mirror of
https://github.com/tektoncd/catalog.git
synced 2024-11-22 06:02:51 +00:00
f3ebc33423
We don't really have a concept in Tekton of something called a "Workspace volume", but multiple READMEs now refer to it. This commit removes the term "Workspace volume" in favor of simply "Workspace". |
||
---|---|---|
.. | ||
.gitignore | ||
buildkit.yaml | ||
create-certs.sh | ||
deployment+service.privileged.yaml | ||
deployment+service.rootless.yaml | ||
README.md |
BuildKit
This Task builds source into a container image using Moby BuildKit.
See also buildkit-daemonless
for the daemonless version of this task.
Install
Step 0: Create mTLS secrets
You need to determine the SAN of the BuildKit daemon Service
and create mTLS certificates.
In this example, we use buildkitd
as the SAN.
$ ./create-certs.sh buildkitd
$ kubectl apply -f .certs/buildkit-daemon-certs.yaml
secret/buildkit-daemon-certs created
$ kubectl apply -f .certs/buildkit-client-certs.yaml
secret/buildkit-client-certs created
$ rm -rf .certs
Step 1: Deploy BuildKit daemon
Two types of the daemon manifests are included:
deployment+service.rootless.yaml
(recommended): Run the daemon as a non-root user. Using Ubuntu nodes is recommended. Needssysctl
configuration for Debian hosts and RHEL/CentOS 7 hosts. Does not work on Google COS.deployment+service.privileged.yaml
: Run the daemon as the root user withsecurityContext.privileged=true
. Try this version ifdeployment+service.rootless.yaml
does not work or too slow.
$ kubectl apply -f deployment+service.rootless.yaml
deployment.apps/buildkitd created
service/buildkitd created
The number of replicas can be adjusted as you like:
$ kubectl scale --replicas=10 deployment/buildkitd
See also BuildKit documentation for the further information about the manifests.
Step 2: Install the task
$ kubectl apply -f task.yaml
task.tekton.dev/buildkit created
Parameters
- DOCKERFILE: The path to the
Dockerfile
to execute (default:./Dockerfile
) - BUILDKIT_CLIENT_IMAGE: BuildKit client image (default:
moby/buildkit:vX.Y.Z@sha256:...
) - BUILDKIT_DAEMON_ADDRESS: BuildKit daemon address (default:
tcp://buildkitd:1234
) - BUILDKIT_CLIENT_CERTS: The name of Secret that contains
ca.pem
,cert.pem
,key.pem
for mTLS connection to BuildKit daemon (default:buildkit-client-certs
)
Workspaces
- source: A Workspace containing the source to build.
Resources
Outputs
- image: An
image
-typePipelineResource
specifying the image that should be built. Currently, generatingresourceResult
is not supported. (buildkit#993
)