Use a local registry in build-push-kaniko

This is a first step in making our E2E tests more portable and less dependent on resources outside of the k8s cluster they run into. This changes the build-push-kaniko taskrun example. There is a lot of infra setup required to make sure that the service account used by test is able to push to a registry. The test script replaces the image URL in the resource with the content of the KO_DOCKER_REPO environment variable. If that is a gcr.io url then the service account must be setup for access to it. The updated version runs a local registry as a sidecar in the pod. The task now can push to localhost:5000. The port is not exposed outside of the pod so there is no risk of interference with other tests. Partially fixes #1372
tektoncd · Oct 11, 2019 · cbeddf0 · cbeddf0
1 parent ab2482a
commit cbeddf0
Showing 1 changed file with 4 additions and 21 deletions.
diff --git a/examples/taskruns/build-push-kaniko.yaml b/examples/taskruns/build-push-kaniko.yaml
@@ -6,23 +6,7 @@ spec:
   type: image
   params:
   - name: url
-    value: gcr.io/christiewilson-catfactory/leeroy-web # Replace this URL with $KO_DOCKER_REPO
----
-# This demo modifies the cluster (deploys to it) you must use a service
-# account with permission to admin the cluster (or make your default user an admin
-# of the `default` namespace with default-cluster-admin.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: default-cluster-admin
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
+    value: localhost:5000/leeroy-web
 ---
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
@@ -60,16 +44,15 @@ spec:
   steps:
   - name: build-and-push
     image: gcr.io/kaniko-project/executor:v0.9.0
-    # specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
-    env:
-    - name: "DOCKER_CONFIG"
-      value: "/builder/home/.docker/"
     command:
     - /kaniko/executor
     args:
     - --dockerfile=$(inputs.params.pathToDockerFile)
     - --destination=$(outputs.resources.builtImage.url)
     - --context=$(inputs.params.pathToContext)
+  sidecars:
+    - image: registry
+      name: registry
 ---
 apiVersion: tekton.dev/v1alpha1
 kind: TaskRun