From 1fbe544ee4dd90ffc56955b27a83012607b2632c Mon Sep 17 00:00:00 2001
From: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
Date: Thu, 10 Oct 2019 20:41:23 +0100
Subject: [PATCH] Use a local registry in build-push-kaniko

This is a first step in making our E2E tests more portable and less
dependent on resources outside of the k8s cluster they run into.

This changes the build-push-kaniko taskrun example.
There is a lot of infra setup required to make sure that the service
account used by test is able to push to a registry. The test script
replaces the image URL in the resource with the content of the
KO_DOCKER_REPO environment variable. If that is a gcr.io url then
the service account must be setup for access to it.

The updated version runs a local registry as a sidecar in the pod.
The task now can push to localhost:5000. The port is not exposed
outside of the pod so there is no risk of interference with other
tests.

Partially fixes #1372
---
 examples/taskruns/build-push-kaniko.yaml | 25 ++++--------------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/examples/taskruns/build-push-kaniko.yaml b/examples/taskruns/build-push-kaniko.yaml
index 532d5f108a4..5d1bc0c6562 100644
--- a/examples/taskruns/build-push-kaniko.yaml
+++ b/examples/taskruns/build-push-kaniko.yaml
@@ -6,23 +6,7 @@ spec:
   type: image
   params:
   - name: url
-    value: gcr.io/christiewilson-catfactory/leeroy-web # Replace this URL with $KO_DOCKER_REPO
----
-# This demo modifies the cluster (deploys to it) you must use a service
-# account with permission to admin the cluster (or make your default user an admin
-# of the `default` namespace with default-cluster-admin.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: default-cluster-admin
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
+    value: localhost:5000/leeroy-web
 ---
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
@@ -60,16 +44,15 @@ spec:
   steps:
   - name: build-and-push
     image: gcr.io/kaniko-project/executor:v0.9.0
-    # specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
-    env:
-    - name: "DOCKER_CONFIG"
-      value: "/builder/home/.docker/"
     command:
     - /kaniko/executor
     args:
     - --dockerfile=$(inputs.params.pathToDockerFile)
     - --destination=$(outputs.resources.builtImage.url)
     - --context=$(inputs.params.pathToContext)
+  sidecars:
+    - image: registry
+      name: registry
 ---
 apiVersion: tekton.dev/v1alpha1
 kind: TaskRun