Skip to content
Branch: master
Find file History
AkihiroSuda and knative-prow-robot buildkit: update to v0.4.0 (securityContext no longer needed) (#109)
* buildkit: update to v0.4.0 (securityContext no longer needed)

Signed-off-by: Akihiro Suda <>

* Appease mdlint
Latest commit fa2ac1b Apr 17, 2019


This build template builds source into a container image using Moby BuildKit.

Rootless mode is used by default.


  • IMAGE: The Docker image name to apply to the newly built image. (required)
  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)
  • PUSH: Whether to push or not (default:true)
  • DIRECTORY: Workspace directory (default:/workspace)
  • BUILDKIT_CLIENT_IMAGE: BuildKit client image (default:moby/buildkit:vX.Y.Z-rootless@sha256:...)
  • BUILDKIT_DAEMON_ADDRESS: BuildKit daemon address (default:tcp://buildkitd:1234)

Set up

Step 0: Deploy BuildKit daemon

First, you need to deploy BuildKit daemon as follows:

kubectl apply -f 0-buildkitd.yaml

The default image is set to moby/buildkit:vX.Y.Z-rootless@sha256:... (see YAML files for the actual revision), but you can also build the image manually as follows:

git clone
cd buildkit
DOCKER_BUILDKIT=1 docker build --target rootless -f hack/dockerfiles/test.buildkit.Dockerfile .

If you are using Debian (not Ubuntu) or Arch Linux kernel on each of kubelet nodes, sudo sh -c "echo 1 > /proc/sys/kernel/unprivileged_userns_clone" is required. See the content of 0-buildkitd.yaml for further information about rootless mode.

You can also use "rootful" BuildKit image (moby/buildkit:vX.Y.Z) at your own risk.

Step 1: Register BuildKit build template

kubectl apply -f 1-buildtemplate.yaml


kind: Build
  name: buildkit-build-my-repo
      revision: master
    name: buildkit
    - name: IMAGE

In this example, the Git repo being built is expected to have a Dockerfile at the root of the repository.

You can’t perform that action at this time.