From 46df555ebe766ef00738aee2df3fc652976566f5 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Sun, 3 May 2020 12:00:28 -0700 Subject: [PATCH 1/2] test images: Adds step for fetching Windows image builder certificates The google cloud builder job is launched without the required Windows Image Builder nodes certificates that are needed for authentication when building the Windows container images. Adds a step in test/images/cloudbuild.yaml that fetches a secret containing the certificates. --- test/images/cloudbuild.yaml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/test/images/cloudbuild.yaml b/test/images/cloudbuild.yaml index 0408b7e891b..9a5037a325c 100644 --- a/test/images/cloudbuild.yaml +++ b/test/images/cloudbuild.yaml @@ -9,6 +9,22 @@ options: substitution_option: ALLOW_LOOSE machineType: 'N1_HIGHCPU_8' steps: + - name: gcr.io/cloud-builders/gcloud + entrypoint: 'bash' + # NOTE(claudiub): We need to get the ca.pem, cert.pem, key.pem files and put create the + # /certs/.docker-1809/, /certs/.docker-1903/, /certs/.docker-1909/ folders, which will contain the files. + args: + - -c + - 'mkdir .docker/windows &&\ + gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_ca-pem > .docker-windows/ca.pem &&\ + gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_cert-pem > .docker-windows/cert.pem &&\ + gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_key-pem > .docker-windows/key.pem &&\ + cp -r .docker-windows /certs/.docker-1809 && \ + cp -r .docker-windows /certs/.docker-1903 && \ + cp -r .docker-windows /certs/.docker-1909' + volumes: + - name: 'certs' + path: '/certs' - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4' entrypoint: make dir: ./test/images/ @@ -18,13 +34,15 @@ steps: - BASE_REF=$_PULL_BASE_REF - WHAT=$_WHAT - REGISTRY=gcr.io/k8s-staging-e2e-test-images - - DOCKER_CERT_BASE_PATH=/root + - DOCKER_CERT_BASE_PATH=/certs - REMOTE_DOCKER_URL_1809=tcp://img-promoter-1809.eastus.cloudapp.azure.com:2376 - REMOTE_DOCKER_URL_1903=tcp://img-promoter-1903.eastus.cloudapp.azure.com:2376 - REMOTE_DOCKER_URL_1909=tcp://img-promoter-1909.eastus.cloudapp.azure.com:2376 - # TODO(claudiub): Readd the REMOTE_DOCKER_URL_${os_version} to reenable the Windows test image building process. args: - all-build-and-push + volumes: + - name: 'certs' + path: '/certs' substitutions: # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and # can be used as a substitution From abe8bea5296211d58ab7a58940c3a0de9b23f638 Mon Sep 17 00:00:00 2001 From: Claudiu Belu <1552519+claudiubelu@users.noreply.github.com> Date: Tue, 9 Jun 2020 14:05:33 +0300 Subject: [PATCH 2/2] Fixes test images cloudbuild.yaml secret fetching Co-authored-by: Aaron Crickenberger --- test/images/cloudbuild.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/test/images/cloudbuild.yaml b/test/images/cloudbuild.yaml index 9a5037a325c..9384694338f 100644 --- a/test/images/cloudbuild.yaml +++ b/test/images/cloudbuild.yaml @@ -15,13 +15,14 @@ steps: # /certs/.docker-1809/, /certs/.docker-1903/, /certs/.docker-1909/ folders, which will contain the files. args: - -c - - 'mkdir .docker/windows &&\ - gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_ca-pem > .docker-windows/ca.pem &&\ - gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_cert-pem > .docker-windows/cert.pem &&\ - gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_key-pem > .docker-windows/key.pem &&\ - cp -r .docker-windows /certs/.docker-1809 && \ - cp -r .docker-windows /certs/.docker-1903 && \ - cp -r .docker-windows /certs/.docker-1909' + - | + mkdir -p .docker-windows + gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_ca-pem > .docker-windows/ca.pem + gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_cert-pem > .docker-windows/cert.pem + gcloud secrets versions access latest --project=k8s-infra-prow-build-trusted --secret=windows-remote-docker_key-pem > .docker-windows/key.pem + cp -r .docker-windows /certs/.docker-1809 + cp -r .docker-windows /certs/.docker-1903 + cp -r .docker-windows /certs/.docker-1909 volumes: - name: 'certs' path: '/certs'