About Builds
Introduction to Builds
Abstract
Chapter 1. Release notes
Release notes contain information about new and deprecated features, breaking changes, and known issues. The following release notes apply for the most recent Builds releases on OpenShift Container Platform.
Builds is an extensible build framework based on the Shipwright project, which you can use to build container images on an OpenShift Container Platform cluster. You can build container images from source code and Dockerfiles by using image build tools, such as Source-to-Image (S2I) and Buildah. You can create and apply build resources, view logs of build runs, and manage builds in your OpenShift Container Platform namespaces.
Builds includes the following capabilities:
- Standard Kubernetes-native API for building container images from source code and Dockerfiles
-
Support for Source-to-Image (S2I) and
Buildahbuild strategies - Extensibility with your own custom build strategies
- Execution of builds from source code in a local directory
- Shipwright CLI for creating and viewing logs, and managing builds on the cluster
- Integrated user experience with the Developer perspective of the OpenShift Container Platform web console
For more information about Builds, see Overview of Builds.
1.1. Compatibility and support matrix
In the table, components are marked with the following statuses:
| TP | Technology Preview |
| GA | General Availability |
The Technology Preview features are experimental features and are not intended for production use.
| Builds Version | Component Version | Compatible Openshift Pipelines Version | OpenShift Version | Support | |
|---|---|---|---|---|---|
| Operator | Builds (Shipwright) | CLI | |||
| 1.1 | 0.13.0 (GA) | 0.13.0 (GA) | 1.13, 1.14, and 1.15 | 4.12, 4.13, 4.14, 4.15, and 4.16 | GA |
| 1.0 | 0.12.0 (GA) | 0.12.0 (GA) | 1.12, 1.13, 1.14, and 1.15 | 4.12, 4.13, 4.14, 4.15, and 4.16 | GA |
1.2. Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
1.3. Release notes for Builds General Availability 1.1
Builds General Availability (GA) 1.1 is now available on OpenShift Container Platform 4.16.
1.3.1. New features
The following sections highlight what is new in Builds 1.1.
1.3.1.1. Builds
-
The builds controllers now use Tekton’s V1 API to create and access the
TaskRunthat backs aBuildRun. - With this release, you can now define a build without any source. This is useful if you want to run the build using only the local source.
-
The output image section now supports an optional timestamp field to change the image creation timestamp. Use the
SourceTimestampstring to set it to match the source timestamp. -
With this release, the
.source.typefield is now required in bothbuildandbuildRun. - With this release, the Operator now installs Shipwright by default and introduces several user experience enhancements for Builds.
1.3.1.2. Shared Resource CSI Driver
-
The Shared Resource CSI Driver is now generally available. With this release, the CSI Shared Driver enables sharing of
ConfigMapsand secrets across different namespaces in Kubernetes clusters. The driver has permission to read all Kubernetes secrets. This feature improves resource efficiency by reducing duplication and simplifies configuration management in multi-tenant environments. Administrators can define access policies to control which namespaces can read or modify these shared resources.
1.3.2. Known issues
The following section highlights known issues in Builds 1.1.
1.3.2.1. Builds
-
With this release, direct upgrades from Builds 1.0 to Builds 1.1 are not supported. To upgrade to Builds 1.1, you must delete the
ShipwrightBuildobject, uninstall the Builds1.0.zoperator, and then install the Builds1.1.0operator from OperatorHub.
Chapter 2. Overview of Builds
Builds is an extensible build framework based on the Shipwright project, which you can use to build container images on an OpenShift Container Platform cluster. You can build container images from source code and Dockerfiles by using image build tools, such as Source-to-Image (S2I) and Buildah. You can create and apply build resources, view logs of build runs, and manage builds in your OpenShift Container Platform namespaces.
Builds includes the following capabilities:
- Standard Kubernetes-native API for building container images from source code and Dockerfiles
-
Support for Source-to-Image (S2I) and
Buildahbuild strategies - Extensibility with your own custom build strategies
- Execution of builds from source code in a local directory
- Shipwright CLI for creating and viewing logs, and managing builds on the cluster
- Integrated user experience with the Developer perspective of the OpenShift Container Platform web console
Builds consists of the following custom resources (CRs):
-
Build -
BuildStrategyandClusterBuildStrategy -
BuildRun
2.1. Build resource
The Build resource defines the source code of your application and the location where your application images will be pushed. The following example shows a simple build that consists of a Git source, a build strategy, and an output image:
apiVersion: shipwright.io/v1beta1
kind: Build
metadata:
name: buildah-golang-build
spec:
source:
git:
url: https://github.com/username/taxi
strategy:
name: buildah
kind: ClusterBuildStrategy
output:
image: registry.mycompany.com/my-org/taxi-app:latest
You can also extend a Build resource to push your images to a private registry or use a Dockerfile.
2.2. BuildStrategy and ClusterBuildStrategy resources
The BuildStrategy and ClusterBuildStrategy resources define a series of steps to assemble an application. You can use the BuildStrategy resources within a namespace and the ClusterBuildStrategy resources within a cluster.
The specification of a BuildStrategy or ClusterBuildStrategy resource consists of a steps object. The following example shows the specification of the buildah cluster build strategy:
apiVersion: shipwright.io/v1beta1
kind: ClusterBuildStrategy
metadata:
name: buildah
spec:
steps:
- name: build-and-push
image: quay.io/containers/buildah:v1.31.0
workingDir: $(params.shp-source-root)
command:
- /bin/bash
# ...
# ...2.3. BuildRun resource
A BuildRun resource invokes a build on your cluster, similar to any cluster job or Tekton task run. The BuildRun resource represents a workload on your cluster, which results in a running pod. A BuildRun is the running instance of a build. It instantiates a build for execution with specific parameters on a cluster.
A BuildRun resource helps you to define the following elements:
-
A unique
BuildRunname to monitor the status of the build -
A referenced
Buildinstance to use during the build - A service account to host all secrets for the build
Each BuildRun resource is available within a namespace.
2.4. Build controller
The build controller monitors any updates in the Build resource and performs the following tasks:
-
Validates if the referenced
Strategyobject exists in theBuildresource. -
Validates if the specified parameters in the
BuildCR exist in the referenced build strategy. It also validates if the parameter names collide with any reserved names. -
Validates if the container registry output secret exists in the
Buildresource. -
Validates if the referenced
spec.source.git.urlendpoint URL exists in theBuildresource.
The build run controller monitors any updates in the Build or TaskRun resource and performs the following tasks:
-
Searches for any existing
TaskRunresource and updates its parentBuildRunresource status. -
Retrieves the specified service account and sets it along with the output secret in the
Buildresource. -
If a
TaskRunresource does not exist, the controller generates a new TektonTaskRunresource and sets a reference to theTaskRunresource. -
For any subsequent updates in the
TaskRunresource, the controller updates the parentBuildRunresource.
2.4.1. Build validations
To avoid triggering BuildRun resources that will fail because of incorrect or missing dependencies or configuration settings, the build controller validates them in advance. If all validations are successful, you view a status.reason field named Succeeded. However, if any validations fail, you must check the status.reason and status.message fields to understand the root cause.
| status.reason field | Description |
|---|---|
|
| The referenced strategy at namespace level does not exist. |
|
| The referenced strategy at cluster level does not exist. |
|
|
Setting owner references between a |
|
| The secret used to authenticate to Git does not exist. |
|
| The secret used to authenticate to the container registry does not exist. |
|
| The secret used to authenticate to the container registry does not exist. |
|
| Multiple secrets used for authentication are missing. |
|
|
One or many defined |
|
|
The parameters are not defined in the referenced strategy. You must define those parameters in the |
|
|
The defined |
|
|
The build name in the |
|
| Indicates that the name for a user-provided environment variable is blank. |
|
| Indicates that the value for a user-provided environment variable is blank. |
2.5. Additional resources
Chapter 3. Build strategies
You can use a curated set of build strategies or cluster build strategies on the OpenShift Container Platform cluster. The Builds for Red Hat OpenShift Operator automatically installs these strategies for use. This automated installation of strategies helps you to quickly get started with Builds.
Builds supports the following cluster build strategies:
-
buildah: Supported on all platforms -
source-to-image: Supported on the linux/amd64 platform
The buildpacks build strategy is currently in Developer Preview. For more information, see the buildpacks example.
3.1. Buildah
The buildah cluster build strategy uses a Dockerfile to build a container image and pushes it to the target registry. You must specify the Dockerfile in the spec.paramValues field of the Build CR.
You can share the buildah strategy across different namespaces within your cluster because the Builds for Red Hat OpenShift Operator installs the buildah strategy at cluster level.
You can configure the following parameters for the buildah strategy:
| Name | Type | Description | Default |
|---|---|---|---|
|
| array | Key-value pair of the arguments required by the Dockerfile that is used during the build | [] |
|
| array | List of registries that must be blocked | [] |
|
| array | List of insecure registries with their fully qualified domain name (FQDN) | [] |
|
| array | List of registries to search short name images | ["registry.redhat.io", "quay.io"] |
|
| string | Path of the Dockerfile that is used during the build | "Dockerfile" |
|
| string |
Storage drivers that are used by | "vfs" |
For more information, see Configuring build strategies in the Additional resources section.
3.2. Source-to-image
This build strategy is composed of source-to-image and buildah. You can use this strategy to generate a container file and prepare the application to build with a builder image. You must specify the builder image in the spec.paramValues field of the Build CR.
You can share the source-to-image strategy across different namespaces within your cluster because the Builds for Red Hat OpenShift Operator installs the source-to-image strategy at cluster level.
You can configure the following parameters for the source-to-image strategy:
| Name | Type | Description | Default |
|---|---|---|---|
|
| array | List of registries that must be blocked | [] |
|
| array | List of insecure registries with their FQDN | [] |
|
| array | List of registries to search short name images | ["registry.redhat.io", "quay.io"] |
|
| string | Location of the builder image that is used during the build | NA |
|
| string |
Storage drivers that are used by | "vfs" |
3.3. Additional resources
Legal Notice
Copyright © 2024 Red Hat, Inc.
OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).
Modified versions must remove all Red Hat trademarks.
Portions adapted from https://github.com/kubernetes-incubator/service-catalog/ with modifications by Red Hat.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
