英文:
Kaniko with Azure Devops Context
问题
我正在尝试在Kubernetes上运行kaniko构建。
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args: ["--context=https://dev.azure.com/,
"--destination=build:1.0.0",
"--dockerfile=dockerfile"]
源代码存储库位于Azure DevOps上,只能通过HTTP或SSH访问。
据我了解,我需要设置http.extraHeader以使用PAT身份验证。
git -c http.extraHeader="Authorization: Basic ${B64_PAT}" clone https://dev.azure.com/yourOrgName/yourProjectName/_git/yourRepoName
是否有一种通过环境变量或kaniko-project/executor的包装来处理身份验证的方式?
我尝试过
ssh://PAT@repo
和环境变量GIT_TOKEN、GIT_USERNAME、GIT_PASSWORD的组合。
英文:
I am trying to run kaniko builds on Kubernetes.
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args: ["--context=https://dev.azure.com/,
"--destination=build:1.0.0",
"--dockerfile=dockerfile"]
The source repo is on azure devops and only reachable via http or ssh
As far as i understand, i will have set http.extraHeader to use PAT authentication
git -c http.extraHeader="Authorization: Basic ${B64_PAT}" clone https://dev.azure.com/yourOrgName/yourProjectName/_git/yourRepoName
Is there a way to handle the authentication via environment variables or some kind of wrapper for kaniko-project/executor?
I tried
ssh://PAT@repo
and env variables GIT_TOKEN, GIT_USERNAME, GIT_PASSWORD combinations
答案1
得分: 0
Short answer: 是的,可以在Azure DevOps上使用Kaniko。
Detailed answer:
Kaniko在底层使用了"go-git"库(因为Kaniko是用Go语言编写的)。在我回答这个问题的时候,Kaniko无法从Azure DevOps仓库中获取源代码,因为看起来go-git不支持Azure DevOps的git仓库(它没有实现Azure DevOps使用的"multi-ack"协议)。
解决这个问题的方法是使用一个"initContainer",其中可以使用任何你想要的镜像进行"git clone"操作,然后让Kaniko在此之后使用它。以下是一个链接,可以帮助你(以及阅读这篇帖子的其他人)实现这个组合:https://github.com/GoogleContainerTools/kaniko/issues/719#issuecomment-1283407534
以下是我用来实现这一点的示例代码:
# 用于git克隆源代码的initContainer
initContainers:
- name: git-clone
image: alpine:3.18.0
command: ["sh", "-c"]
args:
- |
apk add --no-cache git && \
AUTH=$(echo -n ":$PAT_TOKEN" | base64) && \
git -c http.extraHeader="Authorization: Basic $AUTH" clone --depth 1 $(Build.Repository.Uri) /workspace
env:
- name: GIT_TERMINAL_PROMPT
value: "0"
- name: PAT_TOKEN
value: YOUR_SECRET # 或者从Secrets中获取更安全
volumeMounts:
- name: build-context
mountPath: /workspace
# Kaniko容器
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args:
- "--dockerfile=Dockerfile"
- "--context=dir:///workspace"
- "--destination=build:1.0.0"
volumeMounts:
- name: build-context
mountPath: /workspace
restartPolicy: Never
volumes:
- name: build-context
emptyDir: {}
在这个示例代码中,我使用initContainer来获取我的仓库的源代码,并填充"/workspace"文件夹。Kaniko(主容器)和"initContainer"都使用这个卷,因为它在两侧都被挂载(volumeMounts)。当然,根据你的需要进行调整。
英文:
Short answer: Yes it's possible to use Kaniko with Azure DevOps context.
Detailed answer:
Kaniko uses under the hood "go-git" library (because Kaniko is written with Go language). At this time of writing this answer, it's not possible for Kaniko to fetch the source code from Azure DevOps repository because it appears that go-git does not work with Azure DevOps git repos (it doesn't implement "multi-ack" protocol which is used by Azure DevOps).
The workaround of this is to use an "initContainer" with any image you want where you can "git clone" your repo and let Kaniko consume it afterwards.
Here's a link that can help you (and anyone else reading this post) to achieve this combination: https://github.com/GoogleContainerTools/kaniko/issues/719#issuecomment-1283407534
Here's a sample code of how it helped me achieve that:
# Init container to git clone the source code
initContainers:
- name: git-clone
image: alpine:3.18.0
command: ["sh", "-c"]
args:
- |
apk add --no-cache git && \
AUTH=$(echo -n ":$PAT_TOKEN" | base64) && \
git -c http.extraHeader="Authorization: Basic $AUTH" clone --depth 1 $(Build.Repository.Uri) /workspace
env:
- name: GIT_TERMINAL_PROMPT
value: "0"
- name: PAT_TOKEN
value: YOUR_SECRET # Or coming from Secrets it's better
volumeMounts:
- name: build-context
mountPath: /workspace
# Kaniko container
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args:
- "--dockerfile=Dockerfile"
- "--context=dir:///workspace"
- "--destination=build:1.0.0"
volumeMounts:
- name: build-context
mountPath: /workspace
restartPolicy: Never
volumes:
- name: build-context
emptyDir: {}
In this sample code, I use the initContainer to fetch the source code of my repo and populate the "/workspace" folder. Both Kaniko (main container) and "initContainer" use this volume as it is mounted on both sides (volumeMounts).
Of course, feel free to adapt to your needs.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论