cedrickring / kbuild Goto Github PK

View Code? Open in Web Editor NEW

13.0 2.0 1.0 5.58 MB

CLI for Kaniko to build container images in a Kubernetes Cluster

License: Apache License 2.0

Makefile 1.78% Go 95.83% Dockerfile 0.40% Shell 1.98%

kaniko kubernetes golang cli

kbuild's Introduction

kbuild

Build container images inside a Kubernetes Cluster with your local build context.

For more information see: Kaniko

Requirements

~/.docker/config.json exists and authenticated to a registry
~/.kube/config exists and configured with the correct cluster
A Kubernetes Cluster
A Container Registry

Installation

For Linux or Mac use

curl -fsSL https://raw.githubusercontent.com/cedrickring/kbuild/master/scripts/get | bash

Usage

Build an image of the current directory with tag repository:tag

kbuild -t repository:tag

To specify a Dockerfile in the working directory, use:

kbuild -t repository:tag -d Dockerfile.dev

kbuild --tag repository:tag --dockerfile Dockerfile.dev

respectively.

You can specify multiple image tags by repeating the tag flag.

Additional Flags

-w / --workdir

Specify the working directory (defaults to the directory you're currently in)

-d / --dockerfile

Path to the Dockerfile in the build context (defaults to Dockerfile)

-c / --cache

Enable RUN command caching for faster builds (See here)

--cache-repo

Specify the repo to cache build steps in (defaults to <repository>cache, repo retrieved from the image tag)

-n / --namespace

Specify namespace for the builder to run in (defaults to "default" namespace)

--build-arg

This flag allows you to pass in build args (ARG) for the Kaniko executor

--bucket

The bucket to use for Google Cloud Storage

Registry credentials

You can either have your Docker Container Registry credentials in your ~/.docker/config.json or provide them with the --username (-u) and --password (-p) flags.

When using the cli flags, the container registry url is guessed based on the first provided image tag. e.g. -t my.registry.com/tag is guessed as my.registry.com. If no specific registry is provided in the tag, it defaults to https://index.docker.io/v1/.

Google Cloud Storage

If you want to use the Google Cloud Storage to store your build context, you have to pass gcs as the first argument to kbuild and specify the --bucket to use.

Example: kbuild -t image:tag --bucket mybucket gcs

You might need to create a service account key and store the path to the service-account.json in the GOOGLE_APPLICATION_CREDENTIALS environment variable.

How does kbuild work?

In order to use the local context, the context needs to be tar-ed, copied to an Init Container, which shares an empty volume with the Kaniko container, and extracted in the empty volume (only for local context).

Limitations

You cannot specify args for the Kaniko executor

Windows

The docker-credential-wincred helper is not supported by Kaniko

kbuild's People

Contributors

Stargazers

Watchers

Forkers

wangjianze

kbuild's Issues

Add support for build args

A command flag should be added to support build args e.g. --arg ARG1=value --arg ARG2=value etc. The args should be used for the build context and should be propagated to the Kaniko executor.

Print Kaniko logs when the container exits immediately

When Kaniko exits immediately after start, the logs are omitted and the build exits. The error cause should be printed in the console.

Add support for Google GCS bucket context

Add proxy to kaniko container

File changed

diff --git a/pkg/kaniko/pod.go b/pkg/kaniko/pod.go
index 7bea553..526cc47 100644
--- a/pkg/kaniko/pod.go
+++ b/pkg/kaniko/pod.go
@@ -41,6 +41,22 @@ func (b Build) getKanikoPod() *v1.Pod {
                                        Args: []string{
                                                "--dockerfile=" + b.DockerfilePath,
                                        },
+                                       Env: []v1.EnvVar{
+                                               {
+                                                       Name:  "HTTPS_PROXY",
+                                                       Value: "http://proxy.com:8080",
+                                               },
+                                               {
+                                                       Name:  "HTTPS_PROXY",
+                                                       Value: "http://proxy.com:8080",
+                                               },
+                                               {
+                                                       Name:  "NO_PROXY",
+                                                       Value: "xx2.com",
+                                               }},
                                        VolumeMounts: []v1.VolumeMount{
                                                {
                                                        Name:      "docker-config",

