1

Server where runners for my pipeline which runs on GitLab are rigistered is behined proxy. I followed the documentation so that I can set up the build of image with Kaniko behind the proxy, but I still get an error which based on documentation is for missing configuration for proxy. Can someone tell me if there is a step that I may have left out or if there is something else that needs to be adjusted and I don't know about it. After build of image is successfully done I want to be able to push image to JFrog registry with latest tag.

Thank you for your help !

Below I will leave how the settings for that stage look like in pipeline:

  8:build docker image:
  stage: Build Docker Image
  variables:
    ftp_proxy: "${PROXY_ADDRESS}"
    FTP_PROXY: "${PROXY_ADDRESS}"
    http_proxy: "${PROXY_ADDRESS}"
    HTTP_PROXY: "${PROXY_ADDRESS}"
    https_proxy: "${PROXY_ADDRESS}"
    HTTPS_PROXY: "${PROXY_ADDRESS}"
    no_proxy: "localhost,127.0.0.0/8,X.0.0.0/8,X.X.0.0/12,X.X.0.0/16"
    NO_PROXY: "localhost,127.0.0.0/8,X.0.0.0/8,X.X.0.0/12,X.X.0.0/16"
  image:
    name: gcr.io/kaniko-project/executor:v1.9.0-debug
    entrypoint: [""]
  allow_failure: true
  script:
    - echo "{\"auths\":{\"$JFROG_URL\":{\"username\":\"$JFROG_USER\",\"password\":\"$JFROG_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --build-arg "ftp_proxy=${ftp_proxy}"
      --build-arg "FTP_PROXY=${ftp_proxy}"
      --build-arg "http_proxy=${http_proxy}"
      --build-arg "HTTP_PROXY=${http_proxy}"
      --build-arg "https_proxy=${https_proxy}"
      --build-arg "HTTPS_PROXY=${https_proxy}"
      --build-arg "no_proxy=${no_proxy}"
      --build-arg "NO_PROXY=${no_proxy}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${JFROG_REPO}:latest"
      --verbosity info
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
  tags:
    - dev
    - docker

The error I am getting:

error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: getting tag for destination: repository can only contain the characters `abcdefghijklmnopqrstuvwxyz0123456789_-./`: /artifactory.XXXXX:XXX/XXXX/XXXX/
Milica Nikolić
  • 155
  • 2
  • 10
  • Hi all, in the end I realized that I had set up everything related to the proxy correctly, the error I received was just confusing. In fact, when I do a build, I need to have a proxy set up, but when I do a push image, since the registry is at our internal address, then I don't need to be behind a proxy. Kaniko doesn't have an option to turn off proxy later, so I had to add a flag --no-push so that it wouldn't do push at the same time. This solved the build image problem, so now the problem remains how to do push without using dind. – Milica Nikolić Nov 07 '22 at 14:52
  • 1
    If you are wanting to pull images from a registry mirror (docker image proxy) and push to where ever you want, using `--registry-mirror` flag is a better solution. More info: https://github.com/GoogleContainerTools/kaniko#flag---registry-mirror – inblueswithu Jan 13 '23 at 14:50

0 Answers0