Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCR credential helper check does not respect DOCKER_CONFIG environment variable #1228

Closed
ddgenome opened this issue May 4, 2020 · 0 comments · Fixed by #1229
Closed

GCR credential helper check does not respect DOCKER_CONFIG environment variable #1228

ddgenome opened this issue May 4, 2020 · 0 comments · Fixed by #1229

Comments

@ddgenome
Copy link

ddgenome commented May 4, 2020
edited
Loading

Actual behavior

The recently merged Add ability to use public GCR repos without being authenticated #1140 does not respect the DOCKER_CONFIG environment variable, causing the check for existence of the Docker config to report that the file does not exist, resulting in the execution of the docker-credential-gcr executable, which does respect the DOCKER_CONFIG environment variable and therefore overwrites the existing file at the location specified by the DOCKER_CONFIG environment variable. If you have static credentials for GCR in that existing Docker config file, then this bug breaks authentication to GCR, as the presence of a gcr.io credHelpers property supersedes the static credentials.

You do not hit this bug if you use the default value of the DOCKER_CONFIG environment variable, which is the same as the static string used by the file existence check.

Since the PR introducing this behavior was introduced after the 0.19.0 release, it does not have this bug.

Expected behavior
I expect kaniko to respect non-default values for the DOCKER_CONFIG environment variable and not overwrite existing Docker configuration files.

To Reproduce
Steps to reproduce the behavior:

  1. Run kaniko providing a Docker configuration file with static credentials for gcr.io at a location other than /kaniko/.docker/config.json

Additional Information

  • Dockerfile
    Any Dockerfile will work, it doesn't get far enough to load it.
  • Build Context
    An empty build context should suffice to reproduce.
  • Kaniko Image (fully qualified with digest)
    gcr.io/kaniko-project/executor:debug-v0.20.0 d621600b36f824058cf45f783406a77c37fd457ed079be2fa1ff6b2eae5437e1

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile
ddgenome pushed a commit to ddgenome/kaniko that referenced this issue May 4, 2020
Use DOCKER_CONFIG for docker config location
0871dfd 
If the DOCKER_CONFIG environment variable is set, use it when
determining if the Docker config file exists.  Fall back to kaniko
default if it the DOCKER_CONFIG environment variable is not set.

Fixes GoogleContainerTools#1228
@ddgenome ddgenome mentioned this issue May 4, 2020
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use DOCKER_CONFIG for docker config location ddgenome/kaniko
1 participant
@ddgenome