this stuff doesn't quite work

2022-02-01 22:38:32 +01:00
parent 27724423fb
commit b42e651e03
5 changed files with 140 additions and 4 deletions
--- a/_CI-CD/tekton-build-kaniko-task.yaml
+++ b/_CI-CD/tekton-build-kaniko-task.yaml
--- a/_CI-CD/tektoncd-kaniko-pipeline.yaml
+++ b/_CI-CD/tektoncd-kaniko-pipeline.yaml
@@ -0,0 +1,43 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: kaniko-pipeline
+spec:
+  params:
+    - name: git-url
+    - name: git-revision
+    - name: image-name
+    - name: path-to-image-context
+    - name: path-to-dockerfile
+  workspaces:
+    - name: git-source
+  tasks:
+    - name: fetch-from-git
+      taskRef:
+        name: git-clone
+      params:
+        - name: url
+          value: $(params.git-url)
+        - name: revision
+          value: $(params.git-revision)
+        - name: submodules
+          value: '0'
+      workspaces:
+        - name: output
+          workspace: git-source
+    - name: build-image
+      taskRef:
+        name: kaniko
+      params:
+        - name: IMAGE
+          value: $(params.image-name)
+        - name: CONTEXT
+          value: $(params.path-to-image-context)
+        - name: DOCKERFILE
+          value: $(params.path-to-dockerfile)
+      workspaces:
+        - name: source
+          workspace: git-source
+  # If you want you can add a Task that uses the IMAGE_DIGEST from the kaniko task
+  # via $(tasks.build-image.results.IMAGE_DIGEST) - this was a feature we hadn't been
+  # able to fully deliver with the Image PipelineResource!
--- a/_CI-CD/tektoncd-kaniko-task.yaml
+++ b/_CI-CD/tektoncd-kaniko-task.yaml
@@ -0,0 +1,64 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: kaniko
+  labels:
+    app.kubernetes.io/version: "0.5"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.17.0"
+    tekton.dev/categories: Image Build
+    tekton.dev/tags: image-build
+    tekton.dev/displayName: "Build and upload container image using Kaniko"
+    tekton.dev/platforms: "linux/arm64"
+spec:
+  description: >-
+    This Task builds source into a container image using Google's kaniko tool.
+
+    Kaniko doesn't depend on a Docker daemon and executes each
+    command within a Dockerfile completely in userspace. This enables
+    building container images in environments that can't easily or
+    securely run a Docker daemon, such as a standard Kubernetes cluster.
+
+  params:
+  - name: IMAGE
+    description: Name (reference) of the image to build.
+  - name: DOCKERFILE
+    description: Path to the Dockerfile to build.
+    default: ./Dockerfile
+  - name: CONTEXT
+    description: The build context used by Kaniko.
+    default: ./
+  - name: EXTRA_ARGS
+    type: array
+    default: []
+  - name: BUILDER_IMAGE
+    description: The image on which builds will run (default is v1.5.1)
+    default: gcr.io/kaniko-project/executor:v1.5.1@sha256:c6166717f7fe0b7da44908c986137ecfeab21f31ec3992f6e128fff8a94be8a5
+  workspaces:
+  - name: source
+    description: Holds the context and docker file
+  - name: dockerconfig
+    description: Includes a docker `config.json`
+    optional: true
+    mountPath: /kaniko/.docker
+  results:
+  - name: IMAGE-DIGEST
+    description: Digest of the image just built.
+
+  steps:
+  - name: build-and-push
+    workingDir: $(workspaces.source.path)
+    image: $(params.BUILDER_IMAGE)
+    args:
+    - $(params.EXTRA_ARGS[*])
+    - --dockerfile=$(workspaces.source.path)/$(params.DOCKERFILE)
+    - --context=$(params.CONTEXT)  # The user does not need to care the workspace and the source.
+    - --destination=$(params.IMAGE)
+    - --digest-file=/tekton/results/IMAGE-DIGEST
+    - --snapshotMode=redo
+    - --skip-tls-verify
+    # kaniko assumes it is running as root, which means this example fails on platforms
+    # that default to run containers as random uid (like OpenShift). Adding this securityContext
+    # makes it explicit that it needs to run as root.
+    securityContext:
+      runAsUser: 0
--- a/apps/rompr/tekton-image-build.yaml
+++ b/apps/rompr/tekton-image-build.yaml
@@ -61,14 +61,20 @@ spec:
 apiVersion: tekton.dev/v1beta1
 kind: TaskRun
 metadata:
-  name: img-rompr-taskrun
+  name: img-rompr-taskrun2
 spec:
  #serviceAccountName: dockerhub-service
  taskRef:
-    name: build-rompr
+    name: kaniko
  params:
-    - name: pathToDockerFile
+    - name: DOCKERFILE
      value: Dockerfile
+    - name: CONTEXT
+      value: apps/rompr
+    - name: IMAGE
+      value: cr.lan/rompr
+    - name: BUILDER_IMAGE
+      value: gcr.io/kaniko-project/executor:latest
  resources:
    inputs:
      - name: source
@@ -77,6 +83,6 @@ spec:
    outputs:
      - name: builtImage
        resourceRef:
-          name: img-rompr
+          name: img-rompr   
          
          
--- a/apps/rompr/tekton-pipelinerun.yaml
+++ b/apps/rompr/tekton-pipelinerun.yaml
@@ -0,0 +1,23 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: build-rompr
+spec:
+  pipelineRef:
+    name: kaniko-pipeline
+  params:
+    - name: git-url
+      value: http://git-ui.lan/chaos/kubernetes.git
+    - name: git-revision
+      value: master
+    - name: path-to-image-context
+      value: /apps/rompr
+    - name: path-to-dockerfile
+      value: /apps/rompr/Dockerfile
+    - name: image-name
+      value: cr.lan/rompr
+  workspaces:
+      - name: git-source
+        persistentVolumeClaim:
+          claimName: tektoncd-workspaces
+        subPath: usr_src/tekton-kaniko-pipelines