k8s manifests

3 years ago · 0a269a87b1
5 changed files with 18 additions and 13 deletions
--- a/k8s/buildconfig.yaml
+++ b/k8s/buildconfig.yaml
--- a/k8s/imagestream.yaml
+++ b/k8s/imagestream.yaml
@ -0,0 +1,5 @@
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: function
+spec:
--- a/k8s/pipeline.yaml
+++ b/k8s/pipeline.yaml
@ -6,11 +6,6 @@ spec:
  workspaces:
  - name: scratch
  params:
-  - name: buildahPlatforms
-    type: array
-    default:
-    - linux/x86_64
-    - linux/arm64/v8
  - name: gitRepositoryURL
    type: string
  - name: outputContainerImage
@ -38,9 +33,6 @@ spec:
      value: latest
    - name: outputContainerImage
      value: "$(params.outputContainerImage)"
-    - name: buildahPlatforms
-      value:
-      - "$(params.buildahPlatforms[*])"
    workspaces:
    - name: src
      workspace: scratch
--- a/k8s/task-buildah.yaml
+++ b/k8s/task-buildah.yaml
@ -8,6 +8,9 @@ spec:
    type: string
  - name: outputContainerImage
    type: string
+  results:
+  - name: imageDigest
+    description: The digest of the built image manifest
  workspaces:
  - name: src
    mountPath: /src
@ -18,6 +21,8 @@ spec:
    image: quay.io/containers/buildah:$(params.buildahVersion)
    workingDir: /src
    env:
+    - name: RESULT_IMAGE_DIGEST
+      value: "$(results.imageDigest.path)"
    - name: TARGET_IMAGE
      value: "$(params.outputContainerImage)"
    securityContext:
@ -32,7 +37,7 @@ spec:

      function build () {
        echo "========================================================="
-        echo " buildah build $TARGET_IMAGE
+        echo " buildah build $TARGET_IMAGE"
        echo "========================================================="
        echo

@ -50,7 +55,13 @@ spec:
        echo " buildah push $1"
        echo "========================================================="
        echo
-        buildah manifest push --storage-driver vfs --all tekton "docker://$1"
+
+        # buildah requires a slight modification to the push secret provided by the service
+        # account to use it for pushing the image
+        cp /var/run/secrets/openshift.io/push/.dockercfg /tmp
+        echo "{ \"auths\": $(cat /var/run/secrets/openshift.io/push/.dockercfg) }" > /tmp/.dockercfg
+
+        buildah manifest push --storage-driver vfs --all tekton "docker://$1" --digestfile "$RESULT_IMAGE_DIGEST" --tls-verify=false --authfile /tmp/.dockercfg
        echo
      }

--- a/k8s/task-git-clone.yaml
+++ b/k8s/task-git-clone.yaml
@ -163,9 +163,6 @@ spec:
        value: $(workspaces.ssl-ca-directory.bound)
      - name: WORKSPACE_SSL_CA_DIRECTORY_PATH
        value: $(workspaces.ssl-ca-directory.path)
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65532
      script: |
        #!/usr/bin/env sh
        set -eu