Search code examples
dockergokubernetesdockerfilekubeconfig

Dockerfile giving error with distroless image

I am trying to run this Dockerfile with distroless image (gcr.io/distroless/static:nonroot). docker build is happening successfully, but docker run -it image_name is giving me error:

2021-07-13T18:16:11.441Z   ERROR   controller-runtime.client.config  unable to get kubeconfig    {"error": "could not locate a kubeconfig"}
github.com/go-logr/zapr.(*zapLogger).Error
  /go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
sigs.k8s.io/controller-runtime/pkg/client/config.GetConfigOrDie
  /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/client/config/config.go:146
main.main
  /workspace/main.go:63
runtime.main
  /usr/local/go/src/runtime/proc.go:203

Debugging findings

  1. Keeping distroless image if I am removing last line ENTRYPOINT ["/manager"] then docker run -it image_name giving error as-: docker: Error response from daemon: No command specified. See 'docker run --help'.
    This same docker run command working for distroless(with ENTRYPOINT line) but not working with distroless(without ENTRYPOINT line)
  2. I replaced distroless image with alpine:latest. Here with ENTRYPOINT ["/manager"] (& without USER nonroot:nonroot) I am seeing same error as above ERROR controller-runtime.client.config unable to get kubeconfig... BUT without ENTRYPOINT line, I am able to login to container with docker run -it image_name.

Someone please let me know how to resolve this, so that I can make this dockerfile run with all required configs as in Dockerfile.

NOTE: I am afraid that my egress-operator pod might not run by changing image name, as it can lead to miss any configuration in dockerfile in order to make it run.

Solution

  • Short answer:

    If you want to run your image, just do this:

    you have 2 options for it:

    1. Run your image inside a Kubernetes Cluster
    2. Place your kubeconfig inside your image as $HOME/.kube/config

    If you are trying to debug your image, try this:

    docker run --rm -it --entrypoint bash image_name

    replace bash with sh if command not found happened.

    Explanation

    Dockerfile part

    According to the Dockerfile Docs about entrypoint,

    An ENTRYPOINT allows you to configure a container that will run as an executable. Command line arguments to docker run <image> will be appended after all elements in an exec form ENTRYPOINT

    Your command is docker run -it image_name without any arg, so that docker will treat it as:

    1. Run it in the image env
    2. Run entrypoint which is /manager

    the /manager is built with kubebuilder, it will try to load the kubeconfig and die if not thing found.

    If you do not want to run the /manager when execute docker run, you have to replace it by using --entrypoint arg.

    Kubebuilder part

    As I noticed you mentioned you afraid of missing the kubeconfig for your pod, appending this edit.

    kubebuilder would try to find kubeconfig in 2 place by default:

    1. $HOME/.kube/config: the configuration file in the file system.
    2. in-cluster: a pod running inside kubernetes can get an in-cluster kubeconfig. /