When --tarPath option is used, image is not uploaded to the registry

[polasekr]

Actual behavior
I want to create a tar of the containeras the part of the build pipeline as well as upload the image to the docker registry. I want this to happen within a single step of build pipeline, where a single kaniko command creates both. Kaniko documentation suggests that unless --no-push switch is specified, this should work. I am using following command line switches:

/kaniko/executor --cache=false --cache-dir=/workspace --context=/workspace/source --dockerfile=Dockerfile-php \
   --destination=${DOCKER_REGISTRY}/${DOCKER_REGISTRY_ORG}/${APP_NAME}-php:$VERSION --verbosity=info \
   --tarPath /workspace/php.tar

The actual behaviour is that only tar image is created, but image is not uploaded to the registry If the switch --tarPath is removed, image is uploaded to the registry.

Expected behavior
I expect that tar archive of the image to be created as well as the image is uploaded to the registry

To Reproduce
Steps to reproduce the behavior:

1. run kaniko with switch --tarPath specified usinf any Dockerfile specification

/kaniko/executor --cache=false --cache-dir=/workspace --context=/workspace/source --dockerfile=Dockerfile-php \
   --destination=${DOCKER_REGISTRY}/${DOCKER_REGISTRY_ORG}/${APP_NAME}-php:$VERSION --verbosity=info \
   --tarPath /workspace/php.tar

2. verify that tar file is created
3. check whether image has been uploaded to the specified registry

Additional Information

• Dockerfile
  Please provide either the Dockerfile you're trying to build or one that can reproduce this error.
• Build Context
  Please provide or clearly describe any files needed to build the Dockerfile (ADD/COPY commands)
• Kaniko Image (fully qualified with digest)

Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile

[stevehipwell]

Any news on this issue as it's just caught us out?

[stevehipwell]

@tejal29 is this something which could be looked into?

[PMExtra]

As README said:

Set this flag as --tarPath= to save the image as a tarball at path. You need to set --destination as well (for example --destination=image). If you want to save the image as tarball only you also need to set --no-push.

But ref the code:

kaniko/pkg/executor/push.go

Lines 229 to 245 in 69f942f

	if opts.TarPath != "" {
	tagToImage := map[name.Tag]v1.Image{}
	if len(destRefs) == 0 {
	return errors.New("must provide at least one destination when tarPath is specified")
	}
	for _, destRef := range destRefs {
	tagToImage[destRef] = image
	}
	return tarball.MultiWriteToFile(opts.TarPath, tagToImage)
	}
	if opts.NoPush {
	logrus.Info("Skipping push to container registry due to --no-push flag")
	return nil
	}

Focus the L239, it's returned.

[larsgroeber]

We ran into the same issue when we tested kaniko on our Gitlab Runner. We wanted to export the image as a tarball to scan it later for vulnerabilities - but also upload it to our registry. I guess most people used the option to only export to a tarball?

@PMExtra I also believe this is the culprit, even when this line was last changed three years ago.

I will open a small PR so that it only checks for errors at this line.

[stevehipwell]

We ran into the same issue when we tested kaniko on our Gitlab Runner. We wanted to export the image as a tarball to scan it later for vulnerabilities - but also upload it to our registry.

@larsgroeber same here.