Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

task fail: fork/exec /busybox/sh: permission denied #2373

Closed
r0bj opened this issue Apr 11, 2020 · 2 comments
Closed

task fail: fork/exec /busybox/sh: permission denied #2373

r0bj opened this issue Apr 11, 2020 · 2 comments

Comments

@r0bj
Copy link

r0bj commented Apr 11, 2020

Expected Behavior

Task executes without issue.

Actual Behavior

Executing task generates error:

2020/04/11 20:57:26 Error executing command: fork/exec /busybox/sh: permission denied

Steps to Reproduce the Problem

  1. define build-images.yaml:
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-images
spec:
  steps:
  - name: build
    image: gcr.io/kaniko-project/executor:debug-v0.19.0
    command:
    - /busybox/sh
    - -c
    - echo test

---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: build-images
spec:
  taskRef:
    name: build-images
  1. kubectl apply -f build-images.yaml

Additional Info

I want to build multiple images from dynamic generated list (from eg. git repo). Since #2050 is not implemented I would like to iterate kaniko execution over list of images. In order to do that I need to execute shell in kaniko image. Kaniko images with debug tag consists of the kaniko executor image along with a busybox shell. Unfortunately using this shell is impossible in tekton task. Manually using docker works fine:

# docker run -it --entrypoint=/busybox/sh gcr.io/kaniko-project/executor:debug-v0.19.0 -c "echo test"
test

Is there any way I can use kaniko to build multiple images in tektoncd based on dynamic list (from eg. git repo)?

  • Kubernetes version:
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T23:41:24Z", GoVersion:"go1.14", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.11-gke.1", GitCommit:"aa93664bafe74f3c051e021b27a64e28ac34ab40", GitTreeState:"clean", BuildDate:"2020-03-18T22:49:35Z", GoVersion:"go1.12.17b4", Compiler:"gc", Platform:"linux/amd64"}
  • Tekton Pipeline version:
Client version: 0.8.0
Pipeline version: v0.11.1
@vincent-pli
Copy link
Member

@r0bj
I tried your case, but not hit the permission issue:

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-images
spec:
  steps:
  - name: build
    image: gcr.io/kaniko-project/executor:debug-v0.19.0
    env:
    - name: DOCKER_CONFIG
      value: /tekton/home/.docker
    script: |
            #!/busybox/sh
            IN="xx;xx;xx;jj"
            params=$(echo $IN | tr ";" "\n")

            for param in $params
            do
                echo "> [$param]"
                /kaniko/executor
            done

@r0bj
Copy link
Author

r0bj commented Apr 13, 2020
edited
Loading

@vincent-pli thanks for info.
After additional test it seems that this issue occurs only on kubernetes clusters with containerd as a CRI (in GKE images: Container-Optimized OS with Containerd cos_containerd). On kubernetes with docker as CRI everything is fine.

@r0bj r0bj closed this as completed Apr 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@r0bj @vincent-pli