0

I'm building a Docker image with Kaniko. I would like to use two separate private artifactories for my GitLab CI/CD pipeline:

  1. One from which the Dockerfile takes its source image (Artifactory1/Repo1)
  2. One to which the pipeline will push the ready image (Artifactory2/Repo2)

Both have separate credentials.

My question is, how could I add the login credentials for the second, destination artifactory? I have tried with -u -p flags, and also with a separate line, did not work.

As of now my gitlab-ci.yml code looks something like this:

image:
    name: artifactory1/kaniko/executor:debug
    entrypoint: [""]
stages:
    - build
build:
    stage: build
    script:
        - env
        - KANIKOCFG="\"auths\":{\"artifactory1/repo1/\":{\"auth\":\"$(printf "%s:%s" "${ARTIFACTORY1_USER}" "${ARTIFACTORY1_PASS}" | base64 | tr -d '\n')\"}}"
        - KANIKOCFG="{ ${KANIKOCFG} }"
        - echo ${KANIKOCFG} >> /kaniko/.docker/config.json
        - /kaniko/executor --dockerfile $CI_PROJECT_DIR/Dockerfile --context $CI_PROJECT_DIR/ --destination artifactory2/repo2/finalimage:1.0.0

Both artifactory1 and artfactory2 credentials are known and added to GitLab as variables, something like this:

ARTIFACTORY1_USER
ARTIFACTORY1_PASS
ARTIFACTORY2_USER
ARTIFACTORY2_PASS

I'm always getting an authentication error for REPO2 that I cant push there. Of course now it does not work because I could not set authentication up in the correct way.

Nysa-522
  • 49
  • 3

2 Answers2

0

I think it will be much easier for you to build with Kaniko and push docker images through the JFrog CLI.

See the example here.

On top of that with JFrog CLI you can configure multiple Artifactory registries and distinguish between them with '--server-id' See the documentation here.

shaibz
  • 266
  • 1
  • 5
0

You may have a problem on the file /kaniko/.docker/config.json

The config.json should look like this:

{
  "auths": {
    "$REPO1_URL": {
      "username": "$ARTIFACTORY1_USER",
      "password": "$ARTIFACTORY1_PASS"
    },
    "$REPO2_URL": {
      "username": "$ARTIFACTORY2_USER",
      "password": "$ARTIFACTORY2_PASS"
    }
  }
}

Give a try on the following code to update your config.json file:

script:
  - echo "{\"auths\":{\"$REPO1_URL\":{\"username\":\"$ARTIFACTORY1_USER\",\"password\":\"$ARTIFACTORY1_PASS\"},\"$REPO2_URL\":{\"username\":\"$ARTIFACTORY2_USER\",\"password\":\"$ARTIFACTORY1_PASS\"}}}" > /kaniko/.docker/config.json
Oceania Water
  • 267
  • 2
  • 11
  • Thank you. I will try that, and will come back with the results. – Nysa-522 Mar 08 '23 at 15:07
  • Unfortunately it did not work this way either. It probably would have worked if the repositories would have been compeletly different but as I read through issue descriptions, Kaniko cannot handle the below situation: `Repo to pull from: "example.com/registryA"` `Repo to push to: "example.com/registryB"` So note how the example.com is the same in both entries. Is there a workaround for this as well? – Nysa-522 Mar 23 '23 at 14:02