You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2019/11/28 07:40:51 UTC
[camel-k] 04/07: Fix #613: Upgrade Kaniko to 0.14.0. Add doc about
Docker Hub and Github Packages
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 040b1165472965d232bd730ee30e73d083e44191
Author: Nicola Ferraro <ni...@gmail.com>
AuthorDate: Tue Nov 26 12:32:06 2019 +0100
Fix #613: Upgrade Kaniko to 0.14.0. Add doc about Docker Hub and Github Packages
---
docs/modules/ROOT/nav.adoc | 4 ++
docs/modules/ROOT/pages/installation/gke.adoc | 36 ++----------------
.../pages/installation/registry/dockerhub.adoc | 44 ++++++++++++++++++++++
.../ROOT/pages/installation/registry/gcr.adoc | 37 ++++++++++++++++++
.../ROOT/pages/installation/registry/github.adoc | 29 ++++++++++++++
.../ROOT/pages/installation/registry/registry.adoc | 42 +++++++++++++++++++++
pkg/builder/kaniko/publisher.go | 2 +-
pkg/cmd/install.go | 2 +-
pkg/install/secret.go | 4 +-
pkg/util/defaults/defaults.go | 2 +-
pkg/util/registry/registry.go | 18 ++++-----
pkg/util/registry/registry_test.go | 6 +--
script/Makefile | 2 +-
13 files changed, 177 insertions(+), 51 deletions(-)
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
index 6bc6965..732df79 100644
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@@ -3,6 +3,10 @@
** xref:installation/minishift.adoc[Minishift]
** xref:installation/gke.adoc[Google Kubernetes Engine (GKE)]
** xref:installation/openshift.adoc[OpenShift]
+** xref:installation/registry/registry.adoc[Configuring Registry]
+*** xref:installation/registry/dockerhub.adoc[Docker Hub]
+*** xref:installation/registry/github.adoc[Github Packages]
+*** xref:installation/registry/gcr.adoc[Gcr.io]
* xref:running/running.adoc[Running]
** xref:running/dev-mode.adoc[Dev Mode]
* xref:configuration/configuration.adoc[Configuration]
diff --git a/docs/modules/ROOT/pages/installation/gke.adoc b/docs/modules/ROOT/pages/installation/gke.adoc
index a9910a1..eb0b99b 100644
--- a/docs/modules/ROOT/pages/installation/gke.adoc
+++ b/docs/modules/ROOT/pages/installation/gke.adoc
@@ -26,39 +26,9 @@ kubectl create clusterrolebinding user-cluster-admin-binding --clusterrole=clust
The command above is needed to make sure your user is able to delegate some permissions to Camel K service accounts.
-Users of *GKE* are expected to use the `gcr.io` registry to push and pull images.
-In order to push images to `gcr.io`, you need to provide a valid key to Camel K.
-The best way to obtain a valid key is from the web console:
-
-- Go to https://console.cloud.google.com
-- Make sure the project where you created the Kubernetes cluster is selected in the drop-down list
-- To avoid confusion, it's suggested to use the "English" language in preferences of the Google Cloud console
-- Select "IAM & admin" from the navigation menu, then "Service accounts"
-- Create a new service account specifying the following id: **"camel-k-builder"**
-- You'll be asked to select a role. It's important to select the **"Storage Admin" role** from the "Storage" menu
-- Finish creating the service account
-- From the action menu of the service account you've created, **create a key** using the JSON format
-
-A `.json` file with the key will be downloaded to your machine. You need to store that key in a Kubernetes secret.
-
-It's **important** to rename the file you've just downloaded to `kaniko-secret.json` (make sure you write it correctly).
-After the renaming, execute the following command to create the secret:
-
-```
-kubectl create secret generic kaniko-secret --from-file=kaniko-secret.json
-```
-
-You're ready to install Camel K. You need to get the *kamel* CLI tool the from https://github.com/apache/camel-k/releases[release page]
+You can now get the *kamel* CLI tool the from https://github.com/apache/camel-k/releases[release page]
and put it on your system path.
-You should now execute the following command to install cluster resources and the operator (in the current namespace):
-
-```
-kamel install --registry gcr.io --organization <<your-project-id>> --registry-secret kaniko-secret
-```
-
-Use the project id that you've annotated when executing the first connection string.
-
-NOTE: the project id is **NOT** the cluster id!
+The last thing to do is to xref:installation/registry/gcr.adoc[configure gcr.io as registry] to host your integration image.
-You're now ready to play with Camel K!
+After doing that, you'll be ready to play with Camel K. Enjoy!
diff --git a/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc b/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc
new file mode 100644
index 0000000..d85f8a5
--- /dev/null
+++ b/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc
@@ -0,0 +1,44 @@
+[[configuring-registry-dockerhub]]
+= Configuring a DockerHub Registry
+
+You can host your container images on Docker Hub in case your cluster doesn't provide a xref:installation/registry/registry.adoc[default registry].
+
+You need to create an account on https://hub.docker.com/, then use the following command to configure Camel K during installation:
+
+[source,bash]
+----
+kamel install --registry docker.io --organization your-user-id-or-org --registry-auth-username your-user-id --registry-auth-password your-password
+----
+
+The `--registry-auth-username` and `--registry-auth-password` flags are used by the `kamel` CLI to create a Kubernetes secret
+that holds your credentials for authenticating against the Docker registry.
+
+In the general case, the `--registry-auth-server` should be used, but it can be omitted for Docker Hub because it's
+automatically set to `https://index.docker.io/v1/`.
+
+== Alternative Methods
+
+In some cases, you might already have a push/pull secret for Docker Hub in your current namespace.
+Or you can also decide to create it using `kubectl`, with the following command:
+
+[source,bash]
+----
+kubectl create secret docker-registry your-secret-name --docker-username your-user --docker-password your-pass
+----
+
+Another possibility is to upload to the cluster your entire list of push/pull secrets:
+
+[source,bash]
+----
+# First login to your registry and provide credentials
+docker login
+# Then create a secret from your credentials file (may contain passwords for other registries)
+create secret generic your-secret-name --from-file ~/.docker/config.json
+----
+
+After you've created the secret, you can link it to Camel K during installation:
+
+[source,bash]
+----
+kamel install --registry docker.io --organization your-user-id-or-org --registry-secret your-secret-name
+----
diff --git a/docs/modules/ROOT/pages/installation/registry/gcr.adoc b/docs/modules/ROOT/pages/installation/registry/gcr.adoc
new file mode 100644
index 0000000..3f1e3b6
--- /dev/null
+++ b/docs/modules/ROOT/pages/installation/registry/gcr.adoc
@@ -0,0 +1,37 @@
+[[configuring-registry-gcr]]
+= Configuring a Gcr.io Registry
+
+You can use gcr.io as registry to host Camel K images. Usually, users may want to use gcr.io in combination with xref:installation/gke.adoc[Google GKE].
+
+In order to push images to `gcr.io`, you need to provide a valid key to Camel K.
+The best way to obtain a valid key is from the Google web console:
+
+- Go to https://console.cloud.google.com
+- Make sure the project where you created the Kubernetes cluster is selected in the drop-down list
+- To avoid confusion, it's suggested to use the "English" language in preferences of the Google Cloud console
+- Select "IAM & admin" from the navigation menu, then "Service accounts"
+- Create a new service account specifying the following id: **"camel-k-builder"**
+- You'll be asked to select a role. It's important to select the **"Storage Admin" role** from the "Storage" menu
+- Finish creating the service account
+- From the action menu of the service account you've created, **create a key** using the JSON format
+
+A `.json` file with the key will be downloaded to your machine. You need to store that key in a Kubernetes secret.
+
+It's **important** to rename the file you've just downloaded to `kaniko-secret.json` (make sure you write it correctly).
+After the renaming, execute the following command to create the secret:
+
+```
+kubectl create secret generic kaniko-secret --from-file=kaniko-secret.json
+```
+
+Ensure you have the https://github.com/apache/camel-k/releases[*kamel* CLI] on your system path.
+
+You should now execute the following command to install cluster resources and the operator (in the current namespace):
+
+```
+kamel install --registry gcr.io --organization <<your-project-id>> --registry-secret kaniko-secret
+```
+
+Use the project id of your project on GKE. Usually this can be obtained from the connection string.
+
+NOTE: the project id is **NOT** the cluster id!
diff --git a/docs/modules/ROOT/pages/installation/registry/github.adoc b/docs/modules/ROOT/pages/installation/registry/github.adoc
new file mode 100644
index 0000000..3656d59
--- /dev/null
+++ b/docs/modules/ROOT/pages/installation/registry/github.adoc
@@ -0,0 +1,29 @@
+[[configuring-registry-github]]
+= Configuring a Github Packages Registry
+
+You can use a Github Packages registry to host your container images, in case your cluster doesn't provide a xref:installation/registry/registry.adoc[default registry].
+
+Login to Github, then navigate to `Settings -> Developer settings -> Personal access tokens`.
