Open surajssd opened 1 year ago
Or we completely switch to building from a docker image.
I'd say this is a good idea. Having two ways to do something often leads to situations where things only work/are tested on one way.
Or we completely switch to building from a docker image.
I'd say this is a good idea. Having two ways to do something often leads to situations where things only work/are tested on one way.
I agree. Just that when we use the local credentials of the az cli
we may have to mount ~/.azure
directory so that packer can use that.
Why can't we mount the env variables into the container instead, as we already do in the current container building workflow?
Why can't we mount the env variables into the container instead, as we already do in the current container building workflow?
We can expose it like that. What about the way in which local credential support is needed? When we don't create a service principal but use the local credentials that user already has, fetched via az login
, packer can use them to do the build. We are adding support for that feature here: https://github.com/confidential-containers/cloud-api-adaptor/pull/973.
This is also a desirable feature for the Azure provider CI for CAA. There we are not creating any service principal we are using managed identity. So we don't have any "secrets". But the gh action for azure login does some magic and fetches the credentials and saves it locally in the ~/.azure
directory. Now the packer running inside the container may not have access to this folder, so we should make this accessible to the container.
We don't mention this that kata-containers repository should be at the same level as CAA repository in the Azure documentation. We should do that.
Or we completely switch to building from a docker image. But I wonder how the
az login
will work from the CI 🤔.