-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Following the tutorial fails with "error checking push permissions" #2616
Comments
Same issue, up |
So, if I remember correctly, it is |
I've been trying this out and got it to work with the following settings:
|
Something I have noticed, my error is /index.docker.io/v2/ error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "docker.io/dleurs/tekton-basic-nodejs-app": POST https://index.docker.io/v2/dleurs/tekton-basic-nodejs-app/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:dleurs/tekton-basic-nodejs-app Type:repository] map[Action:push Class: Name:dleurs/tekton-basic-nodejs-app Type:repository]] While if I cat the docker credentials, i got index.docker.io/v1/ cat /tekton/home/.docker/config.json |
I think you can leave the version strings out completely as @Peaorl suggested - so just If you're still having trouble it would be helpful to see your PipelineResource YAML and the |
Thank you for your time ! Here are all informations : Install Tekton : kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml cat <<EOF | kubectl apply -f -
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: skaffold-git
spec:
type: git
params:
- name: revision
value: master
- name: url
value: https://github.com/dleurs/tekton-basic-nodejs-app
EOF cat <<EOF | kubectl apply -f -
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: skaffold-image-leeroy-web
spec:
type: image
params:
- name: url
value: index.docker.io/dleurs/tekton-basic-nodejs-app:1.0.0
EOF vim cicd-tekton/task.yaml;
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-docker-image-from-git-source
spec:
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: $(resources.inputs.docker-source.path)/Dockerfile
- name: pathToContext
type: string
description: |
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: $(resources.inputs.docker-source.path)
resources:
inputs:
- name: docker-source
type: git
outputs:
- name: builtImage
type: image
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:v0.17.1
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- --dockerfile=$(params.pathToDockerFile)
- --destination=$(resources.outputs.builtImage.url)
- --context=$(params.pathToContext)
kubectl apply -f cicd-tekton/task.yaml kubectl create secret docker-registry regcred \
--docker-server=index.docker.io \
--docker-username=dleurs \
--docker-password=<your-pword> \
--docker-email=<your-email> cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: tutorial-service
secrets:
- name: regcred
EOF vim cicd-tekton/task-run.yaml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-docker-image-from-git-source-task-run
spec:
serviceAccountName: tutorial-service
taskRef:
name: build-docker-image-from-git-source
params:
- name: pathToDockerFile
value: Dockerfile
resources:
inputs:
- name: docker-source
resourceRef:
name: skaffold-git
outputs:
- name: builtImage
resourceRef:
name: skaffold-image-leeroy-web
kubectl apply -f cicd-tekton/task-run.yaml tkn taskrun describe build-docker-image-from-git-source-task-run
🦶 Steps
NAME STATUS
∙ create-dir-builtimage-r9x62 Completed
∙ git-source-docker-source-wlnfn Completed
∙ build-and-push Error
∙ image-digest-exporter-b7c7h Error tkn taskrun logs build-docker-image-from-git-source-task-run
task build-docker-image-from-git-source has failed: "step-build-and-push" exited with code 1 (image: "docker-pullable://gcr.io/kaniko-project/executor@sha256:565d31516f9bb91763dcf8e23ee161144fd4e27624b257674136c71559ce4493"); for logs run: kubectl -n default logs build-docker-image-from-git-source-task-run-pod-xxkrc -c step-build-and-push
[git-source-docker-source-wlnfn] {"level":"info","ts":1595233969.1393487,"caller":"git/git.go:139","msg":"Successfully cloned https://github.com/dleurs/tekton-basic-nodejs-app @ d0e3c351f42acde390552210f23609e1584336e4 (grafted, HEAD, origin/master) in path /workspace/docker-source"}
[git-source-docker-source-wlnfn] {"level":"info","ts":1595233969.245682,"caller":"git/git.go:180","msg":"Successfully initialized and updated submodules in path /workspace/docker-source"}
[build-and-push] error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "index.docker.io/dleurs/tekton-basic-nodejs-app:1.0.0": UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:dleurs/tekton-basic-nodejs-app Type:repository] map[Action:push Class: Name:dleurs/tekton-basic-nodejs-app Type:repository]] |
You're welcome! Following your steps we had similar authentication errors even though the only things changed as compared to the tekton tutorial were the input repo you specified along with omitting a docker context. In the end we tried a different Kaniko version, namely v0.16.0. This allowed us to successfully push the image to a private docker repo. At the moment we're not sure what is causing this issue but these steps should resolve the problem. |
