AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dev/tekton/examples/example-bank/pipelines/ACKNOWLEDGEMENT.md Executable file
View File

@@ -0,0 +1 @@
Parts of this pipeline related to Sonarqube were borrowed from Siamak Sadeghianfar and his [work](https://github.com/siamaksade/tekton-cd-demo) on Tekton.

40
dev/tekton/examples/example-bank/pipelines/bank-pipelinerun.yaml Executable file
View File

@@ -0,0 +1,40 @@
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
generateName: bank-run-
spec:
pipelineRef:
name: example-bank
resources:
- name: bank-git
resourceSpec:
type: git
params:
- name: url
value: https://github.com/IBM/example-bank.git
- name: revision
value: main
- name: transaction-image
resourceSpec:
type: image
params:
- name: url
value: image-registry.openshift-image-registry.svc:5000/bank-infra/transaction
- name: user-image
resourceSpec:
type: image
params:
- name: url
value: image-registry.openshift-image-registry.svc:5000/bank-infra/user
- name: ui-image
resourceSpec:
type: image
params:
- name: url
value: image-registry.openshift-image-registry.svc:5000/bank-infra/ui
workspaces:
- name: local-maven-repo
persistentVolumeClaim:
claimName: maven-repo-pvc
serviceAccountName: pipeline

12
dev/tekton/examples/example-bank/pipelines/bank-pvc.yaml Executable file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: maven-repo-pvc
spec:
resources:
requests:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain

60
dev/tekton/examples/example-bank/pipelines/deployments/transaction.yaml Executable file
View File

@@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: transaction-service
labels:
app: transaction-service
spec:
replicas: 1
selector:
matchLabels:
app: transaction-service
template:
metadata:
labels:
app: transaction-service
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: transaction-service
image: ykoyfman/bank-transaction-service:1.0
imagePullPolicy: Always
ports:
- name: http-server
containerPort: 9080
envFrom:
- secretRef:
name: bank-db-secret
- secretRef:
name: bank-oidc-secret
env:
- name: USER_SERVICE_URL
value: "http://user-service:9080/bank/v1/users"
- name: KNATIVE_SERVICE_URL
value: "http://process-transaction.bank-renamed-no-mesh.svc.cluster.local"
- name: WLP_LOGGING_CONSOLE_LOGLEVEL
value: INFO
---
apiVersion: v1
kind: Service
metadata:
name: transaction-service
labels:
app: transaction-service
spec:
ports:
- port: 9080
targetPort: 9080
selector:
app: transaction-service
---
apiVersion: v1
kind: Route
metadata:
name: transaction-service
spec:
to:
kind: Service
name: transaction-service

53
dev/tekton/examples/example-bank/pipelines/deployments/ui.yaml Executable file
View File

@@ -0,0 +1,53 @@
---
apiVersion: v1
kind: Service
metadata:
name: mobile-simulator-service
labels:
app: mobile-simulator
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
type: LoadBalancer
selector:
app: mobile-simulator
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mobile-simulator-deployment
labels:
app: mobile-simulator
spec:
strategy:
type: Recreate
template:
metadata:
labels:
app: mobile-simulator
spec:
containers:
- image: anthonyamanse/mobile-simulator:example-bank-1.0
imagePullPolicy: Always
name: mobile-simulator
envFrom:
- secretRef:
name: mobile-simulator-secrets
env:
- name: PORT
value: '8080'
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Route
metadata:
name: mobile-simulator-service
spec:
to:
kind: Service
name: mobile-simulator-service

51
dev/tekton/examples/example-bank/pipelines/deployments/user.yaml Executable file
View File

@@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-service
labels:
app: user-service
spec:
replicas: 1
selector:
matchLabels:
app: user-service
template:
metadata:
labels:
app: user-service
spec:
containers:
- name: user-service
image: anthonyamanse/user-service:example-bank-1.0
imagePullPolicy: Always
ports:
- name: http-server
containerPort: 9080
envFrom:
- secretRef:
name: bank-db-secret
- secretRef:
name: bank-oidc-secret
---
apiVersion: v1
kind: Service
metadata:
name: user-service
labels:
app: user-service
spec:
ports:
- port: 9080
targetPort: 9080
selector:
app: user-service
---
apiVersion: v1
kind: Route
metadata:
name: user-service
spec:
to:
kind: Service
name: user-service

