mirror/catalog
1
0
Fork 0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-22 06:02:51 +00:00
Code Issues Releases Activity
1ecf61b951
catalog/task/kaniko/0.6
History
vinamra28 e763a4473e Use latest git-clone in Task's tests 
With git-clone version 0.8 and onwards, it started running as non-root
and GKE clusters were having some issues, so, we temporarily moved all
tasks to use git-clone version 0.7. Ref: https://github.com/tektoncd/catalog/pull/1079

Since we have now moved to kind clusters in our CI, this issue is now
resolved and thus moving all tasks to use latest version of git-clone

Signed-off-by: vinamra28 <jvinamra776@gmail.com>
2023-09-22 09:32:22 +01:00
..
tests Use latest git-clone in Task's tests 2023-09-22 09:32:22 +01:00
kaniko.yaml Fix kaniko for arm64 and ppc64le. 2022-10-08 16:15:32 +02:00
README.md [TEP-0110] Update Tekton Catalog installation instructions 2022-08-16 16:25:52 +01:00

README.md

Kaniko

This Task builds source into a container image using Google's kaniko tool.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

kaniko is meant to be run as an image, gcr.io/kaniko-project/executor:v1.5.1. This makes it a perfect tool to be part of Tekton. This task can also be used with Tekton Chains to attest and sign the image.

Changelog

  • Added IMAGE_DIGEST to the Results which get populated with the digest of a built image
  • Added IMAGE_URL to the Results which get populated with the URL of a built image

Both these results are needed in order for Chains to sign the image. See Chains documentation for more information: https://github.com/tektoncd/chains/blob/main/docs/config.md#chains-type-hinting

Install the Task

kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/kaniko/0.6/raw

Parameters

  • IMAGE: The name (reference) of the image to build.
  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)
  • CONTEXT: The build context used by Kaniko (default: ./)
  • EXTRA_ARGS: Additional args to pass to the Kaniko executor.
  • BUILDER_IMAGE: The Kaniko executor image to use (default: gcr.io/kaniko-project/executor:v1.5.1)

Workspaces

  • source: A Workspace containing the source to build.
  • dockerconfig: An optional Workspace containing a Docker config.json

Results

  • IMAGE_DIGEST: The digest of the image just built.
  • IMAGE_URL: URL of the image just built.

These results are needed by chains to sign the created image. See Chains documentation for more information: https://github.com/tektoncd/chains/blob/main/docs/config.md#chains-type-hinting

Authentication to a Container Registry

kaniko builds an image and pushes it to the destination defined as a parameter. In order to properly authenticate to the remote container registry, it needs to have the proper credentials. This can achieved by using a workspace that contains the docker config.json.

When using a workspace, the workspace shall be bound to a secret that embeds the configuration file in a key called config.json.

Usage

This TaskRun runs the Task to fetch a Git repo, and build and push a container image using Kaniko

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: example-run
spec:
  taskRef:
    name: kaniko
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source
  - name: dockerconfig
    secret:
      secretName: my-secret