 ✘ ⚙ shashank.koppar@P34320  ~/Documents/kbuild   master ●  make
go fmt ./pkg/... ./cmd/...
pkg/kaniko/pod.go
go vet ./pkg/... ./cmd/...
# _/Users/shashank.koppar/Documents/kbuild/pkg/kaniko
pkg/kaniko/build.go:62:37: cannot use client (type *"github.com/cedrickring/kbuild/vendor/k8s.io/client-go/kubernetes".Clientset) as type *"k8s.io/client-go/kubernetes".Clientset in argument to b.checkForConfigMap
pkg/kaniko/build.go:75:20: cannot use pod (type *"k8s.io/api/core/v1".Pod) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".Pod in argument to b.Source.ModifyPod
pkg/kaniko/build.go:82:31: cannot use pod (type *"k8s.io/api/core/v1".Pod) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".Pod in argument to b.Source.UploadTar
pkg/kaniko/build.go:88:11: cannot assign *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".Pod to pod (type *"k8s.io/api/core/v1".Pod) in multiple assignment
pkg/kaniko/build.go:88:24: cannot use pod (type *"k8s.io/api/core/v1".Pod) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".Pod in argument to pods.Create
pkg/kaniko/build.go:95:4: cannot use &"k8s.io/apimachinery/pkg/apis/meta/v1".DeleteOptions literal (type *"k8s.io/apimachinery/pkg/apis/meta/v1".DeleteOptions) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/apimachinery/pkg/apis/meta/v1".DeleteOptions in argument to pods.Delete
pkg/kaniko/build.go:103:31: cannot use pod (type *"k8s.io/api/core/v1".Pod) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".Pod in argument to b.Source.UploadTar
pkg/kaniko/build.go:111:24: cannot use client (type *"github.com/cedrickring/kbuild/vendor/k8s.io/client-go/kubernetes".Clientset) as type *"k8s.io/client-go/kubernetes".Clientset in argument to b.streamLogs
pkg/kaniko/build.go:125:57: cannot use "k8s.io/apimachinery/pkg/apis/meta/v1".GetOptions literal (type "k8s.io/apimachinery/pkg/apis/meta/v1".GetOptions) as type "github.com/cedrickring/kbuild/vendor/k8s.io/apimachinery/pkg/apis/meta/v1".GetOptions in argument to pods.Get
# _/Users/shashank.koppar/Documents/kbuild/pkg/kaniko/source
pkg/kaniko/source/gcs.go:64:82: cannot use &"k8s.io/apimachinery/pkg/apis/meta/v1".DeleteOptions literal (type *"k8s.io/apimachinery/pkg/apis/meta/v1".DeleteOptions) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/apimachinery/pkg/apis/meta/v1".DeleteOptions in argument to k8sClient.CoreV1().Secrets(g.Namespace).Delete
pkg/kaniko/source/gcs.go:99:57: cannot use secret (type *"k8s.io/api/core/v1".Secret) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".Secret in argument to client.CoreV1().Secrets(g.Namespace).Create
# _/Users/shashank.koppar/Documents/kbuild/cmd [_/Users/shashank.koppar/Documents/kbuild/cmd.test]
cmd/kbuild.go:142:3: cannot use credentialsMap (type *"k8s.io/api/core/v1".ConfigMap) as type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".ConfigMap in field value
cmd/kbuild.go:209:41: cannot use docker.GetCredentialsAsConfigMap(credentials) (type *"github.com/cedrickring/kbuild/vendor/k8s.io/api/core/v1".ConfigMap) as type *"k8s.io/api/core/v1".ConfigMap in return argument
make: *** [vet] Error 2

I get this error when I try to execute make
How can I build a new binary?

Update k8s dependencies to 1.12.x

As Kubernetes 1.13 just came out, we should upgrade to 1.12.

Only add required files to the build context

The build context should only consist of files required for building the image. Only paths specified by

ADD
COPY

should be added to the context.

met configmap issue when using rancher

I use rancher https://rancher.com/products/rancher to manage my kubernetes and get configmaps error, i do have admin permission.

$ kbuild -t abc
INFO[0000] Using credentials from ~/.docker/config.json
INFO[0000] Using local build context source
INFO[0000] Run-Step caching is disabled.
INFO[0000] Running in namespace "default"
FATA[0000] check for config map: creating configmap: {"Code":{"Code":"Forbidden","Status":403},"Message":"clusters.management.cattle.io \"c-76bcv\" is forbidden: User \"u-3hdhdog\" cannot get resource \"clusters\" in API group \"management.cattle.io\" at the cluster scope","Cause":null,"FieldName":""} (post configmaps)

Add support for Amazon S3 bucket context

Add ability to specify a namespace for the Kaniko build to run in

Currently Kaniko runs in the default namespace. Users should be able to specify the namespace by using
--namespace=<namespace> or the shorthand -n namespace. The namespace should default to "default".

Remove all external dependencies from kbuild

Which includes the need of:

kubectl (there should be a way to do this with the k8s.io/kubernetes package)
~/.docker/config.json

The registry credentials can be either provided by --user <user> --password <password> or with the aliases -u <user> -p <password>. If they're not provided explicitly, they should be retrieved from the ~/.docker/config.json.

kubectl cp from local to remote pod (may use ksync)
use pvc from shared local to remote pod

If needed, the remote pod (kaniko) can be run as permanent.