Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support service account authorization #151

Closed
bobcatfish opened this issue Oct 12, 2018 · 1 comment · Fixed by #165
Closed

Support service account authorization #151

bobcatfish opened this issue Oct 12, 2018 · 1 comment · Fixed by #165
Labels
meaty-juicy-coding-work This task is mostly about implementation!!! And docs and tests of course but that's a given

Comments

@bobcatfish
Copy link
Collaborator

Expected Behavior

In PipelineParams, we have a ServiceAccount field, which should be passed to the build) when creating Tasks.

  • We should have docs on how to use this (and/or link to knative build docs)
  • We should have integration test coverage

Actual Behavior

We do nothing with the the ServiceAccount field.

Steps to Reproduce the Problem

You could reproduce the issue by trying to do something like push to an image repo that your user is not authorized to push to (see #144)
@bobcatfish bobcatfish mentioned this issue Oct 12, 2018
Closed
@bobcatfish bobcatfish added the meaty-juicy-coding-work This task is mostly about implementation!!! And docs and tests of course but that's a given label Oct 12, 2018
@shashwathi
Copy link
Contributor

/assign @shashwathi

@bobcatfish bobcatfish mentioned this issue Oct 16, 2018
Merged
tanner-bruce pushed a commit to tanner-bruce/build-pipeline that referenced this issue Oct 16, 2018
Ensure kaniko e2e test pushes image to registry
d987d1e 
Adds `github.com/google/go-containerregistry` as a dependency for
accessing container registries

Adds `KANIKO_SECRET_CONFIG_FILE` for adding a service account to the
kaniko task when running e2e test locally to ensure kaniko is able
to push to a gcr.io registry.. This is necessary for running the e2e
tests locally unless the kubernetes nodes provide another way of
authenticating to the registry, such as provisioning them with a
storage admin scope.

Once tektoncd#151 is in place, we will be able to update this code to create
a service account and use that in the BuildSpec.

Fixes tektoncd#150
tanner-bruce pushed a commit to tanner-bruce/build-pipeline that referenced this issue Oct 17, 2018
Ensure kaniko e2e test pushes image to registry
ddbb90f 
Adds `github.com/google/go-containerregistry` as a dependency for
accessing container registries

Adds `KANIKO_SECRET_CONFIG_FILE` for adding a service account to the
kaniko task when running e2e test locally to ensure kaniko is able
to push to a gcr.io registry.. This is necessary for running the e2e
tests locally unless the kubernetes nodes provide another way of
authenticating to the registry, such as provisioning them with a
storage admin scope.

Once tektoncd#151 is in place, we will be able to update this code to create
a service account and use that in the BuildSpec.

Fixes tektoncd#150
knative-prow-robot pushed a commit that referenced this issue Oct 17, 2018
@knative-prow-robot
Ensure kaniko e2e test pushes image to registry
4089e04 
Adds `github.com/google/go-containerregistry` as a dependency for
accessing container registries

Adds `KANIKO_SECRET_CONFIG_FILE` for adding a service account to the
kaniko task when running e2e test locally to ensure kaniko is able
to push to a gcr.io registry.. This is necessary for running the e2e
tests locally unless the kubernetes nodes provide another way of
authenticating to the registry, such as provisioning them with a
storage admin scope.

Once #151 is in place, we will be able to update this code to create
a service account and use that in the BuildSpec.

Fixes #150
@shashwathi shashwathi mentioned this issue Oct 18, 2018
Merged
sthaha pushed a commit to sthaha/build-pipeline that referenced this issue Oct 30, 2019
@openshift-merge-robot
Merge pull request tektoncd#151 from hrishin/prometheous-config
9e7bd44 
Adds OpenShift monitoring config
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
meaty-juicy-coding-work This task is mostly about implementation!!! And docs and tests of course but that's a given
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set Service Account on Task run shashwathi/build-pipeline
2 participants
@bobcatfish @shashwathi