Containerization has transformed the landscape of software development and deployment, with Docker being a popular choice for packaging applications into isolated containers. In Kubernetes environments, efficiently building and pushing Docker images is crucial for maintaining a streamlined development and deployment pipeline. In this blog post, I'll explore how to achieve this using Tekton which is an open-source framework designed for building CI/CD systems that run on Kubernetes and Kaniko which is an offers a solution by enabling containerized builds without the need for a Docker daemon. Let's get started.
Setup
First we need to pull the latest changes from the git repository. For this we can use the git-clone task but imagine if we need to pull the source code from a private Git repository. In that case we need to add some custom configurations to our tekton pipeline. In here I am using GitHub repository and I am going to use a SSH key to authenticate with the GitHub repository.
First, we need to generate a SSH key pair. We can do that by using the following command.
1 | ssh-keygen -t rsa -b 4096 -C "[email protected]" |
This will ask some questions like passphrase and location to save key pair. You can leave them as default by pressing enter. After that, you will get a public key and a private key in your default location. In my case, it is in the ~/.ssh directory. The public key is id_rsa.pub and the private key is id_rsa.
Before create a secret in Kubernetes, we need to encode the private key. We can do that by using the following command.
1 | cat ~/.ssh/id_rsa | base64 |
This will give you a base64 encoded string. Copy that string and save it in a file. We will use that in the next step.
Now we need to create a secret in Kubernetes. We are going to use following YAML file to create the secret.
1 | apiVersion: v1 |
Now we need to apply this YAML file to create the secret.
1 | kubectl create -f secret.yaml |
Now we have created the secret. Let’s move on to the next step.
Now we need to add the public key to GitHub. You need to copy the public key by below command.
1 | cat ~/.ssh/id_rsa.pub |
Now goto GitHub and add the public key to your GitHub account. You can do that by following below steps.
- Go to your GitHub account settings.
- Click on SSH and GPG keys.
- Click on New SSH key.
- Give a name and paste the public key.
- Click on Add SSH key.
Now we have added the public key to GitHub. Let’s move on to the next step.
Now we need to create a service account to use in the pipeline. We can do that by using the following YAML file.
1 | apiVersion: v1 |
Now we need to apply this YAML file to create the service account.
1 | kubectl create -f service-account.yaml |
Now we have finished creating the service account. Now you can use this service account in your pipelineRun to clone the private Git repository.
Create Git Clone Task
Now we need to create a task to clone our sorce code. For this we can use the git-clone task in Tekton Hub. You can find the task in here or you can use the following YAML file to create the task in your cluster.
Create Pipeline
Now we need to create a pipeline with git-clone task to clone repo. We can do that by using the following YAML file.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: clone-build-push
spec:
params:
- name: repo-url
type: string
workspaces:
- name: shared-data
tasks:
- name: fetch-source
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
params:
- name: url
value: $(params.repo-url)
- name: deleteExisting
value: "true"
1 | apiVersion: tekton.dev/v1beta1 |
Now we need to apply this YAML file to create the pipeline.
1 | kubectl create -f pipeline.yaml |
Now we have created the pipeline. Let’s move on to the next step. Now we need to create a pipelineRun to run the pipeline we created in the previous step. We can do that by using the following YAML file.
1 | apiVersion: tekton.dev/v1beta1 |
Now we need to apply this YAML file to create the pipelineRun.
1 | kubectl create -f pipeline-run.yaml |
Now we have created the pipelineRun and now you can see it is running on Tekton dashboard. Now we have finished with the git clone task. Let’s move on to the next step.
Show files in workspace
Now we need to check whether the files are cloned to the workspace. We can do that by using a custom task. We can use the following YAML file to create the task.
1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: list-source
spec:
workspaces:
- name: source
steps:
- name: list-source
image: ubuntu
workingDir: $(workspaces.source.path)
script: >
ls
1 | apiVersion: tekton.dev/v1beta1 |
Now we need to apply this YAML file to create the task.
1 | kubectl create -f list-source.yaml |
Now we need to update the pipeline we created in the previous step to run this task. We can do that by using the following YAML file.
1 |
|
Create Docker Credentials
Now we need to create a secret to store Docker credentials. We can do that by using the following YAML file.
1
2
3
4
5
6
apiVersion: v1
kind: Secret
metadata:
name: docker-credential
data:
config.json: <docker-config-json>
1 | apiVersion: v1 |
Then you need to apply this YAML file to create the secret.
1 | kubectl create -f docker-credential.yaml |
Build and Push Docker Image
Now we need to build and push the Docker image. For this we can use the kaniko task in Tekton Hub. You can find the task in here or you can use the following YAML file to create the task in your cluster.
Now we need to update the pipeline by adding image-reference & image-tag to the params section in the pipeline.
1
2
3
4
5
params:
- name: image-reference
type: string
- name: image-tag
type: string
1 | params: |
And we need to add workspaces to the pipeline level.
1 | workspaces: |
Now we need to update the pipeline by adding build-push task to the pipeline. We can do that by using the following YAML file.
1 | tasks: |
After you updated pipeline with this task, final pipeline will look like this.
1 | apiVersion: tekton.dev/v1beta1 |
Now we need to apply this YAML file to update the pipeline.
1 | kubectl apply -f pipeline.yaml |
Now we need to update the pipelineRun to run the pipeline we created in the previous step. This is the final pipelineRun we are going to use to build and push the Docker image.
1 | apiVersion: tekton.dev/v1beta1 |
Now we need to apply this YAML file to create the pipelineRun.
1 | kubectl create -f pipeline-run.yaml |
Now you can see the pipelineRun is running on Tekton dashboard. Now we have finished building and pushing the Docker image. Let’s check whether the image is pushed to Docker Hub. You can see the image is pushed to Docker Hub. Now we have finished building and pushing the Docker image.
