Trying to use the kaniko-gcr plugin to build and publish towards gcr.io on a k8s cluster running workload identity it fails.
The plugin code implements a number of checks that are actually not necessary and breaks the auth flow towards google.
Basically it works perfectly if just this entire function is removed from the code
drone-kaniko/main.go at main · drone/drone-kaniko · GitHub
(I’ve successfully tried it)
Any interest in fixing this in the official images? I guess the only thing really needed is not failing after this check, but rather let the google ecosystem figure out what to do.
As it is now where it always set the
GOOGLE_APPLICATION_CREDENTIALS env variable it forces the google code to use that since it’s the highest prio in their flow, but by not setting it when the json isn’t present it allows it to fallback to the next auth mechanism