Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated kaniko secret generation for docker configuration used to work in v0.30.0 and now fails in v0.34.0 #2522

Closed
timowuttke opened this issue Jul 22, 2019 · 0 comments · Fixed by #2539
Closed

Automated kaniko secret generation for docker configuration used to work in v0.30.0 and now fails in v0.34.0 #2522

timowuttke opened this issue Jul 22, 2019 · 0 comments · Fixed by #2539
Assignees
@dgageot
Labels
build/kaniko kind/bug Something isn't working priority/p0 Highest priority. We are actively looking at delivering it.

Comments

@timowuttke
Copy link

Expected behavior

Building images using Kaniko as builder with automated secret generation should work.

Actual behavior

Creating kaniko secret [kaniko-secret]...
Creating docker config secret []...
time="2019-07-22T13:03:17Z" level=fatal msg="build failed: setting up docker config secret: creating docker config secret: Secret \"\" is invalid: metadata.name: Required value: name or generateName is required: Secret \"\" is invalid: metadata.name: Required value: name or generateName is required"

Information

We are using kaniko to build our images. Kaniko needs two secrets which contain the credentials for image pushing and the docker configuration. When used in conjunction with skaffold, one has the option to:

  1. Create these secret manually and reference them in the skaffold.yaml
  2. Reference the path to the docker/config.json in the skaffold yaml. In this case skaffold will create the required secrets automatically and delete them after image building has finished.

We are using method 2, which is working fine in skaffold v0.30.0. In skaffold v0.34.0, this fails with the above error. The error message itself is rather straight forward: Skaffold can't create a secret with an empty name.

It's not clear how one would set the name for this secret though, in the past the secret was automatically named "docker-cfg". When used in conjunction with the additional field "secretName: foo", skaffold fails with the error that one should use either "secretName" OR "path". Which is correct, as these fields decide whether one uses option 1 or 2 from above. You can't do both.

I haven't found any documentation which explains how one would set the name for the docker-cfg secret in v0.34.0.

We haven't changed the version of kaniko we use.

This is the relevant part from our skaffold.yaml:

build:
  artifacts:
    - image: <image>
      context:  <path-to-context>
      kaniko:
        dockerfile: <path-to-dockerfile>
        image: gcr.io/kaniko-project/executor:2fc8a7f4bcd4f91052c7defd80f90631b9e2b4cb
        cache:
          repo: <url-to-cache>
        buildContext:
          localDir: {}
  cluster:
    pullSecret: /root/.docker/config.json
    dockerConfig:
      path: /root/.docker/config.json
  tagPolicy:
    gitCommit: {}
@priyawadhwa priyawadhwa added build/kaniko kind/bug Something isn't working labels Jul 23, 2019
@balopat balopat added the priority/p0 Highest priority. We are actively looking at delivering it. label Jul 23, 2019
@timowuttke timowuttke mentioned this issue Jul 24, 2019
Closed
@dgageot dgageot self-assigned this Jul 24, 2019
dgageot added a commit to dgageot/skaffold that referenced this issue Jul 24, 2019
@dgageot
Let the user specify a path and a secret name
c5ddcd0 
Fixes GoogleContainerTools#2522
@dgageot dgageot mentioned this issue Jul 24, 2019
Merged
dgageot added a commit that referenced this issue Jul 24, 2019
@dgageot
Let the user specify a path and a secret name (#2539)
79370ee 
Fixes #2522
@balopat balopat reopened this Aug 15, 2019
@balopat balopat closed this as completed Aug 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgageot dgageot

Labels
build/kaniko kind/bug Something isn't working priority/p0 Highest priority. We are actively looking at delivering it.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Let the user specify a path and a secret name dgageot/skaffold
4 participants
@dgageot @balopat @priyawadhwa @timowuttke