Build container images in Kubernetes

#docker #devops #kubernetes #buildkit

One of the major steps when you are designing how you gonna ship your app is how you will build it and where.

Some people still use conventional ways to ship their apps where the is some Sysadmin dude who does all the deployment process, Some use automation of some kind, and some use a CI/CD pipeline to achieve this.

Here I'm talking about the last type of teams (The cool one 😎) and precisely the step of building Docker images in Kubernetes environment.

I'm assuming that we have:

Dockerfile for the project.
Docker hub account.
Kubernetes cluster.
Kubectl client.

What we will do:

Create a namespace in k8s.
Get authorized to store (push) the resulted image to docker hub (Docker registry).
Deploy a buildkit engine to a Kubernetes cluster.
Build The docker image and push it.

Let's start:
First we should create a namespace
kubectl create namespace images-builder

Then create a Docker hub account.
Go to your terminal and
docker login
then find the docker config file
in linux you will find it in ~/.docker/config.json
it looks like

	{
	"auths": {
	"https://index.docker.io/v1/": {
	"auth": "****************"
	}
	}
	}

view raw config.json hosted with ❤ by GitHub

if you don't find it in that place go search the internet for docker/config.json in the environment you are currently using.

After that we gonna create a secret containing the docker config file we just found using the command
kubectl create secret generic regcred \ --from-file=.dockerconfigjson=/path/to/config.json \ --type=kubernetes.io/dockerconfigjson -n images-builder

Now it's time to deploy the buildkit engine.

	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: buildkitd
	name: buildkitd
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: buildkitd
	template:
	metadata:
	labels:
	app: buildkitd
	spec:
	containers:
	- name: buildkitd
	image: moby/buildkit:master
	args:
	- '--addr'
	- 'unix:///run/buildkit/buildkitd.sock'
	- '--addr'
	- 'tcp://0.0.0.0:1234'
	- '--oci-worker-gc'
	- '--oci-worker-gc-keepstorage'
	- '50000'
	env:
	- name: DOCKER_CONFIG
	value: /root/.docker/
	volumeMounts:
	- name: dockerconfig
	mountPath: "/root/.docker/"
	readOnly: true
	# the probe below will only work after Release v0.6.3
	readinessProbe:
	exec:
	command:
	- buildctl
	- --addr
	- tcp://0.0.0.0:1234
	- debug
	- workers
	initialDelaySeconds: 5
	periodSeconds: 30
	# the probe below will only work after Release v0.6.3
	livenessProbe:
	exec:
	command:
	- buildctl
	- --addr
	- tcp://0.0.0.0:1234
	- debug
	- workers
	initialDelaySeconds: 5
	periodSeconds: 30
	securityContext:
	privileged: true
	ports:
	- containerPort: 1234
	volumes:
	- name: dockerconfig
	secret:
	secretName: regcred
	items:
	- key: .dockerconfigjson
	path: config.json

view raw buildkit.yaml hosted with ❤ by GitHub

save it in a file let's say buildkit.yaml and then
kubectl apply -f buildkit.yaml -n images-builder

Let expose the buildkit engine to use able to use it.

	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: buildkitd
	name: buildkitd
	spec:
	ports:
	- port: 1234
	protocol: TCP
	selector:
	app: buildkitd

view raw buildkit-service.yaml hosted with ❤ by GitHub

Save it in a file let's say buildkit-service.yaml and then
kubectl apply -f buildkit-service.yaml -n images-builder

We are going to use the engine form our local machine so let's forward the service using
kubectl port-forward service/buildkitd 1234 -n images-builder
And then download the buildkit client from moby/buildkit.
Download the latest version with the version that suits your machine

Extract the files to specific location.

Now we can build the dockerfile using the command.
/path/to/bin/buildctl --addr tcp://127.0.0.1:1234 build --frontend dockerfile.v0 --local context=/path/to/context --local dockerfile=/path/contains/the/Dockerfile

And to build the image and push to the dockerhub
/path/to/bin/buildctl --addr tcp://127.0.0.1:1234 build --frontend dockerfile.v0 --local context=/path/to/context --local dockerfile=/path/contains/the/Dockerfile --output type=image,name=docker.io/username/image-name,push=true

where username is your docker hub username and image-name is the name of the image you would like to use.