this stuff doesn't quite work

2022-02-01 22:38:32 +01:00
parent 27724423fb
commit b42e651e03
5 changed files with 140 additions and 4 deletions
--- a/_CI-CD/tekton-build-kaniko-task.yaml
+++ b/_CI-CD/tekton-build-kaniko-task.yaml
--- a/_CI-CD/tektoncd-kaniko-pipeline.yaml
+++ b/_CI-CD/tektoncd-kaniko-pipeline.yaml
@@ -0,0 +1,43 @@
 apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
  name: kaniko-pipeline
 spec:
  params:
    - name: git-url
    - name: git-revision
    - name: image-name
    - name: path-to-image-context
    - name: path-to-dockerfile
  workspaces:
    - name: git-source
  tasks:
    - name: fetch-from-git
      taskRef:
        name: git-clone
      params:
        - name: url
          value: $(params.git-url)
        - name: revision
          value: $(params.git-revision)
        - name: submodules
          value: '0'
      workspaces:
        - name: output
          workspace: git-source
    - name: build-image
      taskRef:
        name: kaniko
      params:
        - name: IMAGE
          value: $(params.image-name)
        - name: CONTEXT
          value: $(params.path-to-image-context)
        - name: DOCKERFILE
          value: $(params.path-to-dockerfile)
      workspaces:
        - name: source
          workspace: git-source
  # If you want you can add a Task that uses the IMAGE_DIGEST from the kaniko task
  # via $(tasks.build-image.results.IMAGE_DIGEST) - this was a feature we hadn't been
  # able to fully deliver with the Image PipelineResource!
--- a/_CI-CD/tektoncd-kaniko-task.yaml
+++ b/_CI-CD/tektoncd-kaniko-task.yaml
@@ -0,0 +1,64 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: kaniko
  labels:
    app.kubernetes.io/version: "0.5"
  annotations:
    tekton.dev/pipelines.minVersion: "0.17.0"
    tekton.dev/categories: Image Build
    tekton.dev/tags: image-build
    tekton.dev/displayName: "Build and upload container image using Kaniko"
    tekton.dev/platforms: "linux/arm64"
 spec:
  description: >-
    This Task builds source into a container image using Google's kaniko tool.
    Kaniko doesn't depend on a Docker daemon and executes each
    command within a Dockerfile completely in userspace. This enables
    building container images in environments that can't easily or
    securely run a Docker daemon, such as a standard Kubernetes cluster.
  params:
  - name: IMAGE
    description: Name (reference) of the image to build.
  - name: DOCKERFILE
    description: Path to the Dockerfile to build.
    default: ./Dockerfile
  - name: CONTEXT
    description: The build context used by Kaniko.
    default: ./
  - name: EXTRA_ARGS
    type: array
    default: []
  - name: BUILDER_IMAGE
    description: The image on which builds will run (default is v1.5.1)
    default: gcr.io/kaniko-project/executor:v1.5.1@sha256:c6166717f7fe0b7da44908c986137ecfeab21f31ec3992f6e128fff8a94be8a5
  workspaces:
  - name: source
    description: Holds the context and docker file
  - name: dockerconfig
    description: Includes a docker `config.json`
    optional: true
    mountPath: /kaniko/.docker
  results:
  - name: IMAGE-DIGEST
    description: Digest of the image just built.
  steps:
  - name: build-and-push
    workingDir: $(workspaces.source.path)
    image: $(params.BUILDER_IMAGE)
    args:
    - $(params.EXTRA_ARGS[*])
    - --dockerfile=$(workspaces.source.path)/$(params.DOCKERFILE)
    - --context=$(params.CONTEXT)  # The user does not need to care the workspace and the source.
    - --destination=$(params.IMAGE)
    - --digest-file=/tekton/results/IMAGE-DIGEST
    - --snapshotMode=redo
    - --skip-tls-verify
    # kaniko assumes it is running as root, which means this example fails on platforms
    # that default to run containers as random uid (like OpenShift). Adding this securityContext
    # makes it explicit that it needs to run as root.
    securityContext:
      runAsUser: 0
--- a/apps/rompr/tekton-image-build.yaml
+++ b/apps/rompr/tekton-image-build.yaml
@@ -61,14 +61,20 @@ spec:
 apiVersion: tekton.dev/v1beta1
 kind: TaskRun
 metadata:
-  name: img-rompr-taskrun
+  name: img-rompr-taskrun2
 spec:
  #serviceAccountName: dockerhub-service
  taskRef:
-    name: build-rompr
+    name: kaniko
  params:
-    - name: pathToDockerFile
+    - name: DOCKERFILE
      value: Dockerfile
    - name: CONTEXT
      value: apps/rompr
    - name: IMAGE
      value: cr.lan/rompr
    - name: BUILDER_IMAGE
      value: gcr.io/kaniko-project/executor:latest
  resources:
    inputs:
      - name: source
@@ -77,6 +83,6 @@ spec:
    outputs:
      - name: builtImage
        resourceRef:
-          name: img-rompr
+          name: img-rompr   
--- a/apps/rompr/tekton-pipelinerun.yaml
+++ b/apps/rompr/tekton-pipelinerun.yaml
@@ -0,0 +1,23 @@
 apiVersion: tekton.dev/v1beta1
 kind: PipelineRun
 metadata:
  name: build-rompr
 spec:
  pipelineRef:
    name: kaniko-pipeline
  params:
    - name: git-url
      value: http://git-ui.lan/chaos/kubernetes.git
    - name: git-revision
      value: master
    - name: path-to-image-context
      value: /apps/rompr
    - name: path-to-dockerfile
      value: /apps/rompr/Dockerfile
    - name: image-name
      value: cr.lan/rompr
  workspaces:
      - name: git-source
        persistentVolumeClaim:
          claimName: tektoncd-workspaces
        subPath: usr_src/tekton-kaniko-pipelines