129
dev/tekton/examples/example-bank/pipelines/example-bank-pipeline.yaml Executable file
View File

@@ -0,0 +1,129 @@
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: example-bank
spec:
resources:
- name: bank-git
type: git
- name: transaction-image
type: image
- name: user-image
type: image
- name: ui-image
type: image
tasks:
- name: code-analysis
params:
- name: GOALS
value:
- install
- 'sonar:sonar'
- '-Dsonar.host.url=http://sonarqube:9000'
- '-Dsonar.userHome=/tmp/sonar'
- '-DskipITs'
- '-Darguments=-DskipITs'
resources:
inputs:
- name: source
resource: bank-git
taskRef:
kind: Task
name: maven
workspaces:
- name: maven-repo
workspace: local-maven-repo
- name: build-transaction
params:
- name: TLSVERIFY
value: 'false'
- name: MAVEN_ARGS_APPEND
value: '-pl :transaction-service -am package'
- name: PATH_CONTEXT
value: bank-app-backend/
resources:
inputs:
- name: source
resource: bank-git
outputs:
- name: image
resource: transaction-image
runAfter:
- code-analysis
taskRef:
kind: Task
name: s2i-java-8
- name: build-user
params:
- name: TLSVERIFY
value: 'false'
- name: MAVEN_ARGS_APPEND
value: '-pl :user-service -am package'
- name: PATH_CONTEXT
value: bank-app-backend/
resources:
inputs:
- name: source
resource: bank-git
outputs:
- name: image
resource: user-image
runAfter:
- code-analysis
taskRef:
kind: Task
name: s2i-java-8
- name: build-ui
params:
- name: TLSVERIFY
value: 'false'
resources:
inputs:
- name: source
resource: bank-git
outputs:
- name: image
resource: ui-image
runAfter:
- code-analysis
taskRef:
kind: Task
name: s2i-nodejs
- name: deploy-transaction
params:
- name: COMMANDS
value: >
oc apply -f
https://raw.githubusercontent.com/IBM/example-bank/main/bank-app-backend/transaction-service/deployment.yaml
-n example-bank
runAfter:
- build-transaction
taskRef:
kind: Task
name: openshift-client
- name: deploy-user
params:
- name: COMMANDS
value: >
oc apply -f
https://raw.githubusercontent.com/IBM/example-bank/main/bank-app-backend/user-service/deployment.yaml
-n example-bank
runAfter:
- build-user
taskRef:
kind: Task
name: openshift-client
- name: deploy-ui
params:
- name: COMMANDS
value: >
oc apply -f
https://raw.githubusercontent.com/IBM/example-bank/main/deployment.yaml
-n example-bank
runAfter:
- build-transaction
taskRef:
kind: Task
name: openshift-client
workspaces:
- name: local-maven-repo

113
dev/tekton/examples/example-bank/pipelines/sonarqube.yaml Executable file
View File

@@ -0,0 +1,113 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
labels:
app: sonarqube
app.kubernetes.io/component: sonarqube
app.kubernetes.io/instance: sonarqube
app.kubernetes.io/name: sonarqube
app.kubernetes.io/part-of: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
name: sonarqube
template:
metadata:
labels:
app: sonarqube
name: sonarqube
spec:
containers:
- name: sonarqube
imagePullPolicy: Always
image: docker.io/sonarqube:8-community-beta
ports:
- containerPort: 9000
protocol: TCP
volumeMounts:
- mountPath: /opt/sq/temp
name: sonarqube-temp
- mountPath: /opt/sq/conf
name: sonarqube-conf
- mountPath: /opt/sq/data
name: sonarqube-data
- mountPath: /opt/sq/extensions
name: sonarqube-extensions
- mountPath: /opt/sq/logs
name: sonarqube-logs
livenessProbe:
failureThreshold: 10
httpGet:
path: /
port: 9000
scheme: HTTP
initialDelaySeconds: 45
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 10
httpGet:
path: /
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: "1"
memory: 4Gi
requests:
cpu: 200m
memory: 512Mi
volumes:
- name: sonarqube-temp
emptyDir: {}
- name: sonarqube-conf
emptyDir: {}
- name: sonarqube-data
emptyDir: {}
- name: sonarqube-extensions
emptyDir: {}
- name: sonarqube-logs
emptyDir: {}
---
apiVersion: v1
kind: Route
metadata:
labels:
app: sonarqube
name: sonarqube
spec:
port:
targetPort: 9000-tcp
tls:
termination: edge
to:
kind: Service
name: sonarqube
weight: 100
wildcardPolicy: None
---
apiVersion: v1
kind: Service
metadata:
labels:
app: sonarqube
name: sonarqube
spec:
ports:
- name: 9000-tcp
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: sonarqube
name: sonarqube
type: ClusterIP

263
dev/tekton/examples/example-bank/pipelines/tasks/mvn-task-settings.yaml Executable file
View File

@@ -0,0 +1,263 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: maven-settings
data:
settings.xml: |
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
| This is the configuration file for Maven. It can be specified at two levels:
|
| 1. User Level. This settings.xml file provides configuration for a single user,
| and is normally provided in ${user.home}/.m2/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -s /path/to/user/settings.xml
|
| 2. Global Level. This settings.xml file provides configuration for all Maven
| users on a machine (assuming they're all using the same Maven
| installation). It's normally provided in
| ${maven.conf}/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -gs /path/to/global/settings.xml
|
| The sections in this sample file are intended to give you a running start at
| getting the most out of your Maven installation. Where appropriate, the default
| values (values used when the setting is not specified) are provided.
|
|-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ${user.home}/.m2/repository
<localRepository>/path/to/local/repo</localRepository>
-->
<!-- interactiveMode
| This will determine whether maven prompts you when it needs input. If set to false,
| maven will use a sensible default value, perhaps based on some other setting, for
| the parameter in question.
|
| Default: true
<interactiveMode>true</interactiveMode>
-->
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
|
| Default: false
<offline>false</offline>
-->
<!-- pluginGroups
| This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
| when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
| "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
|-->
<pluginGroups>
<!-- pluginGroup
| Specifies a further group identifier to use for plugin lookup.
<pluginGroup>com.your.plugins</pluginGroup>
-->
</pluginGroups>
<!-- proxies
| This is a list of proxies which can be used on this machine to connect to the network.
| Unless otherwise specified (by system property or command-line switch), the first proxy
| specification in this list marked as active will be used.
|-->
<proxies>
<!-- proxy
| Specification for one proxy, to be used in connecting to the network.
|
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
-->
</proxies>
<!-- servers
| This is a list of authentication profiles, keyed by the server-id used within the system.
| Authentication profiles can be used whenever maven must make a connection to a remote server.
|-->
<servers>
<!-- server
| Specifies the authentication information to use when connecting to a particular server, identified by
| a unique name within the system (referred to by the 'id' attribute below).
|
| NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
| used together.
|
<server>
<id>deploymentRepo</id>
<username>repouser</username>
<password>repopwd</password>
</server>
-->
<!-- Another sample, using keys to authenticate.
<server>
<id>siteServer</id>
<privateKey>/path/to/private/key</privateKey>
<passphrase>optional; leave empty if not used.</passphrase>
</server>
-->
</servers>
<!-- mirrors
| This is a list of mirrors to be used in downloading artifacts from remote repositories.
|
| It works like this: a POM may declare a repository to use in resolving certain artifacts.
| However, this repository may have problems with heavy traffic at times, so people have mirrored
| it to several places.
|
| That repository definition will have a unique id, so we can create a mirror reference for that
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
<mirror>
<id>mirrorId</id>
<mirrorOf>repositoryId</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://my.repository.com/repo/path</url>
</mirror>
-->
</mirrors>
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
| specific paths and repository locations which allow the build to work in the local environment.
|
| For example, if you have an integration testing plugin - like cactus - that needs to know where
| your Tomcat instance is installed, you can provide a variable here such that the variable is
| dereferenced during the build process to configure the cactus plugin.
|
| As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
| section of this document (settings.xml) - will be discussed later. Another way essentially
| relies on the detection of a system property, either matching a particular value for the property,
| or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
| value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
| Finally, the list of active profiles can be specified directly from the command line.
|
| NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
| repositories, plugin repositories, and free-form properties to be used as configuration
| variables for plugins in the POM.
|
|-->
<profiles>
<!-- profile
| Specifies a set of introductions to the build process, to be activated using one or more of the
| mechanisms described above. For inheritance purposes, and to activate profiles via <activatedProfiles/>
| or the command line, profiles have to have an ID that is unique.
|
| An encouraged best practice for profile identification is to use a consistent naming convention
| for profiles, such as 'env-dev', 'env-test', 'env-production', 'user-jdcasey', 'user-brett', etc.
| This will make it more intuitive to understand what the set of introduced profiles is attempting
| to accomplish, particularly when you only have a list of profile id's for debug.
|
| This profile example uses the JDK version to trigger activation, and provides a JDK-specific repo.
<profile>
<id>jdk-1.4</id>
<activation>
<jdk>1.4</jdk>
</activation>
<repositories>
<repository>
<id>jdk14</id>
<name>Repository for JDK 1.4 builds</name>
<url>http://www.myhost.com/maven/jdk14</url>
<layout>default</layout>
<snapshotPolicy>always</snapshotPolicy>
</repository>
</repositories>
</profile>
-->
<!--
| Here is another profile, activated by the system property 'target-env' with a value of 'dev',
| which provides a specific path to the Tomcat instance. To use this, your plugin configuration
| might hypothetically look like:
|
| ...
| <plugin>
| <groupId>org.myco.myplugins</groupId>
| <artifactId>myplugin</artifactId>
|
| <configuration>
| <tomcatLocation>${tomcatPath}</tomcatLocation>
| </configuration>
| </plugin>
| ...
|
| NOTE: If you just wanted to inject this configuration whenever someone set 'target-env' to
| anything, you could just leave off the <value/> inside the activation-property.
|
<profile>
<id>env-dev</id>
<activation>
<property>
<name>target-env</name>
<value>dev</value>
</property>
</activation>
<properties>
<tomcatPath>/path/to/tomcat/instance</tomcatPath>
</properties>
</profile>
-->
</profiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
<activeProfiles>
<activeProfile>alwaysActiveProfile</activeProfile>
<activeProfile>anotherAlwaysActiveProfile</activeProfile>
</activeProfiles>
-->
</settings>

