nicolas
/
tekton-pipeline-multiarch
mirror of https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

it works!

main
Nicolas Massé 2 years ago
parent
2ce753bf47
commit
2e4c7e483a
8 changed files with 126 additions and 60 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      README.md
  2. 5
      tekton/kustomization.yaml
  3. 41
      tekton/pipeline.yaml
  4. 11
      tekton/pipelinerun.yaml
  5. 7
      tekton/quay-authentication.yaml
  6. 20
      tekton/task-buildah-build.yaml
  7. 59
      tekton/task-buildah-push.yaml
  8. 22
      tekton/task-podman-push.yaml

21
README.md
View File

@ -36,6 +36,27 @@ parameters:
fileSystemId: fs-123456
directoryPerms: "700"
basePath: "/pv"
uid: "0"
gid: "0"
```
- [Create and configure access to EFS volumes in AWS](https://docs.openshift.com/container-platform/4.15/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#efs-create-volume_persistent-storage-csi-aws-efs)
## Authentication to the registry
```sh
oc create secret docker-registry quay-authentication --docker-email=nmasse@redhat.com --docker-username=nmasse --docker-password=REDACTED --docker-server=quay.io
oc annotate secret/quay-authentication tekton.dev/docker-0=https://quay.io
```
## Pipeline manifests
```sh
oc apply -k tekton/
```
## Run it!
```sh
oc create -f tekton/pipelinerun.yaml
```

5
tekton/kustomization.yaml
View File

@ -0,0 +1,5 @@
resources:
- pipeline.yaml
- serviceaccount-buildbot.yaml
- task-buildah-build.yaml
- task-buildah-push.yaml

41
tekton/pipeline-build-multiarch.yaml → tekton/pipeline.yaml
View File

@ -6,12 +6,13 @@ spec:
workspaces:
- name: source-workspace
- name: container-storage
- name: oci-images
- name: registry-token
params:
- name: git-url
type: string
- name: docker-image-name
- name: image-name
type: string
- name: manifest-name
type: string
@ -35,45 +36,45 @@ spec:
- name: output
workspace: source-workspace
- name: podman-build-amd64
- name: build-x86-64
runAfter: ["clone-repo"]
taskRef:
name: podman-build
name: buildah-build
params:
- name: manifest-name
value: $(params.manifest-name)
- name: context-dir
value: $(params.context-dir)
workspaces:
- name: source-workspace
workspace: source-workspace
- name: container-storage
workspace: container-storage
- name: oci-images
workspace: oci-images
- name: podman-build-arm64
- name: build-aarch64
runAfter: ["clone-repo"]
taskRef:
name: podman-build
name: buildah-build
params:
- name: manifest-name
value: $(params.manifest-name)
- name: context-dir
value: $(params.context-dir)
workspaces:
- name: source-workspace
workspace: source-workspace
- name: container-storage
workspace: container-storage
- name: oci-images
workspace: oci-images
- name: push-image
runAfter: ["podman-build-amd64", "podman-build-arm64"]
runAfter: ["build-x86-64", "build-aarch64"]
taskRef:
name: buildah-push
params:
- name: image-name
value: $(params.docker-image-name)
- name: manifest-name
value: $(params.manifest-name)
value: $(params.image-name)
- name: architectures
value:
- x86_64
- aarch64
workspaces:
- name: container-storage
workspace: container-storage
- name: oci-images
workspace: oci-images
- name: dockerconfig
workspace: registry-token

11
tekton/pipelinerun.yaml
View File

@ -8,12 +8,12 @@ spec:
params:
- name: git-url
value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
- name: docker-image-name
- name: image-name
value: quay.io/nmasse_itix/htop-multiarch
- name: context-dir
value: src
workspaces:
- name: container-storage
- name: oci-images
volumeClaimTemplate:
spec:
storageClassName: efs-csi
@ -31,14 +31,17 @@ spec:
resources:
requests:
storage: 1Gi
- name: registry-token
secret:
secretName: quay-authentication
taskRunTemplate:
serviceAccountName: buildbot
taskRunSpecs:
- pipelineTaskName: podman-build-amd64
- pipelineTaskName: build-x86-64
podTemplate:
nodeSelector:
beta.kubernetes.io/arch: amd64
- pipelineTaskName: podman-build-arm64
- pipelineTaskName: build-aarch64
podTemplate:
nodeSelector:
beta.kubernetes.io/arch: arm64

7
tekton/quay-authentication.yaml
View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: quay-authentication
data:
.dockerconfigjson: REDACTED
type: kubernetes.io/dockerconfigjson

20
tekton/task-podman-build.yaml → tekton/task-buildah-build.yaml
View File

@ -1,29 +1,35 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: podman-build
name: buildah-build
spec:
params:
- name: manifest-name
type: string
- name: context-dir
type: string
default: .
workspaces:
- name: source-workspace
description: Workspace containing source code
- name: oci-images
mountPath: /srv/oci-images
volumes:
- name: container-storage
description: Persistent volume to store container images
mountPath: /var/lib/containers
emptyDir: {}
steps:
- name: build
image: registry.redhat.io/rhel8/buildah@sha256:b48f410efa0ff8ab0db6ead420a5d8d866d64af846fece5efb185230d7ecf591
env:
- name: STORAGE_DRIVER
value: vfs
script: |
#!/bin/bash
set -Eeuo pipefail
buildah bud --storage-driver=vfs --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
#podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
buildah bud -t localhost/image:$(uname -m) $(workspaces.source-workspace.path)/$(params.context-dir)
buildah push localhost/image:$(uname -m) oci-archive:/srv/oci-images/$(uname -m).tar
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- name: container-storage
mountPath: /var/lib/containers

59
tekton/task-buildah-push.yaml
View File

@ -0,0 +1,59 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildah-push
spec:
params:
- name: image-name
type: string
- name: architectures
type: array
workspaces:
- name: oci-images
mountPath: /srv/oci-images
- description: An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. The file should be placed at the root of the Workspace with name config.json or .dockerconfigjson.
name: dockerconfig
optional: true
volumes:
- name: container-storage
emptyDir: {}
steps:
- name: push
image: registry.redhat.io/rhel8/buildah@sha256:b48f410efa0ff8ab0db6ead420a5d8d866d64af846fece5efb185230d7ecf591
env:
- name: STORAGE_DRIVER
value: vfs
args:
- "$(params.architectures[*])"
script: |
#!/bin/bash
set -Eeuo pipefail
# Handle registry credentials
if [[ "$(workspaces.dockerconfig.bound)" == "true" ]]; then
if test -f "$(workspaces.dockerconfig.path)/config.json"; then
export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
elif test -f "$(workspaces.dockerconfig.path)/.dockerconfigjson"; then
cp "$(workspaces.dockerconfig.path)/.dockerconfigjson" "$HOME/.docker/config.json"
export DOCKER_CONFIG="$HOME/.docker"
else
echo "neither 'config.json' nor '.dockerconfigjson' found at workspace root"
exit 1
fi
fi
declare -a iids=()
for arch; do
echo "Loading image for architecture $arch..."
iid=$(buildah pull oci-archive:/srv/oci-images/$arch.tar)
iids+=("$iid")
done
buildah manifest create localhost/multi-arch-image "${iids[@]}"
buildah manifest push --all localhost/multi-arch-image docker://$(params.image-name)
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- name: container-storage
mountPath: /var/lib/containers

22
tekton/task-podman-push.yaml
View File

@ -1,22 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildah-push
spec:
params:
- name: image-name
type: string
- name: manifest-name
type: string
workspaces:
- name: container-storage
description: Persistent volume to store container images
mountPath: /var/lib/containers
steps:
- name: push
image: quay.io/podman/stable
script: |
#!/bin/bash
set -Eeuo pipefail
export STORAGE_DRIVER=vfs
buildah manifest push --all $(params.manifest-name) docker://$(params.image-name)
Write Preview
Loading…
Cancel
Save