如何在 Gitlab CICD 中使用 Kaniko?
[英]How to use Kaniko inside Gitlab CICD?
问题描述
I am trying to use Kaniko with Gitlab in order to get rid of the DinD flow.
我正在尝试将 Kaniko 与 Gitlab 一起使用,以摆脱 DinD 流程。
So, I have this in my.gitlab-ci.yaml所以,我在 my.gitlab-ci.yaml 中有这个
kaniko:
stage: tagging
variables:
CI_REGISTRY: ${AZURE_REGISTRY_USERNAME_DEV}.azurecr.io
CI_REGISTRY_USER: ${AZURE_REGISTRY_USERNAME_DEV}
CI_REGISTRY_PASSWORD: ${AZURE_REGISTRY_PASS_DEV}
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
#
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/devops/Dockerfile"
--destination "${CI_REGISTRY}/kanikotest:bla"
--verbosity debug
tags: # select gitlab-runner based on this tag(s)
- docker
only:
refs:
- /^feat.*$/
but I keep getting this error in the logs但我在日志中不断收到此错误
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "mysuperregistry.azurecr.io/kanikotest:bla": creating push check transport for mysuperregistry.azurecr.io failed: GET https://mysuperregistry.azurecr.io/oauth2/token?scope=repository%3Akanikotest%3Apush%2Cpull&service=mysuperregistry.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.
I am following this guide .我正在遵循本指南。
Fun fact... I have successfully deployed Kaniko inside Minikube by creating a secret with the same creds, and I successfully pushed to the same registry.有趣的事实......我通过创建具有相同凭据的秘密成功地在 Minikube 中部署了 Kaniko,并且我成功地推送到了同一个注册表。
1 个解决方案
解决方案1
0 2022-09-13 08:51:43
The syntax of the auth file seems good (I assume the creds are correct), so your code should work if you just set the DOCKER_CONFIG environment variable as following: auth 文件的语法似乎不错(我假设凭据是正确的),因此如果您将DOCKER_CONFIG环境变量设置如下,您的代码应该可以工作:
kaniko:
stage: tagging
variables:
CI_REGISTRY: ${AZURE_REGISTRY_USERNAME_DEV}.azurecr.io
CI_REGISTRY_USER: ${AZURE_REGISTRY_USERNAME_DEV}
CI_REGISTRY_PASSWORD: ${AZURE_REGISTRY_PASS_DEV}
DOCKER_CONFIG: "$CI_PROJECT_DIR/kanikotest/.docker"
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- mkdir -p $DOCKER_CONFIG
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > $DOCKER_CONFIG/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/devops/Dockerfile"
--destination "${CI_REGISTRY}/kanikotest:bla"
--digest-file "$CI_PROJECT_DIR/docker-content-digest-kanikotest"
--verbosity info
artifacts:
paths:
- docker-content-digest-kanikotest
Adding an extra directory ( kanikotest ) inside the DOCKER_CONFIG path will avoid concurrent builds to overwrite the same auth file (not required in your case example but a good practice in general).在DOCKER_CONFIG路径中添加一个额外的目录( kanikotest )将避免并发构建覆盖相同的身份验证文件(在您的案例示例中不需要,但通常是一个很好的做法)。
The --digest-file option will permit also to save the image SHA for following CI jobs. --digest-file选项还允许保存图像 SHA 以用于后续 CI 作业。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.