-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error checking push permissions to Harbor registry #1415
Comments
I corrected some configurations
pod.yaml
I switched https to http. but I still encountered the error connect: connection refused.
So i can't find another way. |
Thanks @Morride . I have never worked with harbor registry.
If you are able to pull and push via docker and crane, please let us know. |
Hi @Morride , We are successfully using our harbor docker registry with kaniko. Below are the relevant templates we are using:
and the credentials encoded in base64 (above) are in the form:
|
This pod template did not work for me, i used instead the official example with volume mount here |
This issue is stilled opened so I want to share a potentiel fix: my pipeline was running the Kaniko image with the |
I found a working example of kaniko pod temlate for Jenkins which builds up simple node.js application and pushes to Harbor apiVersion: v1
kind: Pod
metadata:
labels:
some-label: some-label-value
spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:debug // <- this part should be changed
imagePullPolicy: IfNotPresent // <- choose your own strategy
command:
- /busybox/cat
tty: true
volumeMounts:
- name: dockercred
mountPath: /kaniko/.docker // <- this is a right path
volumes:
- name: dockercred
secret:
secretName: docker-credentials
items:
- key: .dockerconfigjson
path: config.json And the secret have to look like: {"auths":{"http://your-harbor-address/v2/":{"auth":"cm9ib3QtamVua2luczpqTHl2QlhJQnJYSFJvTEtma2FjSVNKUGQ5dVlFNm91Zg=="}}} Auth field from upper json is a base64 encoded username and password by next scheme: |
@Morride were you able to solve this? |
Actual behavior
A clear and concise description of what the bug is.
An error occurred when I created the kaniko pod
First of all, my harbor registry is installed using helm and only has an intranet. I added his domain name resolution for all servers in the cluster. This is my config.json
https://github.com/GoogleContainerTools/kaniko#pushing-to-docker-hub
I created /kaniko/.docker/config.json according to this step, and created a secret ↑
This is my pod yaml
Expected behavior
A clear and concise description of what you expected to happen.
So I want to know why the pod will access the ip in the error.Does kaniko not support access to the Harbor registry of the LAN.
Did I make a mistake in one step? I'm a novice.
To Reproduce
Steps to reproduce the behavior:
Additional Information
Please provide either the Dockerfile you're trying to build or one that can reproduce this error.
Please provide or clearly describe any files needed to build the Dockerfile (ADD/COPY commands)
gcr.io/kaniko-project/executor:latest 50388657b978
Triage Notes for the Maintainers
--cache
flagThe text was updated successfully, but these errors were encountered: