fabric8-maven-plugin
fabric8-maven-plugin copied to clipboard
fabric8io
Specifying pull secret for OpenShift S2I builds
Description
We have an enterprise Docker registry that requires authentication for pulling images. I'm trying to build a project that uses one of our enterprise base images in the FROM block, so I need to change the pull secret in the build-config. I've figured out how to do this on the command-line:
oc secrets new repo .dockerconfigjson=dockerconfig.json
oc secrets link builder repo
oc set build-secret --pull bc/project-name-s2i repo
oc start-build project-name-s2i --from-archive docker-build.tar
Is there a way for me to set the pull secret using the Fabric8 Maven plugin? I'm fine with continuing to create the secret within OpenShift manually (in fact, that's probably preferable for me), but I'd like to be able to tell it which secret to use.
Info
- f-m-p version : 3.5.33
- Maven version (
mvn -v) :
Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426; 2017-04-03T15:39:06-04:00)
Maven home: /opt/boxen/homebrew/Cellar/maven/3.5.0/libexec
Java version: 1.8.0_144, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.13.3", arch: "x86_64", family: "mac"
- Kubernetes / OpenShift setup and version : Minishift 1.13.0, OpenShift 3.7
- If it's a feature request, what is your use case : Reducing friction for onboarding developers into developing for OpenShift, using Minishift for local testing. We are in the midst of a large-scale OpenShift Container Platform deployment.
@rhuss : I looked up in documentation but seems like we don't have any option to set pull secret(only authentication via SSL/certificates). Do you think we should also provide this option??
This issue has been automatically marked as stale because it has not had any activity since 90 days. It will be closed if no further activity occurs within 7 days. Thank you for your contributions!
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had any activity since 90 days. It will be closed if no further activity occurs within 7 days. Thank you for your contributions!
We did some fixes on JKube to make this work.
There's a quickstart demonstrating how to accomplish this in a Quarkus-based project: https://github.com/eclipse/jkube/tree/master/quickstarts/maven/quarkus-customized-image
https://github.com/eclipse/jkube/blob/2547a6244aee2828036cc343fd8a1fa096bb4081/quickstarts/maven/quarkus-customized-image/pom.xml#L36
Due to new docker rate limit, I tied to set openshiftPullSecret to authenticate to dockerhub but no effect on the generated build config
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>fabric8-maven-plugin</artifactId>
<configuration>
<verbose>true</verbose>
<buildStrategy>docker</buildStrategy>
<openshiftPullSecret>myPullSecret</openshiftPullSecret>
<buildRecreate>all</buildRecreate>
<recreate>true</recreate>
<resources>
<openshiftBuildConfig>
<limits>
<cpu>500m</cpu>
<memory>1Gi</memory>
</limits>
</openshiftBuildConfig>
<labels>
<all>
<app>${project.artifactId}</app>
</all>
</labels>
</resources>
<images>
<image>
<name>${project.artifactId}</name>
<alias>spring-boot</alias>
<build>
<contextDir>${project.basedir}/src/main/docker</contextDir>
<optimise>true</optimise>
<ports>
<port>8080</port>
<port>8778</port>
<port>9779</port>
</ports>
<assembly>
<descriptorRef>artifact</descriptorRef>
</assembly>
<user>1000</user>
</build>
</image>
</images>
<enricher>
<config>
<f8-healthcheck-spring-boot>
<timeoutSeconds>5</timeoutSeconds>
</f8-healthcheck-spring-boot>
</config>
</enricher>
</configuration>
<executions>
<execution>
<id>all</id>
<goals>
<goal>resource</goal>
<goal>build</goal>
</goals>
</execution>
<execution>
<id>undeploy</id>
<phase>prepare-package</phase>
<goals>
<goal>undeploy</goal>
</goals>
<configuration>
<failOnError>false</failOnError>
</configuration>
</execution>
</executions>
</plugin>
Expected buid config
spec:
serviceAccount: builder
source:
type: Binary
binary: {}
strategy:
type: Docker
dockerStrategy:
from:
kind: DockerImage
name: 'fabric8/java-alpine-openjdk11-jdk:1.8.1'
pullSecret:
name: myPullSecret
but was
spec:
serviceAccount: builder
source:
type: Binary
binary: {}
strategy:
type: Docker
dockerStrategy:
from:
kind: DockerImage
name: 'fabric8/java-alpine-openjdk11-jdk:1.8.1'
Yes, when implementing this for JKube, there were a few bugs solved, that probably prevented this from working on FMP. Is it possible for you to migrate and use JKube instead?