I'm currently facing challenges with building my application on a local cluster using skaffold, k8s, and docker. In particular, I have a code repository that requires a private NPM package, but during the build process, it seems to lose the .npmrc file or the npm secret.
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/@sh1ba%2fcommon - Not found
npm ERR! 404
npm ERR! 404 '@sh1ba/common@^1.0.3' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-06-02T06_08_57_246Z-debug.log
unable to stream build output: The command '/bin/sh -c npm install' returned a non-zero code: 1. Please fix the Dockerfile and try again..
Instead of hardcoding the secret into the file, I'd prefer to utilize a k8s environment variable to pass the key to docker as a secret. I've tried different approaches:
- Using "--build-args" with the npm secret (not recommended)
- Using "--secret" with the npm secret (a more secure method)
- Copying the .npmrc file directly, running `npm install`, and then deleting it
The problem arises when attempting to build it using kubernetes/skaffold. It appears that none of the args, env variables, or even the .npmrc file is being recognized. After inspecting the dockerfile, it seems that nothing is being passed over from the manifest (args defined, .npmrc file, etc) to the dockerfile.
Below is an excerpt from the application's manifest:
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-depl
spec:
replicas: 1
selector:
matchLabels:
app: auth
template:
metadata:
labels:
app: auth
spec:
containers:
- name: auth
image: auth
env:
- name: NPM_SECRET
valueFrom:
secretKeyRef:
name: npm-secret
key: NPM_SECRET
args: ["--no-cache", "--progress=plain", "--secret", "id=npmrc,src=.npmrc"]
This is the relevant code in the dockerfile:
# syntax=docker/dockerfile:1.2
# --------------> The build image
FROM node:alpine AS build
WORKDIR /app
COPY package*.json .
RUN --mount=type=secret,mode=0644,id=npmrc,target=/app/.npmrc \
npm install
# --------------> The production image
FROM node:alpine
WORKDIR /app
COPY package.json .
COPY tsconfig.json .
COPY src .
COPY prisma .
COPY --chown=node:node --from=build /app/node_modules /app/node_modules
COPY --chown=node:node . /app
s
RUN npm run build
CMD ["npm", "start"]
Additionally, here is the skaffold configuration:
apiVersion: skaffold/v2alpha3
kind: Config
deploy:
kubectl:
manifests:
- ./infra/k8s/*
- ./infra/k8s-dev/*
build:
local:
push: false
artifacts:
- image: auth
context: auth
docker:
dockerfile: Dockerfile
sync:
manual:
- src: 'src/**/*.ts'
dest: .
A few points to consider:
- I've struggled to locate the .npmrc file no matter where I place it (in auth, in the manifest, in skaffold, or in the ~/ directories)
- I aim to make it easily adaptable for production so that major changes aren't required (although I would appreciate feedback if this approach is unsound)
- While I managed to get it working with buildArgs in the skaffold.yaml file, I'm uncertain about how this translates to a production environment since passing build args from kubernetes to docker isn't considered safe practice, and secrets are preferred
- The args in the manifest are causing the following error (server runs successfully if args are excluded):
- deployment/auth-depl: container auth terminated with exit code 9
- pod/auth-depl-85fb8975d8-4rh9r: container auth terminated with exit code 9
> [auth-depl-85fb8975d8-4rh9r auth] node: bad option: --progress=plain
> [auth-depl-85fb8975d8-4rh9r auth] node: bad option: --secret
- deployment/auth-depl failed. Error: container auth terminated with exit code 9.
Any advice or insights would be greatly appreciated as I've been struggling with this issue for quite some time now.
Thank you!