kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard
verified publisher icon GoogleContainerTools

Executing Kaniko on different container cannot build Dockerfile from alpine image

Open qalinn opened this issue 1 year ago • 1 comments

Actual behavior I have created my own docker image based on ubuntu with kaniko executor inside. When I am trying to build Dockerfile based on linux alpine, the kaniko build failed with the following error: "/bin/sh: 1: apk: not found"

Expected behavior Kaniko must be able to build images based on dockerfile using alpine image as based

To Reproduce Steps to reproduce the behavior:

  1. Create your own ubuntu container where to run kaniko. I have used the following dockerfile: FROM gcr.io/kaniko-project/executor:v1.23.0 as kaniko FROM ubuntu:22.04

ENV JAVA_OPTS -XX:-UsePerfData

RUN apt-get update && apt-get install -y vim

WORKDIR /kaniko USER root COPY --from=kaniko /kaniko /kaniko RUN cp /kaniko/executor /kaniko/kanikoexecutor COPY config.json /kaniko/.docker/

ENV HOME /root ENV USER root ENV PATH=$PATH:/kaniko ENV DOCKER_CONFIG=/kaniko/.docker/ ENV SSL_CERT_DIR=/kaniko/ssl/certs

RUN echo '#!/bin/bash \n kanikoexecutor --ignore-path=/opt "$@"' > /kaniko/kaniko-executor && chmod +x /kaniko/kaniko-executor

RUN echo 'FROM node:lts-alpine3.18 AS deps \n RUN apk add --no-cache libc6-compat yarn' >> Dockerfile

  1. Build the previous Dockerfile which contains an example of dockerfile with nodejs alpine version. docker build -f Dockerfile_ubuntu . -t example:1
  2. Run " docker run -it example:1 bash"
  3. On the container execute following command: " /kaniko/kaniko-executor --force --context=. --dockerfile=Dockerfile --ignore-path=/lib --ignore-path=/usr/bin --ignore-path=/usr/lib --ignore-path=/bin --use-new-run=true --no-push"
  4. The results will be: INFO[0004] Args: [-c apk add --no-cache libc6-compat yarn] INFO[0004] Running: [/bin/sh -c apk add --no-cache libc6-compat yarn] /bin/sh: 1: apk: not found

Additional Information

  • Dockerfile Please provide either the Dockerfile you're trying to build or one that can reproduce this error.
  • Build Context Please provide or clearly describe any files needed to build the Dockerfile (ADD/COPY commands)
  • Kaniko Image (fully qualified with digest)

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [No]
Please check if the build works in docker but not in kaniko
  • - [Yes]
Please check if this error is seen when you use --cache flag
  • - [No]
Please check if your dockerfile is a multistage dockerfile
  • - [No]

qalinn avatar Jun 10 '24 15:06 qalinn

@qalinn currently this is a known issue and running kaniko outside of the provided container is not officially supported: https://github.com/GoogleContainerTools/kaniko#known-issues

Running kaniko in any Docker image other than the official kaniko image is not supported due to implementation details. This includes copying the kaniko executables from the official image into another image (e.g. a Jenkins CI agent). In particular, it cannot use chroot or bind-mount because its container must not require privilege, so it unpacks directly into its own container root and may overwrite anything already there.

aaron-prindle avatar Jul 10 '24 17:07 aaron-prindle