Kaniko: Missing '.docker' folder in release 0.20.0 break backward compatibility in some pipelines

Created on 4 May 2020 · 7Comments · Source: GoogleContainerTools/kaniko

Actual behavior
My CI/CD (gitlab) image build job looks like this:

  image:
    name: gcr.io/kaniko-project/executor:debug-v0.20.0
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"username\":\"gitlab-ci-token\",\"password\":\"${API_KEY}\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/docker/Dockerfile --destination ${IMAGE_NAME}

This raises an error during the config file creation:

 echo "{\"auths\":{\"${CI_REGISTRY}\":{\"username\":\"_\",\"password\":\"${API_KEY}\"}}}" > /kaniko/.docker/config.json
/busybox/sh: eval: line 91: can't create /kaniko/.docker/config.json: nonexistent directory

After entering the image there is no /kaniko/.docker folder as expected (as of v0.19.0).

Tested with:
gcr.io/kaniko-project/executor:debug-v0.19.0
gcr.io/kaniko-project/executor:debug-v0.20.0

Expected behavior
/kaniko/.docker folder exists.

To reproduce
Steps to reproduce the behavior:

docker run -it --rm --entrypoint="" gcr.io/kaniko-project/executor:debug-v0.19.0 sh
ls -ail /kaniko
A folder .docker should exist
Run into v0.20.0: docker run -it --rm --entrypoint="" gcr.io/kaniko-project/executor:debug-v0.20.0 sh
After a ls -ail /kaniko you should note there is no more .docker folder

Source

arum31

👍30

Most helpful comment

@gfvirga You can just update your script to create the directory.

script:
  # @see https://github.com/GoogleContainerTools/kaniko/issues/1227
  - mkdir -p /kaniko/.docker
  - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
  - /kaniko/executor --build-arg=NPM_TOKEN --cache=true --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_PIPELINE_ID.$CI_COMMIT_SHA

but yes, this is a breaking change.

gajus on 4 May 2020

❤9 👍4

All 7 comments

Is the new procedure on v0.20.0? Gitlab runners don't automount .docker

gfvirga on 4 May 2020

@gfvirga You can just update your script to create the directory.

script:
  # @see https://github.com/GoogleContainerTools/kaniko/issues/1227
  - mkdir -p /kaniko/.docker
  - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
  - /kaniko/executor --build-arg=NPM_TOKEN --cache=true --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_PIPELINE_ID.$CI_COMMIT_SHA

but yes, this is a breaking change.

gajus on 4 May 2020

❤9 👍4

also, if the command for auth is using them error apprises like that
/kaniko # docker-credential-acr Error creating credential store helper: Failed to create secondary file store dir /kaniko/.docker/acr

kolikons on 5 May 2020

The official GitLab documentation shows an example that is broken since v0.20.0.
https://docs.gitlab.com/ee/ci/docker/using_kaniko.html#building-a-docker-image-with-kaniko

I opened a pull-request that should fix that.

D3N14L on 5 May 2020

❤4

So to be clear the official fix for this is to create the directory? This will not be fixed with v0.21.0 ?
Seems a bit counter intuitive but ok

webmutation on 6 May 2020

@webmutation: as far as I understand the MR https://github.com/GoogleContainerTools/kaniko/pull/1230 has re-added the folder by default. Probably the 0.21.0 will again have the /kaniko/.docker folder.

arum31 on 6 May 2020

👍1

Ok. I saw the commit. I did not notice it was already released. Thanks for the fb

webmutation on 6 May 2020

Was this page helpful?

0 / 5 - 0 ratings