def label = "jenkins-${UUID.randomUUID().toString()}"

def pushRepo = "registry.test-chamber-13.lan:5000"

def caName = "test-chamber-13.lan.root.crt"
def caContent = """
-----BEGIN CERTIFICATE-----
MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw
JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM
DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow
TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT
ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE
ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/
XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od
Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j
BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC
xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw
UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ
-----END CERTIFICATE-----
"""

podTemplate(
    label: label,
    name: "pipeline-worker",
    yaml: """---
apiVersion: v1
kind: Pod
metadata:
  name: pipeline-worker
spec:
  containers:
  - name: kaniko
    imagePullPolicy: Always
    image: gcr.io/kaniko-project/executor:debug
    tty: true
    command:
    - /busybox/cat
""",
) {
    node (label) {
        def workspace = pwd()

        stage("Build Alpine with CA") {
            container("kaniko") {
                def DF = """FROM alpine:latest
COPY ${caName} /usr/local/share/ca-certificates/
RUN apk add --no-cache --virtual=.packagecache ca-certificates && \\
    update-ca-certificates --fresh && \\
    apk del .packagecache
"""
                writeFile(file: workspace + "/" + caName, text: caContent)
                writeFile(file: workspace + "/Dockerfile", text: DF)
                sh "/kaniko/executor --cleanup --insecure --skip-tls-verify --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${pushRepo}/alpine:latest\""
            }
        }
    }
}