kubeconform icon indicating copy to clipboard operation
kubeconform copied to clipboard

Published 20 hours ago verified publisher icon yannh

Alpine Docker Image does not work in Gitlab CI

Open pSub opened this issue 2 years ago • 5 comments

I am unable to integrate kubeconform into our Gitlab CI pipeline using the Alpine docker image. The relevant part of my Gitlab CI configuration is

lint-kubeconform:
  stage: validate
  image: ghcr.io/yannh/kubeconform:latest-alpine
  script:
    - kubeconform

The gitlab-runner fails to find a sh:

Runtime platform                                    arch=amd64 os=linux pid=40134 revision=f188edd7 version=14.9.1
Running with gitlab-runner 14.9.1 (f188edd7)
Preparing the "docker" executor
Using Docker executor with image ghcr.io/yannh/kubeconform:latest-alpine ...
Pulling docker image ghcr.io/yannh/kubeconform:latest-alpine ...
Using docker image sha256:48581c23a24fb25e270c6a6900b5fe9c4bd0095b7fe8779cdb45b94217686e6d for ghcr.io/yannh/kubeconform:latest-alpine with digest ghcr.io/yannh/kubeconform@sha256:a46a016956f6f91de40e1a635c1c7f75748720db592540b28a1c80f08c8d5991 ...
Preparing environment
Running on runner--project-0-concurrent-0 via LX-02014465...
Getting source from Git repository
Fetching changes...
Initialized empty Git repository in /builds/project-0/.git/
Created fresh repository.
Checking out f1afcbf4 as feature/kubeconform...

Skipping Git submodules setup
Executing "step_script" stage of the job script
Using docker image sha256:48581c23a24fb25e270c6a6900b5fe9c4bd0095b7fe8779cdb45b94217686e6d for ghcr.io/yannh/kubeconform:latest-alpine with digest ghcr.io/yannh/kubeconform@sha256:a46a016956f6f91de40e1a635c1c7f75748720db592540b28a1c80f08c8d5991 ...
sh - failed validation: lstat sh: no such file or directory
-c - failed validation: lstat -c: no such file or directory
ERROR: Job failed: exit code 1

FATAL: exit code 1

It looks like the error described in #47. Is there something wrong with my configuration or is this a regression?

pSub avatar Apr 13 '22 08:04 pSub

The issue is in ENTRYPOINT ["/kubeconform"] line in Dockerfile which GitLab Runners with Docker executor (the shared ones on GitLab.com) respect and then what's actually being executed is:

kubeconform sh -c anything_you_have_in_script

as you can see this error is actually returned by kubeconform binary

sh - failed validation: lstat sh: no such file or directory
-c - failed validation: lstat -c: no such file or directory

solution is to override entrypoint, you can do it in your .gitlab-ci.yaml file:

image:
  name: ghcr.io/yannh/kubeconform:latest-alpine
  entrypoint: [""]

Note: You won't encounter this issue on GitLab runners with Kubernetes executor, because they ignore ENTRYPOINT entry in container image :P

balonik avatar May 25 '22 11:05 balonik

Thank you for this workaround @balonik!

pSub avatar May 26 '22 16:05 pSub

What do you think would be the best way for this do you think, just add some documentation? Changing the entrypoint can be weird sometimes with how signals are processed, if Gitlab lets you override the entrypoing Iä d rather do this.

yannh avatar Jun 19 '22 16:06 yannh

I think a documentation for this specific use-case is OK.

balonik avatar Jul 21 '22 12:07 balonik

I agree with @balonik, adding documentation for this case is enough.

pSub avatar Jul 24 '22 18:07 pSub

Documentation added in https://github.com/yannh/kubeconform/pull/139 I hope it is sufficient! Feel free to send a PR for more details if not :bowing_man:

yannh avatar Oct 16 '22 13:10 yannh