kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard
verified publisher icon GoogleContainerTools

Missing files in image built with Kaniko

Open mpox opened this issue 3 years ago • 2 comments

Actual behavior After building an image of given Dockerfile the java is missing in the image. Exactly same Dockefile built with Docker works fine. Interesting part is that adding RUN /usr/bin/java --version actually works and prints java version, but somehow finally the java is not in the image. It is also seen by size of an image. Incase of Docker, the size is around 650 MB, while when building with Kaniko, with exactly same artifacts it is ~100 MB less

Expected behavior I would like to have all installed packages during building an image to be inside when running a container

To Reproduce Steps to reproduce the behavior:

  1. Build image of given Dockerfile using Kaniko (as artifacts directory provide whatever you want - just to make it build)
  2. Run image and see how it fails with message
/srv/entrypoint.sh: line XX: /usr/bin/java: No such file or directory

Additional Information

  • Dockerfile
FROM amazonlinux:2022.0.20221101.0

ARG platform_variation1=amd64
ARG platform_variation2=x86_64
ARG platform_variation12=x86_64

RUN mkdir -p /srv/config && chown nobody:nobody /srv/config
VOLUME /srv/config

ARG SERVICENAME
ARG IMAGETAG
ARG BUILD_BRANCH
ARG BUILD_NUMBER
ARG ARTIFACT
ARG SERVERPORT
ARG BUILDER_VERSION
ARG DEPLOYER_VERSION

ENV SERVICENAME=${SERVICENAME}
ENV IMAGETAG=${IMAGETAG}
ENV BUILD_BRANCH=${BUILD_BRANCH}
ENV BUILD_NUMBER=${BUILD_NUMBER}
ENV BUILDER_VERSION=${BUILDER_VERSION}
ENV DEPLOYER_VERSION=${DEPLOYER_VERSION}
ENV ARTIFACT=${ARTIFACT}

RUN yum install -y java-11-amazon-corretto-devel
ENV JAVA_HOME=/etc/alternatives/java_sdk_11

RUN yum clean all && rm -rf /var/cache/yum

COPY files/srv/entrypoint.sh /srv
COPY --chown=nobody:nobody files/env /srv/env
COPY --chown=nobody:nobody artifacts/ /srv

WORKDIR /srv
USER nobody

RUN /usr/bin/java --version

ENTRYPOINT ["/srv/entrypoint.sh"]
EXPOSE ${SERVERPORT}
EXPOSE 5701
  • Build Context Contents of files/srv/entrypoint.sh
#!/bin/bash

set -e
exec /usr/bin/java --version

Contents of files/env and artifacts might be anything as modifiec version of entrypoint.sh does not use it. Parameters for ARG may be anything as /srv/entrypoint.sh does not use them (I didn't wanted to affect reproducibility of this issue and I couldn't test reproducible Dockerfile without extra parameters)

  • Kaniko Image (fully qualified with digest) Image and tag: gcr.io/kaniko-project/executor:v1.9.1-debug Digest: sha256:ac169723b2076f9d5804f4bc05c98397e286da6fdcdd5a09fdc179f06ccb3be1
Description Yes/No
Please check if this a new feature you are proposing
  • - [ ]
Please check if the build works in docker but not in kaniko
  • - [x]
Please check if this error is seen when you use --cache flag
  • - [ ]
Please check if your dockerfile is a multistage dockerfile
  • - [ ]

mpox avatar Dec 09 '22 12:12 mpox

I have encountered the same issue with missing files when building images with Kaniko. This appears to be related to the --snapshot-mode=time flag which may cause kaniko to miss changes introduced by RUN commands entirely. To prevent this issue, you can use --snapshot-mode=redo or --snapshot-mode=full instead. redo is up to 50% faster than full per kaniko docs

deplab avatar Dec 10 '23 13:12 deplab