文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >gitlab作业失败-图像拖动失败

gitlab作业失败-图像拖动失败
EN

Stack Overflow用户
提问于 2021-10-18 05:33:04
回答 2查看 8.3K关注 0票数 2

我试图通过使用Trivy进行对接扫描,并将其集成到GitLab中,管道已经通过。但是作业失败,不确定作业失败的原因。码头形象是有效的。启用共享运行程序后更新新错误

gitlab.yml

代码语言:javascript
复制
Trivy_container_scanning:
  stage: test
  image: docker:stable-git
  variables:
    # Override the GIT_STRATEGY variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yml`
    # file. See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
    # for details
    GIT_STRATEGY: none
    IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"
  allow_failure: true
  before_script:
    - export TRIVY_VERSION=${TRIVY_VERSION:-v0.20.0}
    - apk add --no-cache curl docker-cli
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
    - curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
  script:
    - trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
    #- ./trivy — exit-code 0 — severity HIGH — no-progress — auto-refresh trivy-ci-test
    #- ./trivy — exit-code 1 — severity CRITICAL — no-progress — auto-refresh trivy-ci-test

  cache:
    paths:
      - .trivycache/
  artifacts:
    reports:
      container_scanning: gl-container-scanning-report.json
  dependencies: []
  only:
    refs:
      - branches

Dockerfile

代码语言:javascript
复制
FROM composer:1.7.2
RUN git clone https://github.com/aquasecurity/trivy-ci-test.git && cd trivy-ci-test && rm Cargo.lock && rm Pipfile.lock
CMD apk add — no-cache mysql-client
ENTRYPOINT [“mysql”]

作业错误:

代码语言:javascript
复制
Running with gitlab-runner 13.2.4 (264446b2)
  on gitlab-runner-gitlab-runner-76f48bbd84-8sc2l GCJviaG2
Preparing the "kubernetes" executor
30:00
Using Kubernetes namespace: gitlab-managed-apps
Using Kubernetes executor with image docker:stable-git ...
Preparing environment
30:18
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0pgp84 to be running, status is Pending
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0pgp84 to be running, status is Pending
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0pgp84 to be running, status is Pending
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0pgp84 to be running, status is Pending
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0pgp84 to be running, status is Pending
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0pgp84 to be running, status is Pending
ERROR: Job failed (system failure): prepare environment: image pull failed: Back-off pulling image "docker:stable-git". Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

另一个错误:

代码语言:javascript
复制
Running with gitlab-runner 13.2.4 (264446b2)
  on gitlab-runner-gitlab-runner-76f48bbd84-8sc2l GCJviaG2
Preparing the "kubernetes" executor
30:00
Using Kubernetes namespace: gitlab-managed-apps
Using Kubernetes executor with image $CI_REGISTRY/devops/docker-alpine-sdk:19.03.15 ...
Preparing environment
30:03
Waiting for pod gitlab-managed-apps/runner-gcjviag2-project-1020-concurrent-0t7plc to be running, status is Pending
ERROR: Job failed (system failure): prepare environment: image pull failed: Failed to apply default image tag "/devops/docker-alpine-sdk:19.03.15": couldn't parse image reference "/devops/docker-alpine-sdk:19.03.15": invalid reference format. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
gitlab
cicd
trivy
EN

回答 2

Stack Overflow用户

发布于 2021-10-19 15:35:54

根本原因实际上是在gitlab cicd变量中没有设置变量。定义注册表凭据后,所有工作。

票数 1
EN

Stack Overflow用户

发布于 2021-10-18 06:01:30

这之后是gitlab-org/gitlab-runner第27664期

经过一些尝试和错误后,我和我们的团队发现问题是由于跑步者未能使用服务帐户秘密提取图像。 为了解决这一问题,我们使用了一个自定义配置,它以image_pull_secrets格式指定.dockercfg格式,以便成功地提取图像。 runner的内容-定制-配置-映射:

代码语言:javascript
复制
kind: ConfigMap
apiVersion: v1
metadata:
  name: runner-custom-config-map
  namespace: runner-namespace
data:
  config.toml: |-
    [[runners]]
      [runners.kubernetes]
        image_pull_secrets = ["secret_to_docker_cfg_file_with_sa_token"]

用于转轮运算符规范:

代码语言:javascript
复制
spec:
  concurrent: 1
  config: runner-custom-config-map
  gitlabUrl: 'https://example.gitlab.com'
  imagePullPolicy: Always
  serviceaccount: kubernetes-service-account
  token: gitlab-runner-registration-secret

secret_to_docker_cfg_file_with_sa_token

代码语言:javascript
复制
kind: Secret
apiVersion: v1
  name: secret_to_docker_cfg_file_with_sa_token
  namespace: plt-gitlab-runners
data:
  .dockercfg: >-
    __docker_cfg_file_with_pull_token__
type: kubernetes.io/dockercfg

2022年6月:先生3399为GitLab 15.0关闭了该问题:

“在创建pod之前检查服务帐户和映像空秘密可用性”

以防止在所需资源不可用时创建荚。

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/69611221

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档