Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot push to registry without port 80 #1579

Open
kimmoal opened this issue Feb 15, 2021 · 3 comments
Open

Cannot push to registry without port 80 #1579

kimmoal opened this issue Feb 15, 2021 · 3 comments
Labels
area/registry For all bugs having to do with pushing/pulling into registries area/security issue/port kind/bug Something isn't working ok-to-close? possible-dupe priority/p1 Basic need feature compatibility with docker build. we should be working on this next. priority/p2 High impact feature/bug. Will get a lot of users happy

Comments

@kimmoal
Copy link

kimmoal commented Feb 15, 2021

Actual behavior

Somewhat similar to #1157 but I cannot seem to tell kaniko to use port 443 for pushing an image in any way.

Trying to push an image to an internal registry, I am getting an error:

Get "http://registry.internal.local/v2/": dial tcp 10.10.10.20:80: i/o timeout

Running internal Gitlab with runner + registry, no port 80 open (should not be a requirement IMHO)

Relevant lines from build log:

Using docker image sha256:ffca8c9f01a23d0886106b46f9bdd68dc5ca29d3377434bb69020df0cb2982a8 for gcr.io/kaniko-project/executor:debug with digest gcr.io/kaniko-project/executor@sha256:473d6dfb011c69f32192e668d86a47c0235791e7e857c870ad70c5e86ec07e8c ...

$ /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/$IMAGE_NAME/Dockerfile --destination $CI_REGISTRY/$CI_PROJECT_NAME/$IMAGE_NAME:latest

error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "registry.internal.local/testing/testimage:latest": creating push check transport for registry.internal.local failed: Get "http://registry.internal.local/v2/": dial tcp 10.10.10.20:80: i/o timeout

Tried to give the https endpoint in the configuration file in various ways, but could not get it to work:
CI_REGISTRY="registry.internal.local"
{\"auths\":{\"https://$CI_REGISTRY/v2/\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json

Expected behavior
I expect to be able to push to a private Gitlab registry without port 80

To Reproduce
Steps to reproduce the behavior:

  1. execute kaniko in Gitlab CI with external runner
  2. Build image in the runner
  3. Try to push image to Gitlab registry

Additional Information

  • Kaniko Image: gcr.io/kaniko-project/executor@sha256:473d6dfb011c69f32192e668d86a47c0235791e7e857c870ad70c5e86ec07e8c

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
  • - []
Please check if this error is seen when you use --cache flag
  • - []
Please check if your dockerfile is a multistage dockerfile
  • - []
@almorgv
Copy link

almorgv commented Feb 16, 2021

This might help #1157 (comment)

@kimmoal
Copy link
Author

kimmoal commented Feb 16, 2021

True, that helps, thanks! I would like to not skip the cert check, if possible

@aaron-prindle aaron-prindle added issue/port possible-dupe ok-to-close? area/registry For all bugs having to do with pushing/pulling into registries area/security priority/p2 High impact feature/bug. Will get a lot of users happy kind/bug Something isn't working priority/p1 Basic need feature compatibility with docker build. we should be working on this next. labels Jun 23, 2023
@fanjlii
Copy link

fanjlii commented Aug 15, 2023

maybe cause by docket network mode, change to host works fine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/registry For all bugs having to do with pushing/pulling into registries area/security issue/port kind/bug Something isn't working ok-to-close? possible-dupe priority/p1 Basic need feature compatibility with docker build. we should be working on this next. priority/p2 High impact feature/bug. Will get a lot of users happy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aaron-prindle @kimmoal @almorgv @fanjlii