Thank you very much, it is not working with gcr.io/kaniko-project/executor:v0.24.0 (as the only difference as my previous message) but it is working with gcr.io/kaniko-project/executor:v0.16.0 Step 1 : Testing with gcr.io/kaniko-project/executor:v0.24.0 (image tag 1.0.0) => fail Only working with 0.16.0 Logs with gcr.io/kaniko-project/executor:v0.24.0, step 1tkn taskrun describe build-docker-image-from-git-source-task-run
Name: build-docker-image-from-git-source-task-run
Namespace: default
Task Ref: build-docker-image-from-git-source
Service Account: tutorial-service
Timeout: 1h0m0s
Labels:
app.kubernetes.io/managed-by=tekton-pipelines
tekton.dev/task=build-docker-image-from-git-source
🌡️ Status
STARTED DURATION STATUS
2 minutes ago 33 seconds Failed
Message
"step-build-and-push" exited with code 1 (image: "docker-pullable://gcr.io/kaniko-project/executor@sha256:d60705cb55460f32cee586570d7b14a0e8a5f23030a0532230aaf707ad05cecd"); for logs run: kubectl -n default logs build-docker-image-from-git-source-task-run-pod-gfkhm -c step-build-and-push
📨 Input Resources
NAME RESOURCE REF
∙ docker-source skaffold-git
📡 Output Resources
NAME RESOURCE REF
∙ builtImage skaffold-image-leeroy-web
⚓ Params
NAME VALUE
∙ pathToDockerFile Dockerfile
🦶 Steps
NAME STATUS
∙ create-dir-builtimage-btg84 Completed
∙ git-source-docker-source-vb864 Completed
∙ build-and-push Error
∙ image-digest-exporter-zdgnk Error
🚗 Sidecars
No sidecars tkn taskrun logs build-docker-image-from-git-source-task-run
task build-docker-image-from-git-source has failed: "step-build-and-push" exited with code 1 (image: "docker-pullable://gcr.io/kaniko-project/executor@sha256:d60705cb55460f32cee586570d7b14a0e8a5f23030a0532230aaf707ad05cecd"); for logs run: kubectl -n default logs build-docker-image-from-git-source-task-run-pod-gfkhm -c step-build-and-push
[git-source-docker-source-vb864] {"level":"info","ts":1595320301.6838107,"caller":"git/git.go:139","msg":"Successfully cloned https://github.com/dleurs/tekton-basic-nodejs-app @ d0e3c351f42acde390552210f23609e1584336e4 (grafted, HEAD, origin/master) in path /workspace/docker-source"}
[git-source-docker-source-vb864] {"level":"info","ts":1595320301.7902503,"caller":"git/git.go:180","msg":"Successfully initialized and updated submodules in path /workspace/docker-source"}
[build-and-push] error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "index.docker.io/dleurs/tekton-basic-nodejs-app:1.0.0": POST https://index.docker.io/v2/dleurs/tekton-basic-nodejs-app/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:dleurs/tekton-basic-nodejs-app Type:repository] map[Action:push Class: Name:dleurs/tekton-basic-nodejs-app Type:repository]]
container step-build-and-push has failed : [{"key":"StartedAt","value":"2020-07-21T08:31:42.088Z","resourceRef":{}}] Logs with gcr.io/kaniko-project/executor:v0.16.0, step 2tkn taskrun describe build-docker-image-from-git-source-task-run
Name: build-docker-image-from-git-source-task-run
Namespace: default
Task Ref: build-docker-image-from-git-source
Service Account: tutorial-service
Timeout: 1h0m0s
Labels:
app.kubernetes.io/managed-by=tekton-pipelines
tekton.dev/task=build-docker-image-from-git-source
🌡️ Status
STARTED DURATION STATUS
2 minutes ago 1 minute Succeeded
📨 Input Resources
NAME RESOURCE REF
∙ docker-source skaffold-git
📡 Output Resources
NAME RESOURCE REF
∙ builtImage skaffold-image-leeroy-web
⚓ Params
NAME VALUE
∙ pathToDockerFile Dockerfile
🦶 Steps
NAME STATUS
∙ create-dir-builtimage-vd4wz Completed
∙ git-source-docker-source-7fqjr Completed
∙ build-and-push Completed
∙ image-digest-exporter-9mw69 Completed
🚗 Sidecars
No sidecars tkn taskrun logs build-docker-image-from-git-source-task-run
[git-source-docker-source-7fqjr] {"level":"info","ts":1595320573.9096239,"caller":"git/git.go:139","msg":"Successfully cloned https://github.com/dleurs/tekton-basic-nodejs-app @ d0e3c351f42acde390552210f23609e1584336e4 (grafted, HEAD, origin/master) in path /workspace/docker-source"}
[git-source-docker-source-7fqjr] {"level":"info","ts":1595320573.9887357,"caller":"git/git.go:180","msg":"Successfully initialized and updated submodules in path /workspace/docker-source"}
[build-and-push] INFO[0001] Resolved base name node:12 to node:12
[build-and-push] INFO[0001] Using dockerignore file: /workspace/docker-source/.dockerignore
[build-and-push] INFO[0001] Resolved base name node:12 to node:12
[build-and-push] INFO[0001] Retrieving image manifest node:12
[build-and-push] INFO[0002] Retrieving image manifest node:12
[build-and-push] INFO[0003] Built cross stage deps: map[]
[build-and-push] INFO[0003] Retrieving image manifest node:12
[build-and-push] INFO[0004] Retrieving image manifest node:12
[build-and-push] INFO[0005] Unpacking rootfs as cmd COPY package*.json ./ requires it.
