61 lines
1.8 KiB
Groovy
61 lines
1.8 KiB
Groovy
#!groovy
|
|
|
|
// This is a little complicated to follow, just by looking, but the workflow is
|
|
//
|
|
// * Append the root CA to the official kanio image that will use to build
|
|
// the local kaniko image.
|
|
// * Copy the entire cert-store to the workspace.
|
|
// * Add the file to the locally built kaniko image from the workspace.
|
|
// * Build the image
|
|
//
|
|
// This method insures an always up-to date kaniko with an up-to-date
|
|
// certificate store.
|
|
|
|
def repository = "registry.c.test-chamber-13.lan"
|
|
def repositoryCreds = "harbor-repository-creds"
|
|
|
|
def dockerFile = """FROM ${repository}/google/kaniko-project/executor:debug
|
|
|
|
COPY ./kaniko-chain.crt /kaniko/ssl/certs/ca-certificates.crt
|
|
"""
|
|
|
|
def label = "kubernetes-${UUID.randomUUID().toString()}"
|
|
def templateName = "pipeline-worker"
|
|
podTemplate (
|
|
label: label,
|
|
name: templateName,
|
|
yaml: functions.podYaml(
|
|
repo: repository,
|
|
templateName: templateName,
|
|
[
|
|
[
|
|
name: "kaniko",
|
|
path: "${repository}/google/kaniko-project/executor:debug",
|
|
command: "/busybox/sh"
|
|
]
|
|
]
|
|
)
|
|
){
|
|
node (label) {
|
|
def workspace = pwd()
|
|
|
|
writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getLocalRootCA())
|
|
|
|
stage ("Add Cert to Kaniko") {
|
|
container ("kaniko") {
|
|
def localRootCA = functions.getLocalRootCA()
|
|
sh """
|
|
printf '%s\\n' "${localRootCA}" >> /kaniko/ssl/certs/ca-certificates.crt
|
|
cp "/kaniko/ssl/certs/ca-certificates.crt" "${workspace}/kaniko-chain.crt"
|
|
"""
|
|
}
|
|
}
|
|
|
|
functions.buildContainer(
|
|
repository: repository,
|
|
imageDest: "${repository}/library/kaniko:latest",
|
|
dockerFile: dockerFile,
|
|
repoCreds: repositoryCreds,
|
|
)
|
|
}
|
|
} |