1
0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-24 06:15:46 +00:00
catalog/kaniko
JJ Asghar 0e8ec65576 Update README.md
changed it to v1beta1 because master is out of sync/does not work.

Signed-off-by: JJ Asghar <jjasghar@gmail.com>
2020-05-29 17:32:49 +01:00
..
tests Fix for issue 285. Fix kaniko image digest result 2020-04-24 09:34:18 +01:00
kaniko.yaml Add comment about security context 🔒 2020-05-11 22:29:37 +01:00
README.md Update README.md 2020-05-29 17:32:49 +01:00

Kaniko

This Task builds source into a container image using Google's kaniko tool.

kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

kaniko is meant to be run as an image, gcr.io/kaniko-project/executor:v0.9.0. This makes it a perfect tool to be part of Tekton.

Install the Task

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/kaniko/kaniko.yaml

Parameters

  • IMAGE: The name (reference) of the image to build.

  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)

  • CONTEXT: The build context used by Kaniko (default: ./)

Workspaces

  • source: A git-type PipelineResource specifying the location of the source to build.

Results

  • IMAGE-DIGEST: The digest of the image just built.

ServiceAccount

kaniko builds an image and pushes it to the destination defined as a parameter. In order to properly authenticate to the remote container registry, it needs to have the proper credentials. This is achieved using a ServiceAccount.

For an example on how to create such a ServiceAccount to push an image to DockerHub, see the Authentication documentation page.

Usage

This TaskRun runs the Task to fetch a Git repo, and build and push a container image using Kaniko

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: example-run
spec:
  taskRef:
    name: kaniko
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source