TechQA.

Error when pushing image to Harbor registry in

176 views Asked by At

The following GitLab CI pipeline pushes images to a private Harbor Registry:

docker_build_dev:
tags:
    - oasys
  image:
    name: gcr.io/kaniko-project/executor:v1.12.1-debug
    entrypoint: [""]
  only:
    - harbor
  stage: docker
  variables:
    DEV_TAG: dev-latest
    HARBOR_HOST: "https://harbor.mycompany.com"
    HARBOR_PROJECT: "oasys"
    HARBOR_ROBOT_USER: "robot$$myproject+abcd"
    HARBOR_ROBOT_PASSWORD: "Kusixxxxxxxxxxxxxxxxxxxxxx"
  before_script:
    - echo "Docker build"
    - echo "${HARBOR_HOST}"
    - echo "$HARBOR_HOST"
    - echo "${HARBOR_ROBOT_USER}"
    - echo "${HARBOR_ROBOT_PASSWORD}"
  extends: .create_dockerfile
  after_script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"${HARBOR_HOST}\":{\"auth\":\"$(printf "%s:%s" "${HARBOR_ROBOT_USER}" "${HARBOR_ROBOT_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
    - >-
      /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${HARBOR_HOST}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:{$DEV_TAG}"
    - echo "${CI_REGISTRY_IMAGE}:{$DEV_TAG}"

When this pipeline executes it throws an error as in the sample pipeline log below:

dockerfile created
/builds/thxxxxx/0/oasys/services/myservice/src
dockerfile successfully generated. Proceeding with kaniko push
starting kaniko push
dockerfile successfully copied
Running after_script
00:01
Running after script...
$ mkdir -p /kaniko/.docker
$ echo "{\"auths\":{\"${HARBOR_HOST}\":{\"auth\":\"$(printf "%s:%s" "${HARBOR_ROBOT_USER}" "${HARBOR_ROBOT_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
$ /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile" --destination "${HARBOR_HOST}/${HARBOR_PROJECT}/${CI_PROJECT_NAME}:$DEV_TAG"
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "https://harbor.mycompany.com/oasys/myservice:dev-latest": creating push check transport for https: failed: Get "https://https/v2/": Forbidden
Cleaning up file based variables
00:00
Job succeeded

The Harbor robot account that I am using for this pipeline already has "Push" permissions configured.

When I attempt a "Docker push" from the local shell to the same Harbor registry it works successfully:

docker tag myservice:dev-latest  https://harbor.mycompany.com/oasys/myservice:dev-latest
docker push  https://harbor.mycompany.com/oasys/jonhdoe/myservice:dev-latest

However, I have observed that once I omit the "docker tag" command for a first-time push the image will also fail to be pushed to Harbor.

NB: The Harbor registry and GitLab CI server are running on the same network and they both trust each other (same CA).

What am I missing?

docker gitlab-ci kaniko
Original Q&A
0

There are 0 answers

Related Questions in DOCKER

Related Questions in GITLAB-CI

Related Questions in KANIKO

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions