Closed kvijai82 closed 4 years ago
@kvijai82 Hi Vijai, are you on track to completing by the end of the week(friday, May 1st)?
@mingcyu yes I have the first pass done.
The following guide will walk you through the steps needed to run a pipeline to build your application, publish the image to a registry, and optionally deploy the application on your cluster.
kabanero-pipelines
repo.
java-openliberty-build-deploy-pl
, that is activated by the Kabanero operator. You can replace this with any of the other build-deploy-pl or your custom pipeline.oc apply nfs-pv.yaml
Secrets
section of https://kabanero.io/guides/working-with-pipelines/#getting-started.kabanero-pipeline
service account is setup with the appropriate permissions.Secrets
section of https://kabanero.io/guides/working-with-pipelines/#getting-started to setup a secret for your registry.oc get apposodyapplications
or check your pods to see your application pod running.a. To find what is the service account of your application
# oc get deployments -n kabanero
NAME READY UP-TO-DATE AVAILABLE AGE
codeready-operator 1/1 1 1 28h
java-microprofile-0-2-26 1/1 1 1 25h
kabanero-cli 1/1 1 1 28h
kabanero-landing 1/1 1 1 28h
kabanero-operator 1/1 1 1 28h
kabanero-operator-admission-webhook 1/1 1 1 28h
kabanero-operator-collection-controller 1/1 1 1 28h
kabanero-operator-stack-controller 1/1 1 1 28h
Based on above results and the pipeline I ran the deployment was for java-microprofile-0-2-26
. Note it down.
b. Use the above deployment name to find the serviceaccount
oc get deployments java-microprofile-0-2-26 -o yaml --output="jsonpath={.spec.template.spec.serviceAccount}"
java-microprofile-0-2-26
Note the serviceaccount, and to this serviceaccount you would need to link your secret which we will create further.
c. Now if you are running with internal image registry external route for example hostnamedefault-route-openshift-image-registry.apps.abc.com
then you follow this step
You need to find a token using any serviceaccount other than one found in step a, which will be a password for creation of secret later.
oc get secret -o name | grep -m 1 kabanero-pipeline-token | xargs oc describe
Name: kabanero-pipeline-token-7f59v
Namespace: kabanero
Labels: <none>
Annotations: kubernetes.io/created-by: openshift.io/create-dockercfg-secrets
kubernetes.io/service-account.name: kabanero-pipeline
kubernetes.io/service-account.uid: 26bfb3ef-1334-4033-acd6-c8bc32dd1ba4
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 5932 bytes
namespace: 8 bytes
service-ca.crt: 7133 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkZiTVVvUkhENlJjdFJsa0ZLdF9xd2lFX0piRVVkMHh5RjVoV2JCOFhvTkEifQ.eyJpc3MiOiJrdWJlcm5ld
Note: Here we used serviceaccount kabanero-pipeline
to generate its token since this serviceaccount has right permissions to access internal registry.
d. If you are running with your private image registry you do not need to follow step c of token creation, and you need to use your password of the private registry as your password while creating secret shown further.
e. Now create a secret for your image registry based on your registry url.
oc -n kabanero create secret docker-registry [name of secret] --docker-server=[your registry hostname URL] --docker-username=[your registry username] --docker-password=[your registry password]
example for internal image registry external route:
oc -n kabanero create secret docker-registry my-registry --docker-server=default-route-openshift-image-registry.apps.abc.com --docker-username=kabanero-pipeline --docker-password=[token value found earlier]
secret/my-registry created
example for private registry
oc -n kabanero create secret docker-registry my-registry --docker-server=team-image-registry-docker-local.com --docker-username=[registry username] --docker-password=[registry password]
f. Finally link your secret to the application deployment serviceaccount as below
$oc -n kabanero secrets link [deployment serviceaccount ] [secret name] --for=pull,mount
example :
$oc -n kabanero secrets link java-microprofile-0-2-26 my-registry --for=pull,mount
oc get routes
for example) and test your application.@kvijai82 has opened an issue in docs repo for this guide to be updated: https://github.com/kabanero-io/docs/issues/403
Delivered content to doc team
This would also cover using the OCP internal registry with the external route.