[build-and-push] INFO[0029] Taking snapshot of full filesystem...
[build-and-push] INFO[0033] WORKDIR /usr/src
[build-and-push] INFO[0033] cmd: workdir
[build-and-push] INFO[0033] Changed working directory to /usr/src
[build-and-push] INFO[0033] Resolving srcs [package*.json]...
[build-and-push] INFO[0033] COPY package*.json ./
[build-and-push] INFO[0033] Resolving srcs [package*.json]...
[build-and-push] INFO[0033] Taking snapshot of files...
[build-and-push] INFO[0033] RUN npm install
[build-and-push] INFO[0033] cmd: /bin/sh
[build-and-push] INFO[0033] args: [-c npm install]
[build-and-push]
[build-and-push] > [email protected] postinstall /usr/src/node_modules/nodemon
[build-and-push] > node bin/postinstall || exit 0
[build-and-push]
[build-and-push] Love nodemon? You can now support the project via the open collective:
[build-and-push] > https://opencollective.com/nodemon/donate
[build-and-push]
[build-and-push] added 186 packages from 202 contributors and audited 188 packages in 5.435s
[build-and-push] npm WARN [email protected] No description
[build-and-push] npm WARN [email protected] No repository field.
[build-and-push] npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
[build-and-push] npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
[build-and-push]
[build-and-push]
[build-and-push] 8 packages are looking for funding
[build-and-push] run `npm fund` for details
[build-and-push]
[build-and-push] found 0 vulnerabilities
[build-and-push]
[build-and-push] INFO[0039] Taking snapshot of full filesystem...
[build-and-push] INFO[0044] COPY . .
[build-and-push] INFO[0044] Taking snapshot of files...
[build-and-push] INFO[0044] EXPOSE ${PORT}
[build-and-push] INFO[0044] cmd: EXPOSE
[build-and-push] INFO[0044] Adding exposed port: /tcp
[build-and-push] INFO[0044] CMD [ "npm", "start" ]
[image-digest-exporter-9mw69] {"level":"info","ts":1595320625.9330263,"logger":"fallback-logger","caller":"imagedigestexporter/main.go:59","msg":"No index.json found for: builtImage","commit":"9168151"} |
OK, sounds like an update to the tutorial to use kaniko 0.16.0 is a good next step in that case. /kind documentation |
Hi all, I had the same issue with same message. I used the recommendation of @Peaorl to get it to work: use 'index.docker.io' (instead of my initial 'docker.io' for docker-server) and then everything goes fine. kubectl create secret docker-registry secret-docker-credentials Maybe the tutorial doc should be updated accordingly: I opened #3298 for thhis purpose. Best Didier |
Sounds good, |
Didn't try yet: it is my next step. |
please keep us posted if you can |
work for me , and tested with image from mgit/base:kaniko-executor-debug-stable |
I completed the tutorial successfully using Kaniko 0.16 to build, index.docker.io in my secret and index.docker.io/username/repo:tag in my Image PipelineResource. But the latest Kaniko release is now 1.8.0, how can I use a Kaniko updated release without the permission error? No version after 0.16 seems to work. |
Expected Behavior
A successful
docker login
followed by adocker push
to my repodocker.io/calvinpark/leeroy-web
Actual Behavior
Steps to Reproduce the Problem
pipelineresource.yml
secret.yml
cat /tekton/home/.docker/config.json
correctly shows(password of course substituted with the real one)
Additional Info
The text was updated successfully, but these errors were encountered: