Tekton Kaniko Pipeline not able to authenticate to internal image registry and push images #8224
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Error: error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "image-registry.openshift-image-registry.svc:5000/acic-images/test:latest": POST https://image-registry.openshift-image-registry.svc:5000/v2/acic-images/test/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:acic-images/test Type:repository] map[Action:push Class: Name:acic-images/test Type:repository]]
system:image-builder and system:image-pusher permissions were given to pipeline-account in test and acic-images namespaces
PIPELINE
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
creationTimestamp: '2024-08-20T07:01:43Z'
generation: 4
managedFields:
- apiVersion: tekton.dev/v1beta1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:params': {}
'f:workspaces': {}
manager: Mozilla
operation: Update
time: '2024-08-20T07:01:43Z'
- apiVersion: tekton.dev/v1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
'f:finally': {}
'f:tasks': {}
'f:workspaces': {}
manager: Mozilla
operation: Update
time: '2024-08-23T15:22:42Z'
name: push-img-to-priv-repo-pipeline
namespace: client-prod-stua-stua-test-a
resourceVersion: '58394485'
uid: 2b9d6412-5ee6-4f64-9ed3-a897619c0eb4
spec:
params:
- description: Git repository url
name: gitUrl
type: string
- default: master
description: Git revision to check out
name: gitRevision
type: string
- default: src
description: 'The path to the build context, used by Kaniko - within the workspace'
name: pathToContext
type: string
- description: The path to the yaml file to deploy within the git source
name: pathToYamlFile
type: string
- description: Image name including repository
name: imageUrl
type: string
- default: latest
description: Image tag
name: imageTag
type: string
tasks:
- name: clone-repo
params:
- name: url
value: $(params.gitUrl)
- name: revision
value: $(params.gitRevision)
- name: subdirectory
value: .
- name: deleteExisting
value: 'true'
runAfter:
- oc-whoami
taskRef:
kind: Task
name: git-clone
workspaces:
- name: output
workspace: git-source
- name: build-and-push-image
params:
- name: CONTEXT
value: $(params.pathToContext)
- name: IMAGE
value: '$(params.imageUrl):$(params.imageTag)'
runAfter:
- clone-repo
taskRef:
kind: Task
name: kaniko
workspaces:
- name: source
workspace: git-source
- name: oc-whoami
taskRef:
kind: Task
name: oc-whoami
workspaces:
- description: The git repo
name: git-source
PIPELINERUN
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: push-img-to-repo-pr- #for OpenShift use oc create -f to automatically generate a random name for pipelinerun. The name will be appended at the end of hyphen (-) as generateName attribute is used.
spec:
pipelineRef:
name: push-img-to-priv-repo-pipeline
params:
- name: gitUrl
value: https://github.com/Nani-Ganesh/tek-pl-pical.git
#replace with the private Git repository to be cloned
- name: gitRevision
value: main #specify the git revision name if not specified (or removed) default master branch is checkedout (here main branch is used)
- name: imageUrl
value: image-registry.openshift-image-registry.svc:5000/acic-images/test # specify the location to where the image has to be pushed sample syntax for other registries are provided below
- name: imageTag
value: "latest" # this is the tag that will be attached to the image
- name: pathToYamlFile
value: "kubernetes/picalc.yaml"
serviceAccountName: pipeline-account
workspaces:
- name: git-source
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
The text was updated successfully, but these errors were encountered: