buildkit/examples/kubernetes/job.rootless.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: buildkit
spec:
  template:
    metadata:
      annotations:
        container.apparmor.security.beta.kubernetes.io/buildkit: unconfined
        container.seccomp.security.alpha.kubernetes.io/buildkit: unconfined
    # see buildkit/docs/rootless.md for caveats of rootless mode
    spec:
      restartPolicy: Never
      initContainers:
        - name: prepare
          image: alpine:3.10
          command:
            - sh
            - -c
            - "echo FROM hello-world > /workspace/Dockerfile"
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
          volumeMounts:
            - name: workspace
              mountPath: /workspace
      containers:
        - name: buildkit
          image: moby/buildkit:master-rootless
          env:
            - name: BUILDKITD_FLAGS
              value: --oci-worker-no-process-sandbox
          command:
            - buildctl-daemonless.sh
          args:
            - build
            - --frontend
            - dockerfile.v0
            - --local
            - context=/workspace
            - --local
            - dockerfile=/workspace
          # To push the image to a registry, add
          # `--output type=image,name=docker.io/username/image,push=true`
          securityContext:
            # To change UID/GID, you need to rebuild the image
            runAsUser: 1000
            runAsGroup: 1000
          volumeMounts:
            - name: workspace
              readOnly: true
              mountPath: /workspace
      # To push the image, you also need to create `~/.docker/config.json` secret
      # and set $DOCKER_CONFIG to `/path/to/.docker` directory.
      volumes:
        - name: workspace
          emptyDir: {}
massive doc updates * examples/kubernetes: newly added * docs/rootless.md: cleaned up for better readability * examples/README.md: split out from the main README.md * examples/build-using-dockerfile/README.md: split out from the main README.md * README.md: add TOC using https://github.com/thlorenz/doctoc * README.md: add mTLS configuration (relates to #1074) * README.md: add more adoptions * README.md: add inline cache (fix #976) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2019-10-11 17:20:52 +00:00			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: buildkit`
			`spec:`
			`template:`
			`metadata:`
			`annotations:`
			`container.apparmor.security.beta.kubernetes.io/buildkit: unconfined`
			`container.seccomp.security.alpha.kubernetes.io/buildkit: unconfined`
Add lint Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-11-22 17:10:34 +00:00			`# see buildkit/docs/rootless.md for caveats of rootless mode`
massive doc updates * examples/kubernetes: newly added * docs/rootless.md: cleaned up for better readability * examples/README.md: split out from the main README.md * examples/build-using-dockerfile/README.md: split out from the main README.md * README.md: add TOC using https://github.com/thlorenz/doctoc * README.md: add mTLS configuration (relates to #1074) * README.md: add more adoptions * README.md: add inline cache (fix #976) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2019-10-11 17:20:52 +00:00			`spec:`
			`restartPolicy: Never`
			`initContainers:`
Add lint Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-11-22 17:10:34 +00:00			`- name: prepare`
			`image: alpine:3.10`
			`command:`
			`- sh`
			`- -c`
			`- "echo FROM hello-world > /workspace/Dockerfile"`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`volumeMounts:`
			`- name: workspace`
			`mountPath: /workspace`
massive doc updates * examples/kubernetes: newly added * docs/rootless.md: cleaned up for better readability * examples/README.md: split out from the main README.md * examples/build-using-dockerfile/README.md: split out from the main README.md * README.md: add TOC using https://github.com/thlorenz/doctoc * README.md: add mTLS configuration (relates to #1074) * README.md: add more adoptions * README.md: add inline cache (fix #976) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2019-10-11 17:20:52 +00:00			`containers:`
Add lint Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-11-22 17:10:34 +00:00			`- name: buildkit`
			`image: moby/buildkit:master-rootless`
			`env:`
			`- name: BUILDKITD_FLAGS`
			`value: --oci-worker-no-process-sandbox`
			`command:`
			`- buildctl-daemonless.sh`
			`args:`
			`- build`
			`- --frontend`
			`- dockerfile.v0`
			`- --local`
			`- context=/workspace`
			`- --local`
			`- dockerfile=/workspace`
			`# To push the image to a registry, add`
			# `--output type=image,name=docker.io/username/image,push=true`
			`securityContext:`
			`# To change UID/GID, you need to rebuild the image`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`volumeMounts:`
			`- name: workspace`
			`readOnly: true`
			`mountPath: /workspace`
			# To push the image, you also need to create `~/.docker/config.json` secret
			# and set $DOCKER_CONFIG to `/path/to/.docker` directory.
massive doc updates * examples/kubernetes: newly added * docs/rootless.md: cleaned up for better readability * examples/README.md: split out from the main README.md * examples/build-using-dockerfile/README.md: split out from the main README.md * README.md: add TOC using https://github.com/thlorenz/doctoc * README.md: add mTLS configuration (relates to #1074) * README.md: add more adoptions * README.md: add inline cache (fix #976) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2019-10-11 17:20:52 +00:00			`volumes:`
Add lint Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-11-22 17:10:34 +00:00			`- name: workspace`
			`emptyDir: {}`