Expected behavior
Pull the kaniko image and imitImage from a private registry with pull secret credentials
The private registry requires an imagePullSecret for the kaniko pod spec
The dockerConfig.secretName and pullSecretName are only mounted inside the kaniko pod, if i understand correctly. The use case described by me would require a pull secret for the kaniko images itself.
For my personal use case, it would solve the issue if the cluster.pullSecretName was also added to the kaniko PodSpec:
// Add secret for pull secret
if b.ClusterDetails.PullSecretName != "" {
addSecretVolume(pod, kaniko.DefaultSecretName, b.ClusterDetails.PullSecretMountPath, b.ClusterDetails.PullSecretName)
pod.Spec.ImagePullSecrets = []v1.LocalObjectReference{{
Name: b.ClusterDetails.PullSecretName,
}}
}Could that be added as a general option?`What do you think?
Actual behavior
Failed to pull image "private.registry.com/k8s-skaffold/skaffold-helpers/busybox": rpc error: code = Unknown desc = failed to pull and unpack image "private.registry.com/k8s-skaffold/skaffold-helpers/busybox": failed to resolve reference "private.registry.com/k8s-skaffold/skaffold-helpers/busybox": failed to authorize: failed to fetch anonymous token:
unexpected status: 401
Information
- Skaffold version: v2.8.0
- Operating system: Windows 7
- Installed via: skaffold.dev standalone executable
- Contents of skaffold.yaml:
build:
artifacts:
- image: private.registry.com/myapp
kaniko:
initImage: private.registry.com/k8s-skaffold/skaffold-helpers/busybox
image: private.registry.com/kaniko-project/executor
cluster:
dockerConfig:
secretName: private-registry-push
pullSecretName: private-registry-pullSteps to reproduce the behavior
- a private container registry at
private.registry.com that requires token authentication for pulling images
skaffold build
time="2023-11-10T10:35:02+01:00" level=info msg="Waiting for kaniko-m8x5s to be initialized" subtask=private.registry.com/myapp task=Build copying sources: waiting for pod to initialize: context deadline exceeded
Expected behavior
Pull the kaniko image and imitImage from a private registry with pull secret credentials
The private registry requires an
imagePullSecretfor the kaniko pod specThe
dockerConfig.secretNameandpullSecretNameare only mounted inside the kaniko pod, if i understand correctly. The use case described by me would require a pull secret for the kaniko images itself.For my personal use case, it would solve the issue if the
cluster.pullSecretNamewas also added to the kanikoPodSpec:Could that be added as a general option?`What do you think?
Actual behavior
Failed to pull image "private.registry.com/k8s-skaffold/skaffold-helpers/busybox": rpc error: code = Unknown desc = failed to pull and unpack image "private.registry.com/k8s-skaffold/skaffold-helpers/busybox": failed to resolve reference "private.registry.com/k8s-skaffold/skaffold-helpers/busybox": failed to authorize: failed to fetch anonymous token:
unexpected status: 401
Information
Steps to reproduce the behavior
private.registry.comthat requires token authentication for pulling imagesskaffold build