Pass proxyRegistry credentials to buildImages #223
Conversation
schnatterer
changed the title
schnatterer
force-pushed
the
feature/buildimage-credentials
branch
from
e2ec179
to
a2e7c86
Compare
|
I rebased to main, fixing the conflicts imposed by #221 |
There was a problem hiding this comment.
Almost done with your first PR 👏
Please resolve my two findings and then squash all commits into one or two.
My suggestion would be to keep the refactoring commit and squash all further commits (including mine) into one that says something like Add credentials to build images.
You can add the comment about TLS in the extended message, i.e. line 3 or later.
nihussmann
force-pushed
the
feature/buildimage-credentials
branch
from
0246529
to
21d9cb5
Compare
adding security by default for local GOP
Adapt test to find syntactic error in helm/Jenkinsfile.ftl Error in plain Jenkinsfile.ftl has been sitting there unnoticed for years 😬
schnatterer
force-pushed
the
feature/buildimage-credentials
branch
from
21d9cb5
to
9586531
Compare
There was a problem hiding this comment.
@nihussmann Great work!
To not overburden you with complexity in your first ticket, I didn't tell you how to try this new feature in GOP. I tested it and came up with two minor fixes in 9586531.
So I adapted the test to fail and then fixed it 🙂
For testing, I set up harbor as "external" registry, following our manual.
I then pushed the buildImages into harbor:
skopeo copy docker://ghcr.io/cloudogu/gitops-playground --dest-creds Proxy:Proxy12345 --dest-tls-verify=false docker://localhost:30000/proxy/kubectl
skopeo copy docker://ghcr.io/cloudogu/helm:3.15.4-1 --dest-creds Proxy:Proxy12345 --dest-tls-verify=false docker://localhost:30000/proxy/helm
skopeo copy docker://cytopia/yamllint:1.25-0.7 --dest-creds Proxy:Proxy12345 --dest-tls-verify=false docker://localhost:30000/proxy/yamllint
and finally set up GOP to use the build images:
docker run --rm -t -u $(id -u) \
-v ~/.config/k3d/kubeconfig-gitops-playground.yaml:/home/.kube/config \
--net=host \
gitops-playground:dev \
--yes --argocd --ingress-nginx --base-url=http://localhost \
--registry-url=localhost:30000 \
--registry-path=registry \
--registry-username=Registry \
--registry-password=Registry12345 \
--registry-proxy-url=localhost:30000 \
--registry-proxy-username=Proxy \
--registry-proxy-password=Proxy12345 \
--petclinic-image=localhost:30000/proxy/eclipse-temurin:11-jre-alpine \
--kubectl-image=localhost:30000/proxy/kubectl \
--helm-image=localhost:30000/proxy/helm \
--yamllint-image=localhost:30000/proxy/yamllint
With this, I can see the two petclinic builds succeed and Jenkins logs tell me that localhost:30000/proxy/ images were used 🥳
this feature allows users to set credentials for the registry when the twoRegistries option is enabled.