mirror/catalog
1
0
Fork 0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-21 05:55:35 +00:00
Code Issues Releases Activity

Add multi-arch parm

Browse Source
This commit is contained in:
Joshua Beha 2024-07-03 08:28:03 -04:00 committed by tekton-robot
parent 8d852fa21a
commit 2427951e5e
8 changed files with 265 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
task/skopeo-copy/0.4/README.md Normal file
View File

@ -0,0 +1,110 @@
# Skopeo
[Skopeo](https://github.com/containers/skopeo) is a command line tool for working with remote image registries. Skopeo doesnt require a daemon to be running while performing its operations. In particular, the handy skopeo command called `copy` will ease the whole image copy operation. Without further ado, you can copy an image from a registry to another simply by running:
```
skopeo copy docker://internal.registry/myimage:latest /
docker://production.registry/myimage:v1.0
```
The copy command will take care of copying the image from `internal.registry` to `production.registry`
If your production registry requires credentials to login in order to push the image, skopeo can handle that as well.
```
skopeo copy --dest-creds prod_user:prod_pass docker://internal.registry/myimage:latest /
docker://production.registry/myimage:v1.0
```
The same goes for credentials for the source registry (internal.registry) by using the `--src-creds` flag.
It is also useful for copying images between two remote docker registries, such as the registries of two different OpenShift clusters, as shown
```
skopeo copy docker://busybox:latest oci:busybox_ocilayout:latest
```
Skopeo copy isnt limited to remote containers registries. The image prefix `docker://` from the above command define the transport to be used when handling the image.
There are others also similar to that:
- atomic
- containers-storage
- dir
- docker
- docker-daemon
- docker-tar
- oci
- ostree
This `task` can be used to copy one or more than one images to-and fro various storage mechanisms.
## Install the Task
```
kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/skopeo-copy/0.4/raw
```
## Parameters
- **srcImageURL**: The URL of the image to be copied to the `destination` registry.
- **destImageURL**: The URL of the image where the image from `source` should be copied to.
- **srcTLSverify**: Verify the TLS on the src registry endpoint
- **destTLSverify**: Verify the TLS on the dest registry endpoint
- **multiArch**: How to handle multi-architecture images (system, all, or index-only)
## Workspace
- **images-url**: To mount file containing multiple source and destination images registries URL, which is mounted as configMap.
## Secrets and ConfigMap
* `Secret` to provide the credentials of the source and destination registry where the image needs to be copied from and to.
* `ConfigMap` to provide support for copying multiple images, this contains file `url.txt` which stores images registry URL's.
[This](../0.4/samples/quay-secret.yaml) example can help to use secrets for providing credentials of image registries.
## Platforms
The Task can be run on `linux/amd64`, `linux/s390x`, `linux/arm64` and `linux/ppc64le` platforms.
## Usage
This task will use the `Service Account` with access to the secrets containing source and destination image registry credentials, this will authorize it to the respective image registries.
In case of multiple source and destination image registries that needs to be copied to and from a file named `url.txt` should be created containing all the source and destination image registries `URL` seperated by a space and each set of images should be written in the new line, as shown below.
```
docker://quay.io/temp/kubeconfigwriter:v1 docker://quay.io/skopeotest/kube:v1
docker://quay.io/temp/kubeconfigwriter:v2 docker://quay.io/skopeotest/kube:v2
```
`ConfigMap` should be created using this file. Following `command` can be used to create configMap from the `file`.
```
kubectl create configmap image-configmap --from-file=url.txt
```
In case there is only one source and destination image that needs to be copied then, Source and destination image URL needs to be provided in the input params of the task.
This will result in the image getting copied from the source registry to the destination registry.
[This](../0.4/samples/serviceaccount.yaml) will guide the user to use service account for authorization to image registries.
See [here](../0.4/samples/run.yaml) for example of `TaskRun`.
### Note
- `Source credentials` are only required, if the source image registry needs authentication to pull the image, whereas `Destination credentials` are always required.
- In case of multiple source and destination images, `secret` containing `credentials` of all the image registries must be added to the `service account` and configMap containing `url.txt` should be mounted into the workspace, as shown
```
workspaces:
- name: images-url
configmap:
name: image-configmap
```
- If there is only one source and destination image registry URL, then `emptyDir` needs to be mounted in the `workspace` as shown below:
```
workspaces:
- name: images-url
emptyDir: {}
```

