Unable to pass Kubernetes volumeMount into container

[gazzer82]

I have a JSON file that's stored in a Kubernetes secret that's shared with my the Buildagent with the following config.

- mountPath: /root/docker.json
          name: docker-login
          subPath: docker.json

The file is a JSON key for a Kubernetes service account, so obviously not wanting to bake it into any of my images.

I'm using the file within a script to build/push an image using docker push as follows and this works fine.

docker login -u _json_key -p "$(cat /root/docker.json)" https://eu.gcr.io

But I have a docker compose step using this plugin where I load up a pre-built image that contains Gcloud and Kubectl so I can update the deployment to the latest build version, and I need this key file to be able to login, but I can't seem to get the volume to mount with my docker compose file, I'm using the following.

volumes:
      - /root/docker.json:/base/kube/docker.json

But it always throws and error about not being able to create the folder, so seems the docker-compose plugin is not able to see/access the mounted file.

Error response from daemon: error while creating mount source path '/root/docker.json': mkdir /root/docker.json: read-only file system

Not sure how to resolve this?

[torbjornvatn]

I'm experiencing something similar trying to follow your golang in docker example.
I get this error in the logs:

Running command in Docker Compose service: app

docker-compose -f docker-compose.yml -p buildkitedfb3eabc02b84a13b8fd25b13b22a459 run --name buildkitedfb3eabc02b84a13b8fd25b13b22a459_app_build_23 app ./scripts/build.sh

Error response from daemon: error while creating mount source path '/buildkite/builds/bk-agent-buildkite-78845d9f56-lxz2j/unacast/walrus': mkdir /buildkite: read-only file system

I'm running the agent on Kubernetes installed via your helm chart

I also got the same error when I tried the docker plugin

[lox]

The key part here is read-only file system. If you look at the output of mount you will see that the Google Container OS mounts the root filesystem as read-only.

Docker will try and create the source path if it doesn't exist, which will fail on a read-only filesystem. I suspect the answer is to avoid host mounts and go for mounting volumes in Kubernetes, but I'd love to hear from an expert. We'll do some testing of our own.

[lox]

I'm trying to figure out where the /buildkite comes from. I suspect if we used something like /opt/buildkite it would solve the problem. I assume you are both running buildkite-agent as a docker container?

[lox]

@gazzer82 are you sure that /root/docker.json actually exists?

[gazzer82]

Yes I’m 100% certain is exists as I’m using it a previous buildkite stage to authenticate to Kubernetes and push an updated image. It’s only when I try to do sicker within docker to update my deployment with kubectl that I get this error. For now I have just base64 encoded the relevant part of the key in a secret and am building the key within the deployment update container from those env variables. Yes I am running buildkite agent in Kubernetes on google.

…

Sent from my iPhone

On Apr 14, 2018, at 01:54, Lachlan Donald ***@***.***> wrote: @gazzer82 are you sure that /root/docker.json actually exists? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[torbjornvatn]

Seem like @lox figured this out over in buildkite/agent#729 (comment)

[toolmantim]

Yep, see buildkite/agent#729