Giters

docker / buildx

Docker CLI plugin for extended build capabilities with BuildKit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Using --mount=type=ssh with kubernetes build engine, the socket does not exist to the build layer

chrisjohnson opened this issue · comments

commented

Contributing guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

Using a Dockerfile like the following:

# syntax=docker/dockerfile:1.0.0-experimental
FROM foo
USER deployer
RUN --mount=type=ssh,id=deployer ls -althr $SSH_AUTH_SOCK && exit 1

And running the following build command (where kube-apt-macaw is a builder configured with the kubernetes engine):

docker buildx build --builder=kube-apt-macaw --ssh=default .

The following output is observed in the build log:

...
 => ERROR [9/13] RUN --mount=type=ssh,id=deployer ls -althr $SSH_AUTH_SOCK && exit 1                                                                                           0.1s
------
 > [9/13] RUN --mount=type=ssh,id=deployer ls -althr $SSH_AUTH_SOCK && exit 1:
0.109 ls: cannot access '/run/buildkit/ssh_agent.0': No such file or directory
...

It seems to assign a value for SSH_AUTH_SOCK but when trying to access the file at that location, none exists.

Expected behaviour

The SSH_AUTH_SOCK value should point to a valid socket that is a connection to my ssh-agent, allowing my RUN layers to execute with ssh access to my private dependencies.

Actual behaviour

The file specified by buildkit in SSH_AUTH_SOCK does not exist

Buildx version

github.com/docker/buildx v0.11.2-desktop.1 986ab6afe790e25f022969a18bc0111cff170bc2

Docker info

Client:
 Version:    24.0.5
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.1
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2-desktop.1
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.20.0
    Path:     /Users/cjohnson/.docker/cli-plugins/docker-scout

Server:
 Containers: 139
  Running: 0
  Paused: 0
  Stopped: 139
 Images: 232
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 5
 Total Memory: 7.667GiB
 Name: docker-desktop
 ID: cac25917-2714-4354-bb6d-1113a05f07e1
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Builders list

NAME/NODE         DRIVER/ENDPOINT                                                                                         STATUS  BUILDKIT             PLATFORMS
kube-apt-macaw    kubernetes                                                                                                                           
  kube-apt-macaw0 kubernetes:///kube-apt-macaw?deployment=buildkit-7f721b1b-d58b-4c4e-8d8d-7789f4d752f3-lfgpq&kubeconfig= running v0.13.1              linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/386
default           docker                                                                                                                               
  default         default                                                                                                 running v0.11.6+0a15675913b7 linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
desktop-linux *   docker                                                                                                                               
  desktop-linux   desktop-linux                                                                                           running v0.11.6+0a15675913b7 linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6

Configuration

# syntax=docker/dockerfile:1.0.0-experimental
FROM foo
USER deployer
RUN --mount=type=ssh,id=deployer ls -althr $SSH_AUTH_SOCK && exit 1

Build logs

No response

Additional info

No response

commented

You are using id=deployer in the dockerfile but id=default in the cli.

docker buildx build --builder=kube-apt-macaw --ssh deployer .
commented

Thanks! I was mixing up uid and id in my case