Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
.gitignore buildkit: use mTLS and suppport daemonless mode Oct 21, 2019
README.md buildkit: use mTLS and suppport daemonless mode Oct 21, 2019
create-certs.sh buildkit: use mTLS and suppport daemonless mode Oct 21, 2019
deployment+service.privileged.yaml
deployment+service.rootless.yaml Linting yamls with yamllint 🏷 Nov 15, 2019
task.yaml Linting yamls with yamllint 🏷 Nov 15, 2019

README.md

BuildKit

This Task builds source into a container image using Moby BuildKit.

See also buildkit-daemonless for the daemonless version of this task.

Install

Step 0: Create mTLS secrets

You need to determine the SAN of the BuildKit daemon Service and create mTLS certificates. In this example, we use buildkitd as the SAN.

$ ./create-certs.sh buildkitd
$ kubectl apply -f .certs/buildkit-daemon-certs.yaml
secret/buildkit-daemon-certs created
$ kubectl apply -f .certs/buildkit-client-certs.yaml
secret/buildkit-client-certs created
$ rm -rf .certs

Step 1: Deploy BuildKit daemon

Two types of the daemon manifests are included:

$ kubectl apply -f deployment+service.rootless.yaml
deployment.apps/buildkitd created
service/buildkitd created

The number of replicas can be adjusted as you like:

$ kubectl scale --replicas=10 deployment/buildkitd

See also BuildKit documentation for the further information about the manifests.

Step 2: Install the task

$ kubectl apply -f task.yaml
task.tekton.dev/buildkit created

Inputs

Parameters

  • DOCKERFILE: The path to the Dockerfile to execute (default: ./Dockerfile)
  • BUILDKIT_CLIENT_IMAGE: BuildKit client image (default:moby/buildkit:vX.Y.Z@sha256:...)
  • BUILDKIT_DAEMON_ADDRESS: BuildKit daemon address (default:tcp://buildkitd:1234)
  • BUILDKIT_CLIENT_CERTS: The name of Secret that contains ca.pem, cert.pem, key.pem for mTLS connection to BuildKit daemon (default:buildkit-client-certs)

Resources

  • source: A git-type PipelineResource specifying the location of the source to build.

Outputs

Resources

  • image: An image-type PipelineResource specifying the image that should be built. Currently, generating resourceResult is not supported. (buildkit#993)
You can’t perform that action at this time.