Improve documentation for kaniko#2186
Conversation
Also, prevent users from specifying a docker-config by path and secret-name at the same time. Signed-off-by: Cornelius Weig <22861411+corneliusweig@users.noreply.github.com>
corneliusweig
requested review from
balopat,
dgageot,
nkubala,
priyawadhwa and
tejal29
as code owners
Codecov Report
@@ Coverage Diff @@
## master #2186 +/- ##
=========================================
+ Coverage 57.41% 58.1% +0.68%
=========================================
Files 187 188 +1
Lines 7905 7869 -36
=========================================
+ Hits 4539 4572 +33
+ Misses 2954 2924 -30
+ Partials 412 373 -39
Continue to review full report at Codecov.
|
priyawadhwa
left a comment
priyawadhwa
left a comment
There was a problem hiding this comment.
Thanks for improving these docs, they definitely need some love :)
Left a couple suggestions!
| {{< schema root="KanikoBuildContext" >}} | ||
|
|
||
| Since Kaniko must push images to a registry, it is required to set up cluster credentials. | ||
| For example, Google Cloud Build requires a service account secret with push and pull access: |
There was a problem hiding this comment.
After line 116, I think it would be useful to point people to the kaniko docs for more guidance in setting up a secret correctly. Then we can recommend that users put the name of that secret as the pullSecretName to provide authentication to the cluster (there are alternative paths as well, but this is the recommended path)
There was a problem hiding this comment.
Also, I think you meant Kubernetes instead of Google Cloud Build?
There was a problem hiding this comment.
Well, I think I meant "Google Container Registry".
There was a problem hiding this comment.
I removed the reference to GCB/GCR, because this is much better explained in the kaniko docs.
There was a problem hiding this comment.
Whoops that makes way more sense 😅 but cool, sgtm!
| ```yaml | ||
| build: | ||
| cluster: | ||
| pullSecret: path-to-service-account-key-file |
There was a problem hiding this comment.
Before this yaml snippet, we can say something like,
Another option is to directly supply a path to a credentials file using `pullSecret`
Signed-off-by: Cornelius Weig <22861411+corneliusweig@users.noreply.github.com>
|
@priyawadhwa At your convenience PTAL. |
priyawadhwa
added
kokoro:run
|
Please visit http://35.236.79.231:1313 to view changes to the docs. |
container-tools-bot
removed
the
docs-modifications
Signed-off-by: Cornelius Weig <22861411+corneliusweig@users.noreply.github.com>
|
Well I didn't realize that one of the options tables was broken. Can you take another look, @priyawadhwa? That refactoring was a split of |
|
@corneliusweig nice catch, yah I think a table for KanikoAritfact and a table for ClusterDetails makes sense. |
Signed-off-by: Cornelius Weig <22861411+corneliusweig@users.noreply.github.com>
|
@priyawadhwa Sorry it took so long. Can you have another look? |
priyawadhwa
added
the
docs-modifications
|
Please visit http://35.236.0.111:1313 to view changes to the docs. |
container-tools-bot
removed
the
docs-modifications
8 participants
Today, I finally tried out kaniko, but it was harder to get it working than it should be. Please have a look and see if this is correct (which I'm not entirely sure of) and helpful.
Also, prevent users from specifying a docker-config by path and secret-name at the same time.