nicolas
/
tekton-pipeline-multiarch
mirror of https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

it works!

main
Nicolas Massé 2 years ago
parent
2ce753bf47
commit
2e4c7e483a
8 changed files with 126 additions and 60 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      README.md
  2. 5
      tekton/kustomization.yaml
  3. 41
      tekton/pipeline.yaml
  4. 11
      tekton/pipelinerun.yaml
  5. 7
      tekton/quay-authentication.yaml
  6. 20
      tekton/task-buildah-build.yaml
  7. 59
      tekton/task-buildah-push.yaml
  8. 22
      tekton/task-podman-push.yaml

21
README.md
View File

@ -36,6 +36,27 @@ parameters:
fileSystemId: fs-123456 fileSystemId: fs-123456
directoryPerms: "700" directoryPerms: "700"
basePath: "/pv" basePath: "/pv"
uid: "0"
gid: "0"
``` ```
- [Create and configure access to EFS volumes in AWS](https://docs.openshift.com/container-platform/4.15/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#efs-create-volume_persistent-storage-csi-aws-efs) - [Create and configure access to EFS volumes in AWS](https://docs.openshift.com/container-platform/4.15/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#efs-create-volume_persistent-storage-csi-aws-efs)
## Authentication to the registry
```sh
oc create secret docker-registry quay-authentication --docker-email=nmasse@redhat.com --docker-username=nmasse --docker-password=REDACTED --docker-server=quay.io
oc annotate secret/quay-authentication tekton.dev/docker-0=https://quay.io
```
## Pipeline manifests
```sh
oc apply -k tekton/
```
## Run it!
```sh
oc create -f tekton/pipelinerun.yaml
```

5
tekton/kustomization.yaml
View File

@ -0,0 +1,5 @@
resources:
- pipeline.yaml
- serviceaccount-buildbot.yaml
- task-buildah-build.yaml
- task-buildah-push.yaml

41
tekton/pipeline-build-multiarch.yaml → tekton/pipeline.yaml
View File

@ -6,12 +6,13 @@ spec:
workspaces: workspaces:
- name: source-workspace - name: source-workspace
- name: container-storage - name: oci-images
- name: registry-token
params: params:
- name: git-url - name: git-url
type: string type: string
- name: docker-image-name - name: image-name
type: string type: string
- name: manifest-name - name: manifest-name
type: string type: string
@ -35,45 +36,45 @@ spec:
- name: output - name: output
workspace: source-workspace workspace: source-workspace
- name: podman-build-amd64 - name: build-x86-64
runAfter: ["clone-repo"] runAfter: ["clone-repo"]
taskRef: taskRef:
name: podman-build name: buildah-build
params: params:
- name: manifest-name
value: $(params.manifest-name)
- name: context-dir - name: context-dir
value: $(params.context-dir) value: $(params.context-dir)
workspaces: workspaces:
- name: source-workspace - name: source-workspace
workspace: source-workspace workspace: source-workspace
- name: container-storage - name: oci-images
workspace: container-storage workspace: oci-images
- name: podman-build-arm64 - name: build-aarch64
runAfter: ["clone-repo"] runAfter: ["clone-repo"]
taskRef: taskRef:
name: podman-build name: buildah-build
params: params:
- name: manifest-name
value: $(params.manifest-name)
- name: context-dir - name: context-dir
value: $(params.context-dir) value: $(params.context-dir)
workspaces: workspaces:
- name: source-workspace - name: source-workspace
workspace: source-workspace workspace: source-workspace
- name: container-storage - name: oci-images
workspace: container-storage workspace: oci-images
- name: push-image - name: push-image
runAfter: ["podman-build-amd64", "podman-build-arm64"] runAfter: ["build-x86-64", "build-aarch64"]
taskRef: taskRef:
name: buildah-push name: buildah-push
params: params:
- name: image-name - name: image-name
value: $(params.docker-image-name) value: $(params.image-name)
- name: manifest-name - name: architectures
value: $(params.manifest-name) value:
- x86_64
- aarch64
workspaces: workspaces:
- name: container-storage - name: oci-images
workspace: container-storage workspace: oci-images
- name: dockerconfig
workspace: registry-token

11
tekton/pipelinerun.yaml
View File

@ -8,12 +8,12 @@ spec:
params: params:
- name: git-url - name: git-url
value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
- name: docker-image-name - name: image-name
value: quay.io/nmasse_itix/htop-multiarch value: quay.io/nmasse_itix/htop-multiarch
- name: context-dir - name: context-dir
value: src value: src
workspaces: workspaces:
- name: container-storage - name: oci-images
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:
storageClassName: efs-csi storageClassName: efs-csi
@ -31,14 +31,17 @@ spec:
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi
