Push
kustomizer push artifact
Push uploads Kubernetes manifests to a container registry.
Synopsis
The push command scans the given path for Kubernetes manifests or Kustomize overlays, builds the manifests into a multi-doc YAML, packages the YAML file into an OCI artifact and pushes the image to the container registry. The push command uses the credentials from '~/.docker/config.json'.
kustomizer push artifact [flags]
Examples
kustomizer push artifact <oci url> -k <overlay path> [-f <dir path>|<file path>]
# Build Kubernetes plain manifests and push the resulting multi-doc YAML to Docker Hub
kustomizer push artifact oci://docker.io/user/repo:$(git rev-parse --short HEAD) \
-f ./deploy/manifests \
--source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
# Build a Kustomize overlay and push the resulting multi-doc YAML to GitHub Container Registry
kustomizer push artifact oci://ghcr.io/user/repo:$(git tag --points-at HEAD) \
--kustomize="./deploy/production" \
--source="$(git config --get remote.origin.url)" \
--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
# Push to a local registry
kustomizer push artifact oci://localhost:5000/repo:latest -f ./deploy/manifests
# Push and sign artifact with cosign
export COSIGN_PASSWORD="<KEY-PASS>"
kustomizer push artifact oci://docker.io/user/repo:v1.0.0 -f ./deploy/manifests --sign --cosign-key ./keys/cosign.key
# Push and sign artifact with cosign and GitHub OIDC (GH Actions)
kustomizer push artifact oci://docker.io/user/repo:v1.0.0 -f ./deploy/manifests --sign
# Push encrypted artifact
kustomizer push artifact oci://docker.io/user/repo:v1.0.0 -f ./deploy/manifests --age-recipients ./keys/pub.txt
Options
--age-recipients string Path to a file containing one or more age recipients (public keys generated by age-keygen).
--cosign-key string Path to the consign private key file, KMS URI or Kubernetes Secret. When not specified, cosign will try to producing an identity token from the environment (GH Actions or GCP).
-f, --filename strings Path to Kubernetes manifest(s). If a directory is specified, then all manifests in the directory tree will be processed recursively.
-h, --help help for artifact
-k, --kustomize string Path to a directory that contains a kustomization.yaml.
-p, --patch strings Path to a kustomization file that contains a list of patches.
--revision string the source revision in the format '<branch|tag>/<commit-sha>'
--sign Sign the artifact with cosign.
--source string the source address, e.g. the Git URL
Options inherited from parent commands
--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string UID to impersonate for the operation.
--cache-dir string Default cache directory (default "/home/runner/.kube/cache")
--certificate-authority string Path to a cert file for the certificate authority
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
-n, --namespace string The inventory namespace. (default "default")
-s, --server string The address and port of the Kubernetes API server
--timeout duration The length of time to wait before giving up on the current operation. (default 1m0s)
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string Bearer token for authentication to the API server
--user string The name of the kubeconfig user to use
SEE ALSO
- kustomizer push - Push artifacts to container registries.