\n\ni did attempt `pull_5323-alpine` as recomended in #5238 but it didnt work. the pod never stood up.\n\n### Steps to reproduce\n\n1. install woodpecker (using longhorn as a storage backend and forgejo as a forge but that hasnt been an issue before) on k3s cluster.\n2. create pipeline.\n3. attempt to run it.\n4. will never complete pod creation.\n\n### Expected behavior\n\ncreates pod, and run pipeline\n\n### System Info\n\n```shell\nsource\t\"https://github.com/woodpecker-ci/woodpecker\"\nversion\t\"3.8.0\"\n```\n\n### Additional context\n\n\u003Cimg width=\"1875\" height=\"143\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/6fbbcd41-751c-4d5d-b852-f05e57d6ca12\" />\n\n\u003Cimg width=\"1008\" height=\"312\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/6fc6001e-01e4-4cce-b9c4-2ccc144b9b1a\" />\n\n### Validations\n\n- [x] Read the [docs](https://woodpecker-ci.org/docs/intro).\n- [x] Check that there isn't [already an issue](https://github.com/woodpecker-ci/woodpecker/issues) that reports the same bug to avoid creating a duplicate.\n- [x] Checked that the bug isn't fixed in the `next` version already [https://woodpecker-ci.org/versions]",[3081],{"name":3045,"color":3046},5345,"Kubernetes Pod never completes initialisation - hangs forever","2025-07-21T14:12:00Z","https://github.com/woodpecker-ci/woodpecker/issues/5345",0.76790535,{"description":3088,"labels":3089,"number":3092,"owner":3025,"repository":3026,"state":3093,"title":3094,"updated_at":3095,"url":3096,"score":3097},"This worked with WP 2.3 and Kubernetes backend:\r\n\r\n```\r\n publish:\r\n image: woodpeckerci/plugin-docker-buildx\r\n settings:\r\n repo: *repo\r\n tags: 8h\r\n```\r\n\r\nUsing WP 2.4 the docker daemon does not start.\r\n\r\nDebugging the Pod manifest I see an empty security context and the docker daemon does not start.\r\n\r\nThis works with WP 2.4.1 but is not so user friendly:\r\n\r\n```\r\n publish:\r\n image: woodpeckerci/plugin-docker-buildx\r\n privileged: true\r\n backend_options:\r\n kubernetes:\r\n securityContext:\r\n privileged: true\r\n settings:\r\n repo: *repo\r\n tags: 8h\r\n daemon.debug: \"true\"\r\n```\r\n\r\n\r\nSee also: https://github.com/woodpecker-ci/woodpecker/issues/3482#issuecomment-2015672185_\r\n ",[3090,3091],{"name":3045,"color":3046},{"name":3022,"color":3023},3537,"closed","Woodpecker 2.4 breaks privileged steps/plugins with Kubernetes backend","2024-05-30T16:53:05Z","https://github.com/woodpecker-ci/woodpecker/issues/3537",0.72368866,{"description":3099,"labels":3100,"number":3103,"owner":3025,"repository":3026,"state":3093,"title":3104,"updated_at":3105,"url":3106,"score":3107},"### Component\r\n\r\nagent\r\n\r\n### Describe the bug\r\n\r\nA detached container cannot be accessed by its name, making it unusable.\r\n\r\n### Steps to reproduce\r\n\r\n1. Install Woodpecker and configure Kubernetes backend;\r\n2. Run a detached step and access it in following steps with its name;\r\n3. See \"bad DNS name\" or similar reports.\r\n\r\n### Expected behavior\r\n\r\nAs documented, a `detached` step should behave like a service. If it cannot be accessed by DNS, it is not capable of replacing `service`.\r\n\r\n### System Info\r\n\r\n```shell\r\n{\r\n \"source\": \"https://github.com/woodpecker-ci/woodpecker\",\r\n \"version\": \"2.8.0\"\r\n}\r\n```\r\n\r\n\r\n### Additional context\r\n\r\nhttps://github.com/woodpecker-ci/woodpecker/pull/3411 should be favorable...