2019-10-11 17:20:52 +00:00
|
|
|
apiVersion: batch/v1
|
|
|
|
kind: Job
|
|
|
|
metadata:
|
|
|
|
name: buildkit
|
|
|
|
spec:
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
annotations:
|
|
|
|
container.apparmor.security.beta.kubernetes.io/buildkit: unconfined
|
|
|
|
container.seccomp.security.alpha.kubernetes.io/buildkit: unconfined
|
2020-11-22 17:10:34 +00:00
|
|
|
# see buildkit/docs/rootless.md for caveats of rootless mode
|
2019-10-11 17:20:52 +00:00
|
|
|
spec:
|
|
|
|
restartPolicy: Never
|
|
|
|
initContainers:
|
2020-11-22 17:10:34 +00:00
|
|
|
- name: prepare
|
|
|
|
image: alpine:3.10
|
|
|
|
command:
|
|
|
|
- sh
|
|
|
|
- -c
|
|
|
|
- "echo FROM hello-world > /workspace/Dockerfile"
|
|
|
|
securityContext:
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|
|
|
|
volumeMounts:
|
|
|
|
- name: workspace
|
|
|
|
mountPath: /workspace
|
2019-10-11 17:20:52 +00:00
|
|
|
containers:
|
2020-11-22 17:10:34 +00:00
|
|
|
- name: buildkit
|
|
|
|
image: moby/buildkit:master-rootless
|
|
|
|
env:
|
|
|
|
- name: BUILDKITD_FLAGS
|
|
|
|
value: --oci-worker-no-process-sandbox
|
|
|
|
command:
|
|
|
|
- buildctl-daemonless.sh
|
|
|
|
args:
|
|
|
|
- build
|
|
|
|
- --frontend
|
|
|
|
- dockerfile.v0
|
|
|
|
- --local
|
|
|
|
- context=/workspace
|
|
|
|
- --local
|
|
|
|
- dockerfile=/workspace
|
|
|
|
# To push the image to a registry, add
|
|
|
|
# `--output type=image,name=docker.io/username/image,push=true`
|
|
|
|
securityContext:
|
|
|
|
# To change UID/GID, you need to rebuild the image
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|
|
|
|
volumeMounts:
|
|
|
|
- name: workspace
|
|
|
|
readOnly: true
|
|
|
|
mountPath: /workspace
|
|
|
|
# To push the image, you also need to create `~/.docker/config.json` secret
|
|
|
|
# and set $DOCKER_CONFIG to `/path/to/.docker` directory.
|
2019-10-11 17:20:52 +00:00
|
|
|
volumes:
|
2020-11-22 17:10:34 +00:00
|
|
|
- name: workspace
|
|
|
|
emptyDir: {}
|