OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #1430
#1430  Kaniko Build fails (recovered)
Closed
Daniel Kollmannsberger opened 10 months ago

Hey,

I get following error while trying to build my docker image:

09:47:52 2023-06-18T09:47:52.077369275+02:00 Failed to run command: nerdctl -n k8s.io image inspect 1dev/kaniko:1.0.1, return code: 1
09:47:52 2023-06-18T09:47:52.077400567+02:00 time="2023-06-18T07:47:51Z" level=fatal msg="failed to dial \"/run/containerd/containerd.sock\": connection error: desc = \"transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: connection refused\""
09:47:54 Step "building & pushing to harbor is failed: Command failed with exit code 1
09:47:54 2023-06-18T09:47:51.957117746+02:00 time="2023-06-18T07:47:51Z" level=fatal msg="failed to dial \"/run/containerd/containerd.sock\": connection error: desc = \"transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: connection refused\""

Do i make anything wrong?
Robin Shen commented 10 months ago

Which container runtime are you using for your k8s node? Is it docker or containerd?
Daniel Kollmannsberger commented 10 months ago 
knet-cluster-wn1   Ready    <none>                 41d   v1.25.9+k3s1   10.10.255.2   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-22-amd64   containerd://1.6.19-k3s1
knet-cluster-cp1   Ready    control-plane,master   41d   v1.25.9+k3s1   10.10.255.1   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-22-amd64   containerd://1.6.19-k3s1
Robin Shen commented 10 months ago

OneDev needs to mount containerd dock sock of node host into a helper container (1dev/k8s-helper-linux) in order to inspect image of the running container (here 1dev/kaniko) to know its entrypoint. The dock sock is normally /run/containerd/containerd.sock on host, please check if this is the case at your side.
Robin Shen changed state to 'Closed' 10 months ago
Previous Value Current Value 
Open
 
Closed
Robin Shen commented 10 months ago

Please upgrade to build #3827 which avoids mounting container sock.
Daniel Kollmannsberger changed state to 'Open' 10 months ago
Previous Value Current Value 
Closed
 
Open
Daniel Kollmannsberger commented 10 months ago

Now there are some authentication issues. My credentials are valid. I checked them with docker cli. But how does Kaniko tries to authenticate against my harbor?
Daniel Kollmannsberger commented 10 months ago

I added them in the job executor page. image.png

And this is my step: image_3.png
Robin Shen changed title 10 months ago
Previous Value Current Value 
Kaniko Build fails
 
Kaniko Build fails (recovered)
Robin Shen commented 10 months ago

Kaniko expects the file /kaniko/.docker/config.json contains registry login info, and OneDev will populate this file.

I tested with harbor demo server (https://demo.goharbor.io/) and it works fine. Please make sure that the executor containing the registry login info is actually been used by your kaniko step (you may check the build log for sure). Also the user name seems uncommon to me, please test with an alphanumeric name to see if it works.
Daniel Kollmannsberger changed state to 'Closed' 10 months ago
Previous Value Current Value 
Open
 
Closed
Daniel Kollmannsberger commented 10 months ago

I messed this up myself. Im running harbor in my kubernetes cluster. But I routed the registry route to the wrong service. The ui was working, but not the registry. But docker login worked. I dont know how. But specifying the right rules solved the problem
issue 1 of 1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
onedev/server#1430
Please wait...
Page is in error, reload to recover