0

What is wrong

I'm facing issues with my GitLab CI pipeline when using Kaniko to build a Docker image on AWS Fargate. The pipeline launches a task on Fargate, but I encounter various errors with different Dockerfiles, such as excessive syslink calls and failures with specific apt-get commands. I need assistance in resolving these issues with my custom Kaniko image.

The reason for this setup is to avoid using DinD (Docker in Docker) and reduce costs on AWS Fargate. I have successfully tested the DinD approach with all my Dockerfiles.

According to the GitLab documentation, I'm using the following Dockerfile to build the image for the AWS Fargate task definition:

FROM --platform=linux/amd64 gcr.io/kaniko-project/executor AS kaniko

FROM --platform=linux/amd64 ubuntu:20.04

# ----------------------------------------------------------------
# Copy the kaniko executable and cloud container registry helpers.
# Then, set up the tool.
# ----------------------------------------------------------------
COPY --from=kaniko /kaniko/executor /kaniko/
COPY --from=kaniko /kaniko/docker-credential-gcr /kaniko/
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/

ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
ENV PATH ${PATH}:/kaniko

RUN mkdir -p /kaniko/.docker \
    && mkdir -p /kaniko/ssl \
    && docker-credential-gcr config --token-source=env

# ---------------------------------------------------------------------
# Install https://github.com/krallin/tini - a very small 'init' process
# that helps processing signals sent to the container properly.
# ---------------------------------------------------------------------
ARG TINI_VERSION=v0.19.0

RUN apt-get update \
    && apt-get install -y curl \
    && curl -Lo /usr/local/bin/tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-amd64 \
    && chmod +x /usr/local/bin/tini

# --------------------------------------------------------------------------
# Install and configure sshd.
# https://docs.docker.com/engine/examples/running_ssh_service for reference.
# --------------------------------------------------------------------------
RUN apt-get install -y openssh-server \
    && mkdir -p /var/run/sshd

EXPOSE 22

# ----------------------------------------
# Install GitLab CI required dependencies.
# ----------------------------------------
ARG GITLAB_RUNNER_VERSION=v13.6.0

RUN curl -Lo /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/${GITLAB_RUNNER_VERSION}/binaries/gitlab-runner-linux-amd64 \
    && chmod +x /usr/local/bin/gitlab-runner \
    && gitlab-runner --version

RUN apt-get install -y git-lfs \
    && git lfs install --skip-repo

# -------------------------------------------------------------------------------------
# Execute a startup script.
# https://success.docker.com/article/use-a-script-to-initialize-stateful-container-data
# for reference.
# -------------------------------------------------------------------------------------
COPY test.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/test.sh
ENTRYPOINT ["tini", "--", "/usr/local/bin/test.sh"]

and the test.sh file:


#!/bin/sh

if command -v tini >/dev/null 2>&1; then
  echo "tini is installed."
else
  echo "tini is not installed."
fi

# Create a folder to store user's SSH keys if it does not exist.
USER_SSH_KEYS_FOLDER=~/.ssh
[ ! -d ${USER_SSH_KEYS_FOLDER} ] && mkdir -p ${USER_SSH_KEYS_FOLDER}

# Copy contents from the `SSH_PUBLIC_KEY` environment variable
# to the `$USER_SSH_KEYS_FOLDER/authorized_keys` file.
# The environment variable must be set when the container starts.
echo ${SSH_PUBLIC_KEY} > ${USER_SSH_KEYS_FOLDER}/authorized_keys

# Clear the `SSH_PUBLIC_KEY` environment variable.
unset SSH_PUBLIC_KEY

# Start the SSH daemon
exec /usr/sbin/sshd -D

This approach seems to have several problems, and I discovered that the official Kaniko Dockerfile uses FROM Scratch referenced here, which prevents me from setting up the image using the documented steps.

Has anyone used Kaniko before or have experience with this issue?

Expected behavior: The GitLab CI pipeline should build a Docker image using Kaniko on AWS Fargate and push the images to a specific registry.

Aldo
  • 1
  • 1
  • Did you test your Dockerfile in a different environment to make sure it's working 100% fine? Feel free to try at zcloud.ws – Filipe Névola Jul 10 '23 at 19:26
  • @FilipeNévola First let me thank you. It is not an environment issue rather that Kaniko uses FROM SCRATCH as base image and I am putting Kaniko on top of Ubuntu. I also did in fact test on MacOS and Linux environment. This is not an optimal way to go for it as Kaniko might break overlaying with Ubuntu. My question rather lies at how to better do it or maybe I could do it better to avoid getting different errors on different Dockerfiles. – Aldo Jul 11 '23 at 20:09

0 Answers0