40
dev/tekton/examples/example-bank/pipelines/tasks/mvn-task.yaml Executable file
View File

@@ -0,0 +1,40 @@
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: maven
spec:
workspaces:
- name: maven-repo
inputs:
params:
- name: GOALS
description: The Maven goals to run
type: array
default: ["package"]
- name: MAVEN_SETTINGS_CONFIGMAP
description: The configmap containing Maven settings.xml
type: string
default: maven-settings
resources:
- name: source
type: git
steps:
- name: mvn
image: gcr.io/cloud-builders/mvn
workingDir: /workspace/source/bank-app-backend
command: ["/usr/bin/mvn"]
args:
- -DskipITs
- -Dmaven.test.skip=true
- -Dmaven.repo.local=$(workspaces.maven-repo.path)
- -s
- /var/config/settings.xml
- "$(inputs.params.GOALS)"
volumeMounts:
- name: maven-settings
mountPath: /var/config
volumes:
- name: maven-settings
configMap:
name: $(inputs.params.MAVEN_SETTINGS_CONFIGMAP)

15
dev/tekton/examples/example-bank/pipelines/tasks/oc-task.yaml Executable file
View File

@@ -0,0 +1,15 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: openshift-client
spec:
inputs:
params:
- name: COMMANDS
type: string
steps:
- name: run-commands
image: quay.io/openshift/origin-cli:latest
script: |
#!/usr/bin/env bash
$(inputs.params.COMMANDS)

123
dev/tekton/examples/example-bank/pipelines/tasks/task-s2i-java.yaml Executable file
View File

