Kaniko Build fails (recovered) (OD-1430)

Daniel Kollmannsberger opened 3 years ago

Hey,

I get following error while trying to build my docker image:

09:47:52 2023-06-18T09:47:52.077369275+02:00 Failed to run command: nerdctl -n k8s.io image inspect 1dev/kaniko:1.0.1, return code: 1
09:47:52 2023-06-18T09:47:52.077400567+02:00 time="2023-06-18T07:47:51Z" level=fatal msg="failed to dial \"/run/containerd/containerd.sock\": connection error: desc = \"transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: connection refused\""
09:47:54 Step "building & pushing to harbor is failed: Command failed with exit code 1
09:47:54 2023-06-18T09:47:51.957117746+02:00 time="2023-06-18T07:47:51Z" level=fatal msg="failed to dial \"/run/containerd/containerd.sock\": connection error: desc = \"transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: connection refused\""

Do i make anything wrong?

Activities

Robin Shen commented 3 years ago

Which container runtime are you using for your k8s node? Is it docker or containerd?

Daniel Kollmannsberger commented 3 years ago

knet-cluster-wn1   Ready    <none>                 41d   v1.25.9+k3s1   10.10.255.2   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-22-amd64   containerd://1.6.19-k3s1
knet-cluster-cp1   Ready    control-plane,master   41d   v1.25.9+k3s1   10.10.255.1   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-22-amd64   containerd://1.6.19-k3s1

Robin Shen commented 3 years ago

OneDev needs to mount containerd dock sock of node host into a helper container (1dev/k8s-helper-linux) in order to inspect image of the running container (here 1dev/kaniko) to know its entrypoint. The dock sock is normally /run/containerd/containerd.sock on host, please check if this is the case at your side.
Robin Shen changed state to 'Closed' 3 years ago
Previous Value Current Value
Open

Closed
Robin Shen commented 3 years ago

Please upgrade to build #3827 which avoids mounting container sock.
Daniel Kollmannsberger changed state to 'Open' 3 years ago
Previous Value Current Value
Closed

Open
Daniel Kollmannsberger commented 3 years ago

Now there are some authentication issues. My credentials are valid. I checked them with docker cli. But how does Kaniko tries to authenticate against my harbor?
Daniel Kollmannsberger commented 3 years ago

I added them in the job executor page.

And this is my step:
Robin Shen changed title 3 years ago
Previous Value Current Value
Kaniko Build fails

Kaniko Build fails (recovered)
Robin Shen commented 3 years ago

Kaniko expects the file /kaniko/.docker/config.json contains registry login info, and OneDev will populate this file.

I tested with harbor demo server (https://demo.goharbor.io/) and it works fine. Please make sure that the executor containing the registry login info is actually been used by your kaniko step (you may check the build log for sure). Also the user name seems uncommon to me, please test with an alphanumeric name to see if it works.
Daniel Kollmannsberger changed state to 'Closed' 3 years ago
Previous Value Current Value
Open

Closed
Daniel Kollmannsberger commented 3 years ago

I messed this up myself. Im running harbor in my kubernetes cluster. But I routed the registry route to the wrong service. The ui was working, but not the registry. But docker login worked. I dont know how. But specifying the right rules solved the problem
Login to comment

Previous Value	Current Value
Open	Closed

Previous Value	Current Value
Closed	Open

Previous Value	Current Value
Kaniko Build fails	Kaniko Build fails (recovered)

Previous Value	Current Value
Open	Closed

Type	Question
Priority	Normal
Assignee	Robin Shen

Issue Votes (0)

Watchers (4)

Reference

OD-1430