mirror/catalog
1
0
Fork 0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-22 06:02:51 +00:00
Code Issues Releases Activity
becece2f29
catalog/s2i
History
ishani2412 c89d3965b7 Improve Readme.md 
PR to improve the Readme.md migrating the install task URL from
master to v1beta1

Signed-off-by: ishani2412 <ishani.1613039@kiet.edu>
2020-06-02 09:03:51 +01:00
..
tests s2i: use workspace instead of GitResource 🐐 2020-03-11 07:43:48 -05:00
Dockerfile Fix running s2i binary as user 2019-11-21 09:56:33 -06:00
OWNERS Add initial OWNERS to some folders 📄 2019-10-23 04:53:23 -05:00
README.md Improve Readme.md 2020-06-02 09:03:51 +01:00
s2i.yaml s2i: use workspace instead of GitResource 🐐 2020-03-11 07:43:48 -05:00

README.md

Source-to-Image

Source-to-Image (S2I) is a toolkit and workflow for building reproducible container images from source code. S2I produces images by injecting source code into a base S2I container image and letting the container prepare that source code for execution. The base S2I container images contains the language runtime and build tools needed for building and running the source code.

Install the Task

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/v1beta1/s2i/s2i.yaml

Parameters

  • BUILDER_IMAGE: The location of the s2i builder image.
  • PATH_CONTEXT: Source path from where s2i command need to be run (default: .).
  • TLSVERIFY: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) (default: true)

Workspaces

  • source: A git-type PipelineResource specifying the location of the source to build.

Resources

Outputs

  • image: An image-type PipelineResource specify the image that should be built.

ServiceAccount

S2I builds an image and pushes it to the destination registry which is defined as a parameter. In order to properly authenticate to the remote container registry, it needs to have the proper credentials. The credentials can be provided through a service account. See Authentication for further details.

If you are running on OpenShift, you also need to allow the service account to run privileged containers because OpenShift does not allow containers run as privileged containers by default unless explicitly configured, due to security considerations.

Run the following in order to create a service account named pipeline on OpenShift and allow it to run privileged containers:

oc create serviceaccount pipeline
oc adm policy add-scc-to-user privileged -z pipeline
oc adm policy add-role-to-user edit -z pipeline

Usage

This TaskRun runs the Task to fetch a Git repo, and build and push a container image using s2i and a nodejs builder image.

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: s2i-nodejs-taskrun
spec:
  # Use service account with git and image repo credentials
  serviceAccountName: pipeline
  taskRef:
    name: s2i
  params:
  - name: BUILDER_IMAGE
    value: docker.io/centos/nodejs-8-centos7
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source
  resources:
    outputs:
    - name: image
      resourceSpec:
        type: image
        params:
        - name: url
          value: gcr.io/my-repo/nodejs-s2i-ex

Here is a non-exhaustive list of well maintained s2i builder image (from sclorg):

Note: all those images above are also available with RHEL as base instead, just replace centos7 by rhel7 or rhel8