- name: registry-token
secret:
secretName: quay-authentication
taskRunTemplate: taskRunTemplate:
serviceAccountName: buildbot serviceAccountName: buildbot
taskRunSpecs: taskRunSpecs:
- pipelineTaskName: podman-build-amd64 - pipelineTaskName: build-x86-64
podTemplate: podTemplate:
nodeSelector: nodeSelector:
beta.kubernetes.io/arch: amd64 beta.kubernetes.io/arch: amd64
- pipelineTaskName: podman-build-arm64 - pipelineTaskName: build-aarch64
podTemplate: podTemplate:
nodeSelector: nodeSelector:
beta.kubernetes.io/arch: arm64 beta.kubernetes.io/arch: arm64

7
tekton/quay-authentication.yaml
View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: quay-authentication
data:
.dockerconfigjson: REDACTED
type: kubernetes.io/dockerconfigjson

20
tekton/task-podman-build.yaml → tekton/task-buildah-build.yaml
View File

@ -1,29 +1,35 @@
apiVersion: tekton.dev/v1beta1 apiVersion: tekton.dev/v1beta1
kind: Task kind: Task
metadata: metadata:
name: podman-build name: buildah-build
spec: spec:
params: params:
- name: manifest-name
type: string
- name: context-dir - name: context-dir
type: string type: string
default: . default: .
workspaces: workspaces:
- name: source-workspace - name: source-workspace
description: Workspace containing source code description: Workspace containing source code
- name: oci-images
mountPath: /srv/oci-images
volumes:
- name: container-storage - name: container-storage
description: Persistent volume to store container images emptyDir: {}
mountPath: /var/lib/containers
steps: steps:
- name: build - name: build
image: registry.redhat.io/rhel8/buildah@sha256:b48f410efa0ff8ab0db6ead420a5d8d866d64af846fece5efb185230d7ecf591 image: registry.redhat.io/rhel8/buildah@sha256:b48f410efa0ff8ab0db6ead420a5d8d866d64af846fece5efb185230d7ecf591
env:
- name: STORAGE_DRIVER
value: vfs
script: | script: |
#!/bin/bash #!/bin/bash
set -Eeuo pipefail set -Eeuo pipefail
buildah bud --storage-driver=vfs --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir) buildah bud -t localhost/image:$(uname -m) $(workspaces.source-workspace.path)/$(params.context-dir)
#podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir) buildah push localhost/image:$(uname -m) oci-archive:/srv/oci-images/$(uname -m).tar
securityContext: securityContext:
capabilities: capabilities:
add: add:
- SETFCAP - SETFCAP
volumeMounts:
- name: container-storage
mountPath: /var/lib/containers

59
tekton/task-buildah-push.yaml
View File

@ -0,0 +1,59 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildah-push
spec:
params:
- name: image-name
type: string
- name: architectures
type: array
workspaces:
- name: oci-images
mountPath: /srv/oci-images
- description: An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. The file should be placed at the root of the Workspace with name config.json or .dockerconfigjson.
name: dockerconfig
optional: true
volumes:
- name: container-storage
emptyDir: {}
steps:
- name: push
image: registry.redhat.io/rhel8/buildah@sha256:b48f410efa0ff8ab0db6ead420a5d8d866d64af846fece5efb185230d7ecf591
env:
- name: STORAGE_DRIVER
value: vfs
args:
- "$(params.architectures[*])"
script: |
#!/bin/bash
set -Eeuo pipefail
# Handle registry credentials
if [[ "$(workspaces.dockerconfig.bound)" == "true" ]]; then
if test -f "$(workspaces.dockerconfig.path)/config.json"; then
export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
elif test -f "$(workspaces.dockerconfig.path)/.dockerconfigjson"; then
cp "$(workspaces.dockerconfig.path)/.dockerconfigjson" "$HOME/.docker/config.json"
export DOCKER_CONFIG="$HOME/.docker"
else
echo "neither 'config.json' nor '.dockerconfigjson' found at workspace root"
exit 1
fi
fi
declare -a iids=()
for arch; do
echo "Loading image for architecture $arch..."
iid=$(buildah pull oci-archive:/srv/oci-images/$arch.tar)
iids+=("$iid")
done
buildah manifest create localhost/multi-arch-image "${iids[@]}"
buildah manifest push --all localhost/multi-arch-image docker://$(params.image-name)
securityContext:
capabilities:
add:
- SETFCAP
volumeMounts:
- name: container-storage
mountPath: /var/lib/containers

22
tekton/task-podman-push.yaml
View File

@ -1,22 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildah-push
spec:
params:
- name: image-name
type: string
- name: manifest-name
type: string
workspaces:
- name: container-storage
description: Persistent volume to store container images
mountPath: /var/lib/containers
steps:
- name: push
image: quay.io/podman/stable
script: |
#!/bin/bash
set -Eeuo pipefail
export STORAGE_DRIVER=vfs
buildah manifest push --all $(params.manifest-name) docker://$(params.image-name)
Write Preview
Loading…
Cancel
Save