10
task/skopeo-copy/0.4/samples/docker-secret.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-creds
annotations:
tekton.dev/docker-0: https://docker.io
type: kubernetes.io/basic-auth
stringData:
username: test
password: test@1

10
task/skopeo-copy/0.4/samples/quay-secret.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: quay-creds
annotations:
tekton.dev/docker-0: https://quay.io
type: kubernetes.io/basic-auth
stringData:
username: skopeotest
password: Skopeo@1

12
task/skopeo-copy/0.4/samples/run.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: skopeo-run
spec:
serviceAccountName: secret-service-account
taskRef:
name: skopeo-copy
workspaces:
- name: images-url
configmap:
name: image-configmap

7
task/skopeo-copy/0.4/samples/serviceaccount.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: secret-service-account
secrets:
- name: docker-creds
- name: quay-creds

92
task/skopeo-copy/0.4/skopeo-copy.yaml Normal file
View File

@ -0,0 +1,92 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: skopeo-copy
labels:
app.kubernetes.io/version: "0.4"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/categories: CLI
tekton.dev/tags: cli
tekton.dev/displayName: "skopeo copy"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
spec:
description: >-
Skopeo is a command line tool for working with remote image registries.
Skopeo doesnt require a daemon to be running while performing its operations.
In particular, the handy skopeo command called copy will ease the whole image
copy operation. The copy command will take care of copying the image from
internal.registry to production.registry. If your production registry requires
credentials to login in order to push the image, skopeo can handle that as well.
workspaces:
- name: images-url
params:
- name: srcImageURL
description: URL of the image to be copied to the destination registry
type: string
default: ""
- name: destImageURL
description: URL of the image where the image from source should be copied to
type: string
default: ""
- name: srcTLSverify
description: Verify the TLS on the src registry endpoint
type: string
default: "true"
- name: destTLSverify
description: Verify the TLS on the dest registry endpoint
type: string
default: "true"
- name: multiArch
description: How to handle multi-architecture images (system, all, or index-only)
type: string
default: "system"
steps:
- name: skopeo-copy
env:
- name: HOME
value: /tekton/home
image: quay.io/skopeo/stable:v1
script: |
# Function to copy multiple images.
#
copyimages() {
filename="$(workspaces.images-url.path)/url.txt"
while IFS= read -r line || [ -n "$line" ]
do
cmd=""
for url in $line
do
# echo $url
cmd="$cmd \
$url"
done
read -ra sourceDest <<<"${cmd}"
skopeo copy --multi-arch="$(params.multiArch)" "${sourceDest[@]}" --src-tls-verify="$(params.srcTLSverify)" --dest-tls-verify="$(params.destTLSverify)"
echo "$cmd"
done < "$filename"
}
# Check that the multiArch parm is one of the supported methods
#
case "$(params.multiArch)" in all|system|index-only)
;;
*)
echo "Unrecognized multiArch choice: $(params.multiArch)"
exit 1;;
esac
#
# If single image is to be copied then, it can be passed through
# params in the taskrun.
#
if [ "$(params.srcImageURL)" != "" ] && [ "$(params.destImageURL)" != "" ] ; then
skopeo copy --multi-arch="$(params.multiArch)" "$(params.srcImageURL)" "$(params.destImageURL)" --src-tls-verify="$(params.srcTLSverify)" --dest-tls-verify="$(params.destTLSverify)"
else
# If file is provided as a configmap in the workspace then multiple images can be copied.
#
copyimages
fi
securityContext:
runAsNonRoot: true
runAsUser: 65532

5
task/skopeo-copy/0.4/tests/pre-apply-task-hook.sh Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
# Add an internal registry as sidecar to the task so we can upload it directly
# from our tests without having to go to an external registry.
add_sidecar_registry ${TMPF}

19
task/skopeo-copy/0.4/tests/run.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: skopeo-run
spec:
params:
- name: srcImageURL
value: docker://quay.io/temp/kubeconfigwriter:v1
- name: destImageURL
value: docker://localhost:5000/kube:latest
- name: destTLSverify
value: "false"
- name: multiArch
value: "system"
taskRef:
name: skopeo-copy
workspaces:
- name: images-url
emptyDir: {}