+Create a new token with the following permissions:
+
+* `repo` (all)
+* `write:packages`
+* `read:packages`
+* `delete:packages`
+
+Take note of the personal access token, you'll use it during installation. You also need to **choose a github repository** for hosting your images.
+
+To configure Camel K, install it using the following command:
+
+[source,bash]
+----
+kamel install --registry docker.pkg.github.com --organization github-user/repository --registry-auth-username github-user-id --registry-auth-password github-token
+----
+
+The `--registry-auth-username` and `--registry-auth-password` flags are used by the `kamel` CLI to create a Kubernetes secret
+that holds your credentials for authenticating against the Docker registry.
+
+In the general case, the `--registry-auth-server` should be used, but it can be omitted for Github because it's
+equal to the registry by default (`docker.pkg.github.com`).
+
+You're now ready to publish your integration. Images will be automatically published to Github Packages.
diff --git a/docs/modules/ROOT/pages/installation/registry/registry.adoc b/docs/modules/ROOT/pages/installation/registry/registry.adoc
new file mode 100644
index 0000000..967dd4a
--- /dev/null
+++ b/docs/modules/ROOT/pages/installation/registry/registry.adoc
@@ -0,0 +1,42 @@
+[[configuring-registry]]
+= Configuring Registry
+
+Every Camel K installation needs a container registry that that will be used to host integration container images.
+
+A **default registry** is present in all the following supported installations:
+
+* **OpenShift**: all OpenShift installations (including Minishift, CRC and real clusters) provide an internal container registry that is used for the S2I (source to image)
+ feature. Camel K is able to leverage that registry.
+* **Minikube**: Minikube comes with a "registry addon" that can be enabled upon installation (see xref:installation/minikube.adoc[install guide for Minikube ]). Camel K automatically detects the address of the registry and configures
+ it on the `IntegrationPlatform` when using the CLI (on `kamel install`).
+
+Other platforms do not provide a default container registry and need to be configured accordingly.
+
+Registry configuration can be set upon installation using command:
+
+[source,bash]
+----
+kamel install --registry registry-host.io --organization your-user-id-or-org --registry-secret the-push-kubernetes-secret-name
+----
+
+Alternatively, the same settings can be set in the `.spec.build.registry` section of the `IntegrationPlatform` resource.
+
+[source,yaml]
+----
+apiVersion: camel.apache.org/v1alpha1
+kind: IntegrationPlatform
+metadata:
+ labels:
+ app: camel-k
+ name: camel-k
+spec:
+ build:
+ registry:
+ address: registry-host.io
+ organization: your-user-id-or-org
+ secret: the-push-kubernetes-secret-name
+----
+
+Additional information on setting up registries can be found in the registry specific sub-section.
+
+NOTE: if your repository is not listed in any sub-section, you can try setting it up using the xref:installation/registry/dockerhub.adoc[instructions for Docker Hub].
diff --git a/pkg/builder/kaniko/publisher.go b/pkg/builder/kaniko/publisher.go
index a6dd4e5..734638b 100644
--- a/pkg/builder/kaniko/publisher.go
+++ b/pkg/builder/kaniko/publisher.go
@@ -58,7 +58,7 @@ var (
destination: "config.json",
}
secretKindStandardDocker = secretKind{
- fileName: ".dockercfg",
+ fileName: corev1.DockerConfigJsonKey,
mountPath: "/kaniko/.docker",
destination: "config.json",
}
diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go
index 35199a5..c3af624 100644
--- a/pkg/cmd/install.go
+++ b/pkg/cmd/install.go
@@ -67,7 +67,7 @@ func newCmdInstall(rootCmdOptions *RootCmdOptions) *cobra.Command {
cmd.Flags().StringVar(&impl.registry.Address, "registry", "", "A Docker registry that can be used to publish images")
cmd.Flags().StringVar(&impl.registry.Secret, "registry-secret", "", "A secret used to push/pull images to the Docker registry")
cmd.Flags().BoolVar(&impl.registry.Insecure, "registry-insecure", false, "Configure to configure registry access in insecure mode or not")
