Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

imgpkg of the Tekton Cluster task cannot push the image #16

Open
cmoulliard opened this issue Jun 7, 2022 · 1 comment
Open

imgpkg of the Tekton Cluster task cannot push the image #16

cmoulliard opened this issue Jun 7, 2022 · 1 comment

Comments

@cmoulliard
Copy link
Contributor

Issue

imgpkg push command of the Tekton ClusterTask

apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
  name: image-writer
spec:
  description: |-
    a task that writes a given set of files (provided as a json base64-encoded)
    to a container image registry as an image making use of the imgpkg bundle
    format.
  params:
    - name: bundle
      description: name of the registry + repository to push the bundle to
      type: string
    - name: files
      type: string
      description: >
        base64-encoded json map of files to write to registry, for example -
        eyAiUkVBRE1FLm1kIjogIiMgUmVhZG1lIiB9
  steps:
    - name: main
      image: harbor-repo.vmware.com/kontinue/config-writer
      securityContext:
        runAsUser: 0
      script: |-
        #!/usr/bin/env bash

        set -o errexit
        set -o xtrace

        cd `mktemp -d`

        echo -e "$(params.files)" | base64 --decode > files.json
        eval "$(cat files.json | jq -r 'to_entries | .[] | @sh "mkdir -p $(dirname \(.key)) && echo \(.value) > \(.key)"')"

        mkdir -p .imgpkg

        echo -e "---\napiVersion: imgpkg.carvel.dev/v1alpha1\nkind: ImagesLock" > ./.imgpkg/images.yml

        export IMGPKG_ENABLE_IAAS_AUTH=false
        imgpkg push -b $(params.bundle) -f .
        cat ./.imgpkg/images.yml

defined within the Supply Chain ClusterTemplate/config-writer-template

  - name: config-writer
    templateRef:
      kind: ClusterTemplate
      name: config-writer-template
    params:
      - name: serviceAccount
        value: #@ data.values.service_account
      - name: registry
        value:
          server: #@ data.values.registry.server
          repository: #@ data.values.registry.repository
    configs:
      - resource: app-config
        name: config

cannot push the image as the CA Certificate of the private container repository is not mounted as volume and used part of the following command

imgpkg push --registry-ca-cert-path /etc/certs/ca.cert -b $(params.bundle) -f .
@cmoulliard
Copy link
Contributor Author

cmoulliard commented Jun 7, 2022
edited
Loading

cannot push the image as the CA Certificate of the private container repository is not mounted as volume and used part of the following command

imgpkg push --registry-ca-cert-path /etc/certs/ca.cert -b $(params.bundle) -f .

Workaround is to edit the ClusterTask and to pass as parameter --registry-verify-certs='False':

kubectl edit ClusterTask/image-writer
imgpkg push --registry-verify-certs='False' -b $(params.bundle) -f .

/// Check 
k get ClusterTask/image-writer -o yaml
k get pkgi/ootb-templates -n tap-install -o yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cmoulliard