0

I just want to create a simple Tekton pipeline on OpenShift (v4) using the Tekton operator. My pipeline consists in the following operations:

  • fetch a given git repository,
  • build a nodejs application with the s2i-nodejs Tekton task,
  • copy the resulting image from the internal OpenShift registry into an external registry.

Implementing the first two steps is without any problem, implementing the third one is incredibly complicated without expert guidance.

Which tool do I need to use to copy my resulting container image (skopeo, crane, etc)?

How do I deal with the credentials (at the CLI, in an authfile, etc)?

Do I need to use a dedicated service account (default pipeline sa is not recommended)?

Is there an example somewhere that might help me?

devops036 devops036
  • 1

1 Answers1

0

Which tool do I need

Skopeo would do fine

How do I deal with the credentials

However you want. Secret, env vars, generating a config or setting those as arguments to skopeo, ...

Do I need to use a dedicated service account

Probably not. Serviceaccount should have image-puller/image-builder privileges.

Is there an example somewhere that might help me?

Have you looked at tekton catalog?

SYN
  • 4,476
  • 1
  • 20
  • 22
  • Yes, I looked at the Tekton Catalog and the Skopeo task but the provided explanations regarding OpenShift internal registry authentication are not clear enough (at least for me). – devops036 devops036 Oct 16 '22 at 09:39
  • Too bad the docs are not clear, I guess. I would rather not share my own tasks, then. If you can't write your own based on tekton catalog samples, with something relatively well documented such as skopeo, for sure you won't be able to troubleshoot more complex ones. You didn't share any example of what you did try, where you failed and how you tried to overcome it, ... At which point, maybe Tekton's not right for you? – SYN Oct 16 '22 at 15:49
  • "You didn't share any example of what you did try": copy a resulting image from the internal OpenShift registry into an external registry. I think it's pretty clear. Under which form do I provide internal OpenShift registry and external registry credentials (token, login/password, inside a configmap, on the command line, etc)? This is so easy that I wasn't able to find an example on the Internet! – devops036 devops036 Oct 17 '22 at 13:38
  • It is very clear what you're trying to do. My point is you did not try, as you're not able to show us anything yet. And if you didn't found examples: you didn't search long either. As a starting point, following readme includes all the options you're looking for: https://github.com/nmasse-itix/OpenShift-Examples/blob/master/Using-Skopeo/README.md. Which should also be a good indicator of what options to set authenticating with your external registry – SYN Oct 17 '22 at 18:41