Configurable CA certs for fetching FROM images
#2
Comments
ghost
mentioned this issue
vito
added a commit
that referenced
this issue
Jan 8, 2021
This adds 'image args', configurable with IMAGE_ARG_* - similar to
BUILD_ARG_*, only the value points to an image tarball.
The image tarball will be loaded and served by a local registry, and a
reference to the image in the local registry will be provided as the
build arg.
To use this, you must modify your Dockerfile like so:
ARG base_image=ubuntu
FROM ${base_image}
Then, when running oci-build-task, specify:
params:
IMAGE_ARG_base_image: ubuntu/image.tar
This will remain forward compatible if we ever switch to Kaniko (#46),
which would also require using build args as Kaniko image caching
requires a full digest to be specified in FROM.
fixes #1
closes #2
closes #3
closes #14
Signed-off-by: Alex Suraci <[email protected]>
|
This will no longer be needed with #52 - fetch using |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dependent on moby/moby#38303
Devil's advocate for not implementing this: there is overlap with the
registry-imageresource once it supports TLS configuration and once #1 lands. Should we encourage explicitly trackingFROMimages as resources instead of supporting the same overlapping feature set? Tasks shouldn't be fetching things willy-nilly anyway. Tracking it as a resource would provide caching and explicit version management.The text was updated successfully, but these errors were encountered: