You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Actual behavior
I have a multi-stage build using nodejs/yarn. When I install and run yarn in the second stage, the resulting /tmp folder under a docker run has the following permissions
# builds, pushes the image to a registry of your choosing, and pulls it back down
make test-kaniko TEST_REPO=myregistry/myimage
# does a docker run --entrypoint bash on the test image
make debug-kaniko
You should be able to pull those images as well and inspect them locally.
Additional Information
This only seems to affect multi-stage builds, when I collapse both stages into a single stage the issue goes away
We're also having this bug but we're using a single-stage build. We're getting it in our production image in 100% of cases, thus it's not flaky. But it's hard to say what causes it exactly. We're using several dependency managers in the image (yarn being one of them) and the bug happens only when all of them are used.
I couldn't make a minimal Dockerfile that reproduces the bug because all steps from our production image seem to be needed for it to happen.
these permissions seem correct at every point in the build
We're also seeing this. The permissions are changed after image is built.
Actual behavior
I have a multi-stage build using nodejs/yarn. When I install and run yarn in the second stage, the resulting
/tmp
folder under adocker run
has the following permissionsnode@2355092d5f0f:/usr/src/app$ ls -la /tmp/ total 12 drwxr-xr-x 1 root root 4096 Apr 3 22:58 . drwxr-xr-x 1 root root 4096 Apr 3 22:58 .. drwxr-xr-x 1 root root 4096 Apr 3 22:58 v8-compile-cache-0
Even stranger is that these permissions seem correct at every point in the build, here's the last step before
CMD
:Just the resulting image has the permission flags wrong for
/tmp
Expected behavior
When I build the same image using Docker, the
/tmp
folder is left alone:node@194d8cf3afd1:/usr/src/app$ ls -la /tmp/ total 20 drwxrwxrwt 1 root root 4096 Mar 31 03:27 . drwxr-xr-x 1 root root 4096 Apr 3 22:59 .. drwxr-xr-x 1 root root 4096 Mar 31 03:27 v8-compile-cache-0
To Reproduce
Full Repro:
https://github.com/mothership/kaniko-issue-repro
You should be able to pull those images as well and inspect them locally.
Additional Information
node:12.16.1-slim
), this repro installs the exact same version over it, but we noticed it when we tried to upgrade yarnyarn
, but we've not been able to find any other way to reproduce.Triage Notes for the Maintainers
--cache
flagThe text was updated successfully, but these errors were encountered: