Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Configuring build strategies
As a platform engineer, you can define consistent build strategies by specifying parameters, system settings, resource requirements, annotations, and volumes in BuildStrategy or ClusterBuildStrategy custom resources (CR). These strategies enable controlled and reusable build execution across the cluster.
2.1. Strategy parameters definition
Define parameters in a BuildStrategy or ClusterBuildStrategy custom resource (CR). You can then set or modify these values in your Build or BuildRun CRs.
Consider the following points before defining parameters for your strategy:
-
Define a list of parameters in the
spec.parametersfield of your build strategy CR. Each item includes a name, description, type, and optionally a default value (or values for array types). If no default value is set, you must define a value in theBuildorBuildRunCR. -
Define parameters of string or array type in the
spec.stepsfield of your build strategy. Specify a parameter of string type by using the
$(params.your-parameter-name)syntax. You can set a value for theyour-parameter-nameparameter in yourBuildorBuildRunCR that references your strategy. You can define the following string parameters based on your needs:Expand Table 2.1. String parameters Parameter Description imageUse this parameter to define a custom tag, such as
golang:$(params.go-version)argsUse this parameter to pass data into your builder commands
envUse this parameter to provide a value for an environment variable
Specify a parameter of array type by using the
$(params.your-array-parameter-name[*])syntax. After specifying the array, you can use it in an argument or a command. For each item in the array, an argument will be set. The following example uses an array parameter in thespec.stepsfield of the build strategy:Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
Provide parameter values as simple strings or as references to keys in config maps or secrets. For a parameter, you can use a config map or secret value only if it is defined in the
command,args, orenvsection of thespec.stepsfield.
2.2. System parameters definition
Use system parameters to define the steps of a build strategy to access system information, or user-defined information in a Build or BuildRun custom resource (CR). You cannot configure or modify system parameters as they are defined at runtime by the build run controller.
You can define the following system parameters in your build strategy definition:
| Parameter | Description |
|---|---|
|
| Specifies the absolute path to the directory that contains the source code. |
|
|
Specifies the absolute path to the context directory of the source code. If you do not specify any value for |
|
|
Specifies the URL of the image to push as defined in the |
2.3. Step resources definition
Define CPU, memory, and disk limits for each step in a build strategy. If a strategy has multiple steps, you can allocate different resource amounts to each.
As an administrator, you can provide different versions of the same strategy (for example, buildah-small and buildah-large) so users can choose the resource profile that fits their build requirements.
2.3.1. Strategies with different resources
Define multiple variants of the same strategy to apply different resource limits for different build requirements.
The following examples use the same buildah strategy with small and medium limits defined for the resources.These examples provide a strategy administrator more control over the step resources definition.
You can define the spec.steps[].resources field with a small resource limit for the buildah strategy, as shown in the following example:
You can define the spec.steps[].resources field with a medium resource limit for the buildah strategy, as shown in the following example:
After configuring the resource definition for a strategy, you must reference the strategy in your Build custom resource (CR), as shown in the following example:
2.3.2. Resource management in Tekton pipelines
The build controller works with the Tekton pipeline controller to schedule pods that run strategy steps. At runtime, the build controller creates a Tekton TaskRun, which executes a Task and records status and results. The TaskRun creates a pod in the target namespace that runs all steps sequentially.
2.4. Annotations definition
Define annotations for a BuildStrategy or ClusterBuildStrategy in the same way as for any Kubernetes object. The build strategy passes these annotations to the TaskRun resource. Then, Tekton passes them to the pod.
You can use annotations for the following purposes:
-
Network bandwidth: Use
kubernetes.io/ingress-bandwidthorkubernetes.io/egress-bandwidthto limit the network bandwidth. -
Security profiles: Use
container.apparmor.security.beta.kubernetes.io/<container_name>to define AppArmor profiles of a container.
The following example shows the usage of annotations in a build strategy:
The following annotations are not passed to resources:
-
kubectl.kubernetes.io/last-applied-configuration -
clusterbuildstrategy.shipwright.io/* -
buildstrategy.shipwright.io/* -
build.shipwright.io/* -
buildrun.shipwright.io/*
A strategy administrator can further restrict the usage of annotations by using policy engines.
2.5. Secure referencing of string parameters
Use the $(params.your-parameter-name) syntax to reference string parameters in your build strategy. When the build runs, the system replaces the variable with the actual strings.
You can use the $(params.your-parameter-name) syntax for system and strategy parameters.
To prevent command injection vulnerabilities when using inline scripts, use one of the following secure methods:
- Use environment variables
Use arguments
- Reference a string parameter into an environment variable
Pass the parameter into an environment variable. Then, use quotes around that variable in your script. The following example uses an environment variable inside the script to reference a string parameter:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Reference a string parameter into an argument
Pass the parameter as an argument to the script. Then, use a shell variable to read it. The following example uses an argument defined within your script to reference a string parameter:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.6. System results definition
Store the image size and digest or content hash produced by the build strategy in a set of result files. Error details for debugging can also be recorded when a BuildRun resource fails.
The following result parameters can be defined in the BuildStrategy or ClusterBuildStrategy custom resource (CR):
| Parameter | Description |
|---|---|
|
| Specifies the path to the file that stores the digest or the content hash of the image. |
|
| Specifies the path to the file that stores the compressed size of the image. |
|
| Specifies the path to the file that stores the error reason. |
|
| Specifies the path to the file that stores the error message. |
The following example shows the size and digest or the content hash of the image in the .status.output field of the BuildRun CR:
The following example shows the error reason and message in the .status.failureDetails field of the BuildRun CR:
2.7. Volumes and volume mounts definition
Build strategies use volumes and volume mounts to manage data during build steps. By default, you cannot override the volumes in a BuildStrategy. To allow a Build or BuildRun to use a custom volume, you must set overridable field to true in the strategy.
The volume mount defined in build steps allows you to access volumes defined in a BuildStrategy, Build or BuildRun resource.
Volumes in build strategy use an overridable boolean flag, which is set to false by default. If a Build or BuildRun resource tries to override the volumes defined in a BuildStrategy resource, it will fail because the default value of the overridable flag is false.
The following example shows a BuildStrategy resource that defines the volumes and volumeMounts fields:
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}