#!groovy // This is a little complicated to follow, just by looking, but the workflow is // // * Append the root CA to the official kanio image that will use to build // the local kaniko image. // * Copy the entire cert-store to the workspace. // * Add the file to the locally built kaniko image from the workspace. // * Build the image // // This method insures an always up-to date kaniko with an up-to-date // certificate store. def repository = "registry.c.test-chamber-13.lan" def repositoryCreds = "harbor-repository-creds" def workspace def dockerFile def label = "kubernetes-${UUID.randomUUID().toString()}" def templateName = "pipeline-worker" pipeline { agent { kubernetes { yaml functions.podYaml( repo: repository, templateName: templateName, kaniko: true ) } } stages { stage ('Initalize Jenkins') { steps { script { workspace = pwd() dockerFile = """FROM ${repository}/google/kaniko-project/executor:v1.9.1-debug LABEL org.opencontainers.image.authors="The_Spider " LABEL org.opencontainers.image.title="kaniko" LABEL org.opencontainers.image.description="Docker container for building docker containers" LABEL org.opencontainers.image.base.name="gcr.io/kaniko-project/executor:debug" COPY ./kaniko-chain.crt /kaniko/ssl/certs/ca-certificates.crt """ //writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getLocalRootCA()) } } } stage ("Add Cert to Kaniko") { steps { container ("kaniko") { script { sh """ printf '%s\\n' "${functions.getCurrentRootCA()}" "${functions.getRetiredRootCA()}" >> /kaniko/ssl/certs/ca-certificates.crt cp "/kaniko/ssl/certs/ca-certificates.crt" "${workspace}/kaniko-chain.crt" """ } } } } stage ('Build & Push') { steps { container ('kaniko') { script { declarativeFunctions.buildContainerMultipleDestinations( dockerFile: dockerFile, repositoryAccess: [ [ repository: repository, credentials: repositoryCreds ], ], destination: [ "${repository}/library/kaniko:latest", ] ) } } } } } }