- cmd.Flags().StringVar(&impl.registryAuth.Provider, "registry-auth-provider", "", "The docker registry authentication provider")
+ cmd.Flags().StringVar(&impl.registryAuth.Server, "registry-auth-server", "", "The docker registry authentication server")
cmd.Flags().StringVar(&impl.registryAuth.Username, "registry-auth-username", "", "The docker registry authentication username")
cmd.Flags().StringVar(&impl.registryAuth.Password, "registry-auth-password", "", "The docker registry authentication password")
cmd.Flags().StringSliceVarP(&impl.properties, "property", "p", nil, "Add a camel property")
diff --git a/pkg/install/secret.go b/pkg/install/secret.go
index 2c12cd4..026b520 100644
--- a/pkg/install/secret.go
+++ b/pkg/install/secret.go
@@ -45,9 +45,9 @@ func RegistrySecretOrCollect(ctx context.Context, c client.Client, namespace str
Name: registrySecretName,
Namespace: namespace,
},
- Type: v1.SecretTypeDockercfg,
+ Type: v1.SecretTypeDockerConfigJson,
Data: map[string][]byte{
- ".dockercfg": secretData,
+ v1.DockerConfigJsonKey: secretData,
},
}
diff --git a/pkg/util/defaults/defaults.go b/pkg/util/defaults/defaults.go
index d9ee9eb..c3ba995 100644
--- a/pkg/util/defaults/defaults.go
+++ b/pkg/util/defaults/defaults.go
@@ -49,7 +49,7 @@ const (
QuarkusVersionConstraint = ">=0.27.0"
// KanikoVersion --
- KanikoVersion = "0.9.0"
+ KanikoVersion = "0.14.0"
// BaseImage --
BaseImage = "fabric8/s2i-java:3.0-java8"
diff --git a/pkg/util/registry/registry.go b/pkg/util/registry/registry.go
index bc79b90..a178d73 100644
--- a/pkg/util/registry/registry.go
+++ b/pkg/util/registry/registry.go
@@ -25,14 +25,14 @@ import (
)
var (
- knownProvidersByRegistry = map[string]string{
+ knownServersByRegistry = map[string]string{
"docker.io": "https://index.docker.io/v1/",
}
)
// Auth contains basic information for authenticating against a container registry
type Auth struct {
- Provider string
+ Server string
Username string
Password string
@@ -50,14 +50,14 @@ type dockerConfig struct {
// IsSet returns if information has been set on the object
func (a Auth) IsSet() bool {
- return a.Provider != "" ||
+ return a.Server != "" ||
a.Username != "" ||
a.Password != ""
}
// validate checks if all fields are populated correctly
func (a Auth) validate() error {
- if a.getActualProvider() == "" || a.Username == "" {
+ if a.getActualServer() == "" || a.Username == "" {
return errors.New("not enough information to generate a registry authentication file")
}
return nil
@@ -75,18 +75,18 @@ func (a Auth) GenerateDockerConfig() ([]byte, error) {
func (a Auth) generateDockerConfigObject() dockerConfigList {
return dockerConfigList{
map[string]dockerConfig{
- a.getActualProvider(): {
+ a.getActualServer(): {
a.encodedCredentials(),
},
},
}
}
-func (a Auth) getActualProvider() string {
- if a.Provider != "" {
- return a.Provider
+func (a Auth) getActualServer() string {
+ if a.Server != "" {
+ return a.Server
}
- if p, ok := knownProvidersByRegistry[a.Registry]; ok {
+ if p, ok := knownServersByRegistry[a.Registry]; ok {
return p
}
return a.Registry
diff --git a/pkg/util/registry/registry_test.go b/pkg/util/registry/registry_test.go
index fb6a298..166d87c 100644
--- a/pkg/util/registry/registry_test.go
+++ b/pkg/util/registry/registry_test.go
@@ -44,7 +44,7 @@ func TestAuth_GenerateDockerConfig(t *testing.T) {
a = Auth{
Username: "nic",
Password: "pass",
- Provider: "quay.io",
+ Server: "quay.io",
Registry: "docker.io",
}
conf, err = a.GenerateDockerConfig()
@@ -58,11 +58,11 @@ func TestAuth_Validate(t *testing.T) {
}.validate())
assert.NotNil(t, Auth{
- Provider: "quay.io",
+ Server: "quay.io",
}.validate())
assert.Nil(t, Auth{
Username: "nic",
- Provider: "quay.io",
+ Server: "quay.io",
}.validate())
}
diff --git a/script/Makefile b/script/Makefile
index 60699d4..c14e104 100644
--- a/script/Makefile
+++ b/script/Makefile
@@ -24,7 +24,7 @@ CAMEL_QUARKUS_VERSION := 0.3.1
CAMEL_QUARKUS_VERSION_CONSTRAINT := >=0.3.1
QUARKUS_VERSION := 0.27.0
QUARKUS_VERSION_CONSTRAINT := >=0.27.0
-KANIKO_VERSION := 0.9.0
+KANIKO_VERSION := 0.14.0
BASE_IMAGE := fabric8/s2i-java:3.0-java8
LOCAL_REPOSITORY := /tmp/artifacts/m2
IMAGE_NAME := docker.io/apache/camel-k