Remove the TLS workspace workaround from the build pipeline
Opened this issue · 6 comments
In order to make TLS verification work (#13), a workaround was introduced to use an additional workspace.
In theory this should not be necessary, as the platform should inject the necessary CA certificates into the pods so that they can securely communicate.
More info
Pushing to the internal OpenShift registry requires using the service CA certificates.
An earlier version of the upstream buildah
task in the Tekton catalog used the same trick as #32:
- name: push
image: $(params.BUILDER_IMAGE)
workingDir: $(workspaces.source.path)
script: |
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \
$(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
--digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
docker://$(params.IMAGE)
volumeMounts:
- name: varlibcontainers
mountPath: /var/lib/containers
securityContext:
privileged: true
A later version of that task (e.g. current buildah
ClusterTask in OpenShift pipelines does not use that trick. Instead, a volume and an enviroment variable are injected so that buildah push
works out of the box.
Acceptance criteria
- Explore the cluster buildah task for tls certs vs the buildah task to see the difference.
- no extra workspace to manually manage TLS certificates is used in the pipelines.
/triage needs-information
/sig user-experience
/wg cnbi
@codificat: The label(s) wg/cnbi
cannot be applied, because the repository doesn't have them.
In response to this:
/wg cnbi
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
/wg cnbi
We just need to test that it works, if I read the linked issues correctly ?
/triage accepted
Story point: 3pt