this and ensure that everything is cached? Thanks!

Steps to reproduce the issue:
Just set cache: true.

Expected behavior
I would expect the caching to cache the first layer as well, because otherwise the caching of following layers is very little useful.

I was trying to create an equivalent plugin for uber/makisu, and while it supports remote caching (on the registry), the local caching requires a volume mount.

The kaniko docs also mention something similar: https://github.com/GoogleContainerTools/kaniko#caching-base-images

Just curious to know, have you considered setting this up in Drone somehow? Otherwise, the cache is only good if you have a local registry.

Is your feature request related to a problem? Please describe.
I am running an internal registry in my kubernetes cluster and as such I am not using SSL.
Kaniko seems to offer an --insecure option which is not available on this plugin.

Describe the solution you'd like to see
Kaniko doesn't seem to have that many flags and it should be possible to support them all.

Describe alternatives you've considered
Instead of keeping EXTRA_OPTS itnernal expose it to the users. It kind of goes against the idea of having settings but that the only other solution.

Additional context

Describe the bug
Kaniko version is currently 0.16.0. They have made a lot of improvements, especially concerning the cache.

Thank!

Is there a way to use this plugin to build the Docker image without publishing it, so that it can be used to validate that pull requests to the image successfully build.

BTW this is an awesome plugin and exactly what I was looking for. Now I can build my Open Source Docker images on the Drone Cloud for free! 😃 I created a topic on the Drone forum to help people find it.

Most drone plugins allow keys to be base64 encoded

see: https://github.com/drone-plugins/drone-docker/blob/c02aa47d64997938d01633e4ef012b677ac4614b/cmd/drone-gcr/main.go

Describe the bug
Recently I have seen all my builds that try to push fail with the following message:

error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "index.docker.io/[secret:docker_username]/flexiday:94ade237": UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:[secret:docker_username]/flexiday Type:repository] map[Action:push Class: Name:[secret:docker_username]/flexiday Type:repository]]

I wonder if this is an upstream bug?

Steps to reproduce the issue:
I was using latest (or no version tag)
Using any version above 0.5.1 will break my builds, however 0.5.1 works fine.

Expected behavior
Not break

Screenshots

Additional context

Could the project be renamed to drone-kaniko? This would follow the convention of other drone plugins (e.g. see the repos here: https://github.com/drone-plugins)

very very cool

Missing:

dockerfile: path/to/Dockerfile

and

context: path/to/context

From the docker drone plugin

Support/example for gcr push using json key

drone-kaniko should use , instead of \n as separator for the .tags file, like the drone-docker plugin does.