diff --git a/architecture/core_objects/builds.adoc b/architecture/core_objects/builds.adoc index 6e8b049f1628..1ad658dbc534 100644 --- a/architecture/core_objects/builds.adoc +++ b/architecture/core_objects/builds.adoc @@ -68,7 +68,7 @@ by pods that run a build. supports Git. <4> *strategy* describes which build type is invoked along with build type specific details. -<5> *gitHub* triggers are Github-specific webhooks that specify which repository +<5> *github* triggers are GitHub-specific webhooks that specify which repository changes, such as a new commit, should invoke a new build. This trigger is specific to the GitHub API. <6> *generic* triggers are similar to GitHub webhooks in that they invoke a new @@ -143,13 +143,14 @@ with embedded build process logic, such as building RPMs or building base Docker images. [#using-docker-credentials-for-pushing-and-pulling-images] -== Using Docker Credentials for Pushing and Pulling Images +== Using Docker Credentials to Push and Pull Images -Supply the `.dockercfg` file with valid Docker Registry credentials in order to push the output image into a private Docker Registry or pull the -builder image from the private Docker Registry that requires authentication. +Supply the `.dockercfg` file with valid Docker Registry credentials in order to +push the output image into a private Docker Registry or pull the builder image +from the private Docker Registry that requires authentication. -The *_.dockercfg_* JSON file exists in your home directory by default and has -following format: +The *_.dockercfg_* JSON file is found in your home directory by default and has +the following format: ==== @@ -169,24 +170,22 @@ following format: You can define multiple Docker registry entries in this file. Alternatively, you can also add authentication entries to this file by running the `docker login` -command. The file will be created if it does not exist. - -Kubernetes provides the -https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md[Secret] -resource, which is used to store your configuration and passwords. You must -first create the `*Secret*` before builds can use your *_.dockercfg_* file for -pushing the output image: +command. The file will be created if it does not exist. Kubernetes provides +https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md[Secrets], +which are used to store your configuration and passwords. +. Before builds can use your *_.dockercfg_* file for pushing the output image, +create the `*Secret*`: ++ ==== ---- $ osc create -f secret.json ---- ==== -The `*data*` field for the `*Secret*` object must contain the `*dockercfg*` key -with the value set to the base64-encoded content of the *_.dockercfg_* file. For -example: - +. The `*data*` field in the `*Secret*` must contain the `*dockercfg*` value set +to the base64-encoded content of the *_.dockercfg_* file. For example: ++ ==== ---- @@ -204,10 +203,10 @@ example: ---- ==== -Once you have the `*Secret*` created, you can add a `PushSecret` field into the -`Output` section of the `BuildConfig` and set it to the name of the `*Secret*` -that you created, which in the above example is `*dockerhub*`: - +. Add a `PushSecret` field to the `output` section of the `BuildConfig` and +set it to the name of the `*Secret*` created in step one. As in the above +example, the following uses `*dockerhub*`: ++ ==== ---- "parameters": { @@ -223,9 +222,9 @@ that you created, which in the above example is `*dockerhub*`: ---- ==== -Pull the builder Docker image from a private Docker registry by specifying the +. Pull the Docker build image from a private Docker registry by specifying the `PullSecret` field, which is part of the build strategy definition: - ++ ==== ---- { @@ -246,7 +245,7 @@ Pull the builder Docker image from a private Docker registry by specifying the ==== [#using-private-repositories-for-builds] -== Using Private Repositories for Builds +== Accessing Private Repositories for Builds Using SSH Supply valid credentials to build an application from a private repository. Currently, only SSH key based authentication is supported. The repository keys @@ -269,11 +268,21 @@ key will be used to access your private repository. The https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md[Secret] -resource is used to store your keys. Create the `*Secret*` first before using -the ssh key to access the private repository. The `*data*` field for the -`*Secret*` object must contain your private key with the value set to the -base64-encoded content of that file: +resource is used to store your keys. + +. Create the `*Secret*` before using the ssh key to access the private +repository. ++ +==== +---- +$ osc create -f secret.json +---- +==== +. The `*data*` field in the `*_secret.json_*` file must contain your private key +with the value set to the base64-encoded content of that file. Find the desired +value with the following command: ++ ==== ---- @@ -281,10 +290,9 @@ $ base64 -w 0 $HOME/.ssh/id_rsa 6yJodHRwc1ovL2zuZGV4LmRvY21lci5aby92MS8iOnsiYXV0aCI6ImJXWnZhblJwYXpwdVoybGxkR2d4TUE9PSIsImVtYWlsIj8ibWlAbWlmby5zayJ9fQ== ---- ==== - -Copy the value returned from the above command and place it into the -`ssh-privatekey` field in `*_secret.json_*` file: - ++ +Then enter the value into the `ssh-privatekey` field in the `*_secret.json_*` file: ++ ==== ---- @@ -302,19 +310,19 @@ Copy the value returned from the above command and place it into the ---- ==== -Then, create the `*Secret*` from the *_secret.json_* file using the following +. Create the `*Secret*` from the *_secret.json_* file using the following command: - ++ ==== ---- $ osc create -f secret.json ---- ==== -Add a `SourceSecret` field into the `Source` section inside the `BuildConfig` +. Add a `SourceSecret` field into the `Source` section inside the `BuildConfig` and set it to the name of the `*Secret*` that you created, in this case `*scmsecret*`: - ++ ==== ---- @@ -332,7 +340,7 @@ and set it to the name of the `*Secret*` that you created, in this case }, "source": { "git": { - "uri": "git@repository.com:user/app.git" + "uri": "git@repository.com:user/app.git" <1> }, "sourceSecret": { "name": "scmsecret" @@ -350,9 +358,6 @@ and set it to the name of the `*Secret*` that you created, in this case } } ---- -==== - -[NOTE] -==== -The URL of private repository is usually in the form `git@example.com:username/repository` +<1> The URL of private repository, usually in the form +`git@example.com:username/repository` ====