\r\n\r\n### Validations\r\n\r\n- [X] Read the [docs](https://woodpecker-ci.org/docs/intro).\r\n- [X] Check that there isn't [already an issue](https://github.com/woodpecker-ci/woodpecker/issues) that reports the same bug to avoid creating a duplicate.\r\n- [X] Checked that the bug isn't fixed in the `next` version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]",[3101,3102],{"name":3045,"color":3046},{"name":3022,"color":3023},4627,"A detached container cannot be accessed (at least with Kubernetes backend)","2025-01-06T16:06:40Z","https://github.com/woodpecker-ci/woodpecker/issues/4627",0.7339154,{"description":3109,"labels":3110,"number":3117,"owner":3025,"repository":3026,"state":3093,"title":3118,"updated_at":3119,"url":3120,"score":3121},"https://woodpecker-ci.org/docs/next/administration/backends/ does not contain a Kubernetes section!",[3111,3114],{"name":3112,"color":3113},"documentation","7D625D",{"name":3115,"color":3116},"good first issue","76ea72",1809,"document Kubernetes backend","2023-06-03T22:50:09Z","https://github.com/woodpecker-ci/woodpecker/issues/1809",0.7367275,{"description":3123,"labels":3124,"number":3126,"owner":3025,"repository":3026,"state":3093,"title":3127,"updated_at":3128,"url":3129,"score":3130},"### Component\n\nagent\n\n### Describe the bug\n\n### The bug\r\n\r\nI want to build and push an OCI image (aka docker image) on my self-hosted registry. I'm running Woodpecker with Kubernetes backend.\r\n\r\nI have this error : `x509: certificate signed by unknown authority`.\r\n\r\n### Explanation\r\n\r\nThe `docker build` is not aware of my `ca.crt` file.\r\n\r\n### How to fix the bug\r\n\r\n1. Find a way to provide my `ca.crt` to the agent (easy to do, need a little hack of the helm chart)\r\n2. Find a way for the agent to provide that `ca.crt` to plugins like _plugin-docker-buildx_ (like `WOODPECKER_BACKEND_DOCKER_VOLUMES` but that does not work with Kubernetes backend)\r\n\r\n### What I did, what I tried...\r\n\r\nI have read a lot of documentation on how to build+push my image. I have also read some parts of source code of Woodpecker Kubernetes backend. I have hacked the helm chart in order to put my ca.crt in a ConfigMap and mount it (with success) in either the agent pod or the dind pod (I will probably do a PR for this in repo woodpecker-ci/helm). \r\n\r\nI have tried with `WOODPECKER_BACKEND_DOCKER_VOLUMES` variable but this is restricted to Docker backend. I found nothing similar for Kubernetes.\r\n\r\nAt last, it does not work whatever I do.\r\n\r\nMy favorite try (with and without dind enabled) :\r\n```\r\n publish-woodpecker-branch:\r\n image: woodpeckerci/plugin-docker-buildx\r\n settings:\r\n registry: myregistry:5001\r\n logins:\r\n - registry: https://myregistry:5001/v2\r\n repo: myregistry:5001/awesome/tool\r\n platforms: linux/arm64\r\n tags:\r\n - ${CI_COMMIT_TAG=build}-${CI_COMMIT_SHA:0:8}-arm64\r\n```\r\n\r\nThis should work but I fail at mounting the ConfigMap in the plugin-docker-buildx pod.\r\n\r\nAnother try (too complex I guess):\r\n\r\n```\r\n publish-woodpecker-branch:\r\n image: docker:20.10.12-dind\r\n secrets:\r\n - registry_ca_crt\r\n commands:\r\n - mkdir -p \"/etc/docker/myregistry:5001\"\r\n - echo \"$${REGISTRY_CA_CRT}\" > \"/etc/docker/myregistry:5001/ca.crt\"\r\n - docker build -t \"myregistry:5001/awesome/tool:$${CI_COMMIT_TAG=build}-$${CI_COMMIT_SHA:0:8}-arm64\" .\r\n - docker push \"myregistry:5001/awesome/tool:$${CI_COMMIT_TAG=build}-$${CI_COMMIT_SHA:0:8}-arm64\"\r\n volumes:\r\n - /var/run/docker.sock:/var/run/docker.sock\r\n```\r\n\r\nI get this error : `Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?`\r\n\r\nI have also tried with Podman but I'm getting problems to run in privileged mode.\r\n\n\n### System Info\n\n```shell\n### Version\r\n\r\n\r\n{\"source\":\"https://github.com/woodpecker-ci/woodpecker\",\"version\":\"next-3033abc3\"}\r\n```\r\n\r\n### Helm values\r\n\r\nNotice the hack with `extraVolumes` and `extraVolumeMounts`. `registry-ca-crt` is a ConfigMap that contains a key named `ca.crt` and the value is the CA certificate.\r\n\r\n```\r\n---\r\nserver:\r\n image:\r\n tag: next-3033abc3b4\r\n env:\r\n WOODPECKER_ADMIN: \"\u003Credacted>\"\r\n WOODPECKER_HOST: \"http://woodpecker.\u003Credacted>\"\r\n WOODPECKER_GITEA_URL: \"http://gitea.\u003Credacted>\"\r\n WOODPECKER_GITEA: \"true\"\r\n WOODPECKER_GITEA_SKIP_VERIFY: \"true\"\r\n WOODPECKER_OPEN: \"true\"\r\n WOODPECKER_ORGS: \"\u003Credacted>\"\r\n\r\n extraSecretNamesForEnvFrom:\r\n - woodpecker-gitea-client\r\n - woodpecker-gitea-secret\r\n - woodpecker-secret\r\n\r\n fullnameOverride: \"woodpecker\"\r\n\r\n persistentVolume:\r\n enabled: true\r\n size: 10Gi\r\n storageClass: \"\u003Credacted>\"\r\n\r\nagent:\r\n image:\r\n tag: next-3033abc3b4\r\n env:\r\n WOODPECKER_SERVER: \"woodpecker.woodpecker.svc.cluster.local:9000\"\r\n WOODPECKER_BACKEND: \"kubernetes\"\r\n WOODPECKER_BACKEND_K8S_STORAGE_CLASS: \"\u003Credacted (same as above)>\"\r\n# WOODPECKER_BACKEND_DOCKER_VOLUMES: \"/etc/docker/certs.d:/etc/docker/certs.d:ro\"\r\n\r\n extraSecretNamesForEnvFrom:\r\n - woodpecker-secret\r\n\r\n extraVolumes:\r\n - name: registry-ca-crt\r\n configMap:\r\n name: registry-ca-crt\r\n\r\n# dind:\r\n# enabled: true\r\n# extraVolumeMounts:\r\n# - name: registry-ca-crt\r\n# mountPath: \"/etc/docker/certs.d/myregistry:5001\"\r\n\r\n fullnameOverride: \"woodpecker-agent\"\r\n```\n```\n\n\n### Additional context\n\n_No response_\n\n### Validations\n\n- [X] Read the [Contributing Guidelines](https://github.com/woodpecker-ci/woodpecker/blob/master/CONTRIBUTING.md).\n- [X] Read the [docs](https://woodpecker-ci.org/docs/intro).\n- [X] Check that there isn't [already an issue](https://github.com/woodpecker-ci/woodpecker/issues) that reports the same bug to avoid creating a duplicate.\n- [X] Checked that the bug isn't fixed in the `next` version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]\n- [X] Check that this is a concrete bug. For Q&A join our [Discord Chat Server](https://discord.gg/fcMQqSMXJy) or the [Matrix room](https://matrix.to/#/#woodpecker:matrix.org).",[3125],{"name":3045,"color":3046},1918,"x509: certificate signed by unknown authority (cannot provide ca.crt)","2023-07-22T10:17:32Z","https://github.com/woodpecker-ci/woodpecker/issues/1918",0.7414101,["Reactive",3132],{},["Set"],["ShallowReactive",3135],{"$fTRc1wZytZ_XrK4EfJfei_Sz-An4H4Yy6syhVxH_PVJc":-1,"$flBnz7PEdBBnfTVGojaAix8mj4CasLAQa1ag26OF8B6I":-1},"/woodpecker-ci/woodpecker/3977"]