Plugins/kaniko and pulling base images from private registries

Hi :wave:

The plugins/kaniko doesn’t seem to support pulling images from private registries.

If a Dockerfile references for example:

FROM AS base

This fails; example:

latest: Pulling from plugins/kaniko
Digest: sha256:593a0a6feea378993ed6b27330c6a9b30ef5c6e6b137cee00f89516a2308087e
Status: Image is up to date for plugins/kaniko:latest
+ /kaniko/executor --dockerfile=Dockerfile --context=dir://. --destination=******/sally:latest --build-arg=VERSION=master --build-arg=COMMIT=ce87061a --digest-file=/kaniko/digest-file
INFO[0002] Resolved base name******/golang-alpine to build 
INFO[0002] Using dockerignore file: /drone/src/.dockerignore 
INFO[0002] Retrieving image manifest******/golang-alpine 
INFO[0002] Retrieving image******/golang-alpine from registry 
error building image: GET******/golang-alpine/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:******/golang-alpine Type:repository]]
exit status 1

Despite my runners configured with .docker/config.json I don’t think that it actually passed to plugins?

correct, for security reasons, Drone never exposes credentials from the host to pipeline containers (unless explicitly configured to do so). If you need to provide credentials to the plugin it looks like you need to set the username and password.

image: plugins/kaniko
  username: <username>
  password: <password>

however, presumably you would want to source the values from secrets

image: plugins/kaniko
    from_secret: <username secret>
    from_secret: <password secret>