github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test images: Adds step for fetching Windows image builder certificates

Browse Source 
The google cloud builder job is launched without the required Windows Image Builder nodes
certificates that are needed for authentication when building the Windows container images.

Adds a step in test/images/cloudbuild.yaml that fetches a secret containing the certificates.
This commit is contained in:
Claudiu Belu 2020-05-03 12:00:28 -07:00
parent 4ccfeb18d9
commit 46df555ebe
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
test/images/cloudbuild.yaml
View File

@ -9,6 +9,22 @@ options:
substitution_option: ALLOW_LOOSE substitution_option: ALLOW_LOOSE
machineType: 'N1_HIGHCPU_8' machineType: 'N1_HIGHCPU_8'
steps: steps:
- name: gcr.io/cloud-builders/gcloud
entrypoint: 'bash'
# NOTE(claudiub): We need to get the ca.pem, cert.pem, key.pem files and put create the
# /certs/.docker-1809/, /certs/.docker-1903/, /certs/.docker-1909/ folders, which will contain the files.
args:
- -c
- 'mkdir .docker/windows &&\
gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_ca-pem > .docker-windows/ca.pem &&\
gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_cert-pem > .docker-windows/cert.pem &&\
gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_key-pem > .docker-windows/key.pem &&\
cp -r .docker-windows /certs/.docker-1809 && \
cp -r .docker-windows /certs/.docker-1903 && \
cp -r .docker-windows /certs/.docker-1909'
volumes:
- name: 'certs'
path: '/certs'
- name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4' - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4'
entrypoint: make entrypoint: make
dir: ./test/images/ dir: ./test/images/
@ -18,13 +34,15 @@ steps:
- BASE_REF=$_PULL_BASE_REF - BASE_REF=$_PULL_BASE_REF
- WHAT=$_WHAT - WHAT=$_WHAT
- REGISTRY=gcr.io/k8s-staging-e2e-test-images - REGISTRY=gcr.io/k8s-staging-e2e-test-images
- DOCKER_CERT_BASE_PATH=/root - DOCKER_CERT_BASE_PATH=/certs
- REMOTE_DOCKER_URL_1809=tcp://img-promoter-1809.eastus.cloudapp.azure.com:2376 - REMOTE_DOCKER_URL_1809=tcp://img-promoter-1809.eastus.cloudapp.azure.com:2376
- REMOTE_DOCKER_URL_1903=tcp://img-promoter-1903.eastus.cloudapp.azure.com:2376 - REMOTE_DOCKER_URL_1903=tcp://img-promoter-1903.eastus.cloudapp.azure.com:2376
- REMOTE_DOCKER_URL_1909=tcp://img-promoter-1909.eastus.cloudapp.azure.com:2376 - REMOTE_DOCKER_URL_1909=tcp://img-promoter-1909.eastus.cloudapp.azure.com:2376
# TODO(claudiub): Readd the REMOTE_DOCKER_URL_${os_version} to reenable the Windows test image building process.
args: args:
- all-build-and-push - all-build-and-push
volumes:
- name: 'certs'
path: '/certs'
substitutions: substitutions:
# _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
# can be used as a substitution # can be used as a substitution