mirror/catalog
1
0
Fork 0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-25 06:17:50 +00:00
Code Issues Releases Activity
1ecf61b951
catalog/task/kaniko/0.5
History
vinamra28 e763a4473e Use latest git-clone in Task's tests 
With git-clone version 0.8 and onwards, it started running as non-root
and GKE clusters were having some issues, so, we temporarily moved all
tasks to use git-clone version 0.7. Ref: https://github.com/tektoncd/catalog/pull/1079

Since we have now moved to kind clusters in our CI, this issue is now
resolved and thus moving all tasks to use latest version of git-clone

Signed-off-by: vinamra28 <jvinamra776@gmail.com>
2023-09-22 09:32:22 +01:00
..
tests Use latest git-clone in Task's tests 2023-09-22 09:32:22 +01:00
kaniko.yaml Fix Result usage in Tasks 2023-05-22 09:07:10 +01:00
README.md

README.md

Kaniko

This Task builds source into a container image using Google's kaniko tool.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

kaniko is meant to be run as an image, gcr.io/kaniko-project/executor:v1.5.1. This makes it a perfect tool to be part of Tekton.

Changelog

  • Use --digest-file flag to create the Results with the digest of a built image

Install the Task

kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/kaniko/0.5/raw

Parameters

  • IMAGE: The name (reference) of the image to build.
  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)
  • CONTEXT: The build context used by Kaniko (default: ./)
  • EXTRA_ARGS: Additional args to pass to the Kaniko executor.
  • BUILDER_IMAGE: The Kaniko executor image to use (default: gcr.io/kaniko-project/executor:v1.5.1)

Workspaces

  • source: A Workspace containing the source to build.
  • dockerconfig: An optional Workspace containing a Docker config.json

Results

  • IMAGE-DIGEST: The digest of the image just built.

Authentication to a Container Registry

kaniko builds an image and pushes it to the destination defined as a parameter. In order to properly authenticate to the remote container registry, it needs to have the proper credentials. This can achieved by using a workspace that contains the docker config.json.

When using a workspace, the workspace shall be bound to a secret that embeds the configuration file in a key called config.json.

Usage

This TaskRun runs the Task to fetch a Git repo, and build and push a container image using Kaniko

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: example-run
spec:
  taskRef:
    name: kaniko
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source
  - name: dockerconfig
    secret:
      secretName: my-secret