catalog icon indicating copy to clipboard operation
catalog copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

`ko` task uses `config.json` instead of `.dockerconfigjson`

Open salaboy opened this issue 1 year ago • 4 comments

Expected Behavior

The ko task should use the .dockerconfigjson to set credentials for ko

When creating a secret with:

kubectl create secret docker-registry docker-credentials --docker-server=https://index.docker.io/v1/ --docker-username=<username> --docker-password=<password> --docker-email=<email>

You get a secret with spec.data -> .dockerconfigjson not config.json. This causes ko to not know which credentials to use.

This requires the tekton ko tasks to rename and move the .dockerconfigjson mounted into a volume to ~/.docker/config.json

Actual Behavior

It looks for a config.json key inside the secret

Steps to Reproduce the Problem

  1. create a secret with the command specified above
  2. try to use the ko task to publish a container to docker hub

Additional Info

This kind of issues are really frustrating for newbies and also for experienced people .. it is not easy to debug. Related to this issue, is the fact that if any of the credentials have sensitive characters like $ when creating the secret these characters will not be escaped and they will fail the encoding leading to situations where the credentials sent to docker hub are wrong. It might be good to have some docs around that to save people time.

salaboy avatar Sep 03 '23 13:09 salaboy

This can also be solved by extending the task with the DOCKER_CONFIG parameter.. which allows us to set up the path for the .docker/config.json file, still we will need to rename the file to config.json

salaboy avatar Sep 03 '23 15:09 salaboy

What is the status here? How's this not solved yet?

HWiese1980 avatar Jan 18 '24 21:01 HWiese1980

It has not been solved yet because of maintainers time. Essentially, the idea would be to bump the Task to a 0.2 and use scripts to do something similar to what we do here.

For what is worth, I created a Task that is an "evolution" of the ko Task present here : https://github.com/shortbrain/golang-tasks/tree/main/go-ko-image.

vdemeester avatar Jan 19 '24 13:01 vdemeester

Similar issue with creating vaultstaticsecret type .dockerconfigjson does not allow key config.json but only supports .dockerconfigjson.

I tried the above manipulation in the task to rename to config.json but it does not validate auth while pushing.

rajatrj16 avatar Jun 19 '24 06:06 rajatrj16