Build Docker Image Using Tekton Pipeline + Buildah
Why not Docker?
The typical way of building Docker image is to use command docker build. While it might be convenient for building on local machine, it create more complexity when it comes to building image on the CI pipeline.
Typical Docker CI
Normally in order to build docker image on the CICD tool like Jenkins/AzurePipeline/Github Action , we have to run the docker steps on the agent that has the docker installed. Typically, the agent would run on a virtual machine like EC2 for example since it is not very usual to install docker on a container running on Kubernetes.
This create a pain point and effort in building and managing docker agent and machine image. In addition, the start up and shutdown time of the VM is very slow. Thus, to make it time efficient, normally the agent will be running all the time. Instead, not so efficient in term of resources.
What can we do?
Luckily, if you feel the same you are not the only one in the world. In this tutorial we are going to build the docker image efficiently using container as an image builder on Kubernetes instead of virtual machine by using Buildah and Tekton pipeline.
Create Dockerfile
Create a simple Dockerfile that print “hello medium” when container start. Then push to your desire repository.
Install Tekton
CLI
brew install tektoncd-cliOperator
Install Tekton Components
kubectl apply -f https://storage.googleapis.com/tekton-releases/operator/latest/release.yamlkubectl apply -f https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/kubernetes/config/all/operator_v1alpha1_config_cr.yaml
After install the operator you should be able to access Tekton WebUI through browser by using Kubernetes port forward.
kubectl port-forward svc/tekton-dashboard 9097:9097
Create Tasks
Git Clone Task
The first step we have to do is to clone the source code which contains the Dockerfile. There are many opensource Tekton task published on TektonHub which we can freely download and use so that we don’t have to reinvent the wheel. For instance, the task to clone the source code from git repository is already presented here git-clone. To install the task to the Kubernetes cluster, simply run the following command.
tkn hub install task git-cloneAfter that you will be able to checkout the task you just install by executing and you should see “git-clone” task presented.
kubectl get tasksBuildah Task
In this task, two step will be performed.
- Build — The build command will be executed.
- Push — The push command with push credentials will be executed.
Notice that the env USERNAME and PASSWORD will be injected to the pod by using secretKeyRef. Thus, the secret must be created before starting the task.
Create Pipeline
The pipeline contain 2 tasks which is the above git-clone and buildah task. Specify the destination source code and image repository under params.
Image Push Secret
To push the image to Dockerhub, credentials is required. Create the Kubernetes secret name image-push-secrets which will be used to mounted as environment variable when buildah task is running.
export USERNAME={YOUR_DOCKERHUB_USERNAME}
export PASSWORD={YOUR_DOCKERHUHB_PASSWORD}
kubectl create secret generic image-push-secrets — from-literal username=$USERNAME — from-literal password=$PASSWORDPipeline Run
To run the pipeline, create PipelineRun and specify the persistent volume as the workspace which is shared between multiple tasks in the pipeline. Apply the below definition with command
kube create -f pipeline-run.yamlNavigate to the Tekton dashboard. You should see the pipeline is running.
Check the Result Image
Assume that everything is working fine. The image should be pushed to your destination. In your local machine run:
docker run docker.io/{YOUR_DOCKERHUB_REPOSITORY_NAME}
hello mediumSource Code: https://github.com/NonTechCompany/tekton-buildah
Contact
Email: chan.suttichujit@gmail.com
GitHub: https://github.com/NonTechCompany
Follow us for more of these: https://medium.com/nontechcompany
