workaround (yet another) kaniko-related issue

Kaniko does (no longer?) seem to support authenticating against "docker-hub"'s v2-api-endpoint, as also discussed on GitHub: GoogleContainerTools/kaniko#1209 The suggested workaround seems to be to use the v1-endpoint. So hackily inject it when generating a docker-cfg for kaniko.
gardener · Jul 26, 2021 · 1b3626b · 1b3626b
1 parent bb19f26
commit 1b3626b
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/model/container_registry.py b/model/container_registry.py
@@ -79,6 +79,21 @@ def as_docker_auths(self):
             host: {'auth': auth_str} for host in self.image_reference_prefixes()
         }
 
+        # ugly workaround for docker-hub, see:
+        # https://github.com/GoogleContainerTools/kaniko/issues/1209
+        # -> if there is a cfg for "docker-hub", implicitly patch-in the v1-flavoured cfg
+        if not (docker_v1_prefix := 'https://index.docker.io/v1/') in auths:
+            # try both w/ slash and w/o slash suffix
+            def auth_for_prefix(prefix):
+                if v := auths.get(prefix, None):
+                    return v
+                return auths.get(prefix + '/', None)
+
+            for candidate in 'registry-1.docker.io', 'docker.io', 'index.docker.io':
+                if auth_cfg := auth_for_prefix(prefix=candidate):
+                    auths[docker_v1_prefix] = auth_cfg
+                    break # use first (we have no way of knowing which one would be better..)
+
         return auths
 
     def privileges(self) -> oa.Privileges: