mirror/catalog
1
0
Fork 0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-22 06:02:51 +00:00
Code Issues Releases Activity
1ecf61b951
catalog/task/kaniko/0.3
History
vinamra28 e763a4473e Use latest git-clone in Task's tests 
With git-clone version 0.8 and onwards, it started running as non-root
and GKE clusters were having some issues, so, we temporarily moved all
tasks to use git-clone version 0.7. Ref: https://github.com/tektoncd/catalog/pull/1079

Since we have now moved to kind clusters in our CI, this issue is now
resolved and thus moving all tasks to use latest version of git-clone

Signed-off-by: vinamra28 <jvinamra776@gmail.com>
2023-09-22 09:32:22 +01:00
..
tests Use latest git-clone in Task's tests 2023-09-22 09:32:22 +01:00
kaniko.yaml Fix Result usage in Tasks 2023-05-22 09:07:10 +01:00
README.md [TEP-0110] Update Tekton Catalog installation instructions 2022-08-16 16:25:52 +01:00

README.md

Kaniko

This Task builds source into a container image using Google's kaniko tool.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

kaniko is meant to be run as an image, gcr.io/kaniko-project/executor:v1.5.1. This makes it a perfect tool to be part of Tekton.

Changelog

  • Replace ServiceAccount based authentication with a workspace based one. Tekton's built-in auth can be disabled, it can be hard to debug and it might not work for all type of credentials. Workspaces are available to all deployments, and can be bound to both secrets and PVCs.

Install the Task

kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/kaniko/0.3/raw

Parameters

  • IMAGE: The name (reference) of the image to build.
  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)
  • CONTEXT: The build context used by Kaniko (default: ./)
  • EXTRA_ARGS: Additional args to pass to the Kaniko executor.
  • BUILDER_IMAGE: The Kaniko executor image to use (default: gcr.io/kaniko-project/executor:v1.5.1)

Workspaces

  • source: A Workspace containing the source to build.
  • dockerconfig: An optional Workspace containing a Docker config.json

Results

  • IMAGE-DIGEST: The digest of the image just built.

Authentication to a Container Registry

kaniko builds an image and pushes it to the destination defined as a parameter. In order to properly authenticate to the remote container registry, it needs to have the proper credentials. This can achieved by using a workspace that contains the docker config.json.

When using a workspace, the workspace shall be bound to a secret that embeds the configuration file in a key called config.json.

Platforms

The Task can be run on linux/amd64 platform.

Usage

This TaskRun runs the Task to fetch a Git repo, and build and push a container image using Kaniko

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: example-run
spec:
  taskRef:
    name: kaniko
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source
  - name: dockerconfig
    secret:
      secretName: my-secret