@@ -0,0 +1,123 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: s2i-java-8
spec:
inputs:
params:
- default: .
description: The location of the path to run s2i from
name: PATH_CONTEXT
type: string
- default: 'true'
description: >-
Verify the TLS on the registry endpoint (for push/pull to a non-TLS
registry)
name: TLSVERIFY
type: string
- default: ''
description: Additional Maven arguments
name: MAVEN_ARGS_APPEND
type: string
- default: 'false'
description: Remove the Maven repository after the artifact is built
name: MAVEN_CLEAR_REPO
type: string
- default: ''
description: The base URL of a mirror used for retrieving artifacts
name: MAVEN_MIRROR_URL
type: string
resources:
- name: source
type: git
outputs:
resources:
- name: image
type: image
steps:
- args:
- |-
echo "MAVEN_CLEAR_REPO=$(inputs.params.MAVEN_CLEAR_REPO)" > env-file
[[ '$(inputs.params.MAVEN_ARGS_APPEND)' != "" ]] &&
echo "MAVEN_ARGS_APPEND=$(inputs.params.MAVEN_ARGS_APPEND)" >> env-file
[[ '$(inputs.params.MAVEN_MIRROR_URL)' != "" ]] &&
echo "MAVEN_MIRROR_URL=$(inputs.params.MAVEN_MIRROR_URL)" >> env-file
echo "Generated Env file"
echo "------------------------------"
cat env-file
echo "------------------------------"
command:
- /bin/sh
- '-c'
image: quay.io/openshift-pipeline/s2i
name: gen-env-file
resources: {}
volumeMounts:
- mountPath: /env-params
name: envparams
workingDir: /env-params
- command:
- s2i
- build
- $(inputs.params.PATH_CONTEXT)
- registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift
- '--image-scripts-url'
- 'image:///usr/local/s2i'
- '--as-dockerfile'
- /gen-source/Dockerfile.gen
- '--environment-file'
- /env-params/env-file
image: quay.io/openshift-pipeline/s2i
name: generate
resources: {}
volumeMounts:
- mountPath: /gen-source
name: gen-source
- mountPath: /env-params
name: envparams
workingDir: /workspace/source
- command:
- buildah
- bud
- '--tls-verify=$(inputs.params.TLSVERIFY)'
- '--layers'
- '-f'
- /gen-source/Dockerfile.gen
- '-t'
- $(outputs.resources.image.url)
- .
image: 'quay.io/buildah/stable:v1.11.4'
name: build
resources: {}
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- mountPath: /gen-source
name: gen-source
workingDir: /gen-source
- command:
- buildah
- push
- '--tls-verify=$(inputs.params.TLSVERIFY)'
- $(outputs.resources.image.url)
- 'docker://$(outputs.resources.image.url)'
image: 'quay.io/buildah/stable:v1.11.4'
name: push
resources: {}
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
volumes:
- emptyDir: {}
name: varlibcontainers
- emptyDir: {}
name: gen-source
- emptyDir: {}
name: envparams

83
dev/tekton/examples/example-bank/pipelines/tasks/task-s2i-nodejs.yaml Executable file
View File

@@ -0,0 +1,83 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: s2i-nodejs
spec:
inputs:
params:
- default: '8'
description: The version of the nodejs
name: VERSION
type: string
- default: .
description: The location of the path to run s2i from.
name: PATH_CONTEXT
type: string
- default: 'true'
description: >-
Verify the TLS on the registry endpoint (for push/pull to a non-TLS
registry)
name: TLSVERIFY
type: string
resources:
- name: source
type: git
outputs:
resources:
- name: image
type: image
steps:
- command:
- s2i
- build
- $(inputs.params.PATH_CONTEXT)
- registry.access.redhat.com/rhscl/nodejs-$(inputs.params.VERSION)-rhel7
- '--as-dockerfile'
- /gen-source/Dockerfile.gen
image: quay.io/openshift-pipeline/s2i
name: generate
resources: {}
volumeMounts:
- mountPath: /gen-source
name: gen-source
workingDir: /workspace/source
- command:
- buildah
- bud
- '--tls-verify=$(inputs.params.TLSVERIFY)'
- '--layers'
- '-f'
- /gen-source/Dockerfile.gen
- '-t'
- $(outputs.resources.image.url)
- .
image: 'quay.io/buildah/stable:v1.11.4'
name: build
resources: {}
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- mountPath: /gen-source
name: gen-source
workingDir: /gen-source
- command:
- buildah
- push
- '--tls-verify=$(inputs.params.TLSVERIFY)'
- $(outputs.resources.image.url)
- 'docker://$(outputs.resources.image.url)'
image: 'quay.io/buildah/stable:v1.11.4'
name: push
resources: {}
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
volumes:
- emptyDir: {}
name: varlibcontainers
- emptyDir: {}
name: gen-source