Chapter 2. Overview of Builds
Builds is an extensible build framework based on the Shipwright project, which you can use to build container images on an OpenShift Container Platform cluster. You can build container images from source code and Dockerfiles by using image build tools, such as Source-to-Image (S2I) and Buildah. You can create and apply build resources, view logs of build runs, and manage builds in your OpenShift Container Platform namespaces.
Builds includes the following capabilities:
- Standard Kubernetes-native API for building container images from source code and Dockerfiles
- Support for Source-to-Image (S2I) and Buildah build strategies
- Extensibility with your own custom build strategies
- Execution of builds from source code in a local directory
- Shipwright CLI for creating and viewing logs, and managing builds on the cluster
- Integrated user experience with the Developer perspective of the OpenShift Container Platform web console
Builds consists of the following custom resources (CRs):
-
Build
-
BuildStrategy
andClusterBuildStrategy
-
BuildRun
2.1. Build resource
The Build
resource defines the source code of your application and the location where your application images will be pushed. The following example shows a simple build that consists of a Git source, a build strategy, and an output image:
apiVersion: shipwright.io/v1beta1 kind: Build metadata: name: buildah-golang-build spec: source: git: url: https://github.com/username/taxi strategy: name: buildah kind: ClusterBuildStrategy output: image: registry.mycompany.com/my-org/taxi-app:latest
You can also extend a Build
resource to push your images to a private registry or use a Dockerfile.
2.2. BuildStrategy and ClusterBuildStrategy resources
The BuildStrategy
and ClusterBuildStrategy
resources define a series of steps to assemble an application. You can use the BuildStrategy
resources within a namespace and the ClusterBuildStrategy
resources within a cluster.
The specification of a BuildStrategy
or ClusterBuildStrategy
resource consists of a steps
object. The following example shows the specification of the buildah
cluster build strategy:
apiVersion: shipwright.io/v1beta1 kind: ClusterBuildStrategy metadata: name: buildah spec: steps: - name: build-and-push image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) command: - /bin/bash # ... # ...
2.3. BuildRun resource
A BuildRun
resource invokes a build on your cluster, similar to any cluster job or Tekton task run. The BuildRun
resource represents a workload on your cluster, which results in a running pod. A BuildRun
is the running instance of a build. It instantiates a build for execution with specific parameters on a cluster.
A BuildRun
resource helps you to define the following elements:
-
A unique
BuildRun
name to monitor the status of the build -
A referenced
Build
instance to use during the build - A service account to host all secrets for the build
Each BuildRun
resource is available within a namespace.
2.4. Build controller
The build controller monitors any updates in the Build
resource and performs the following tasks:
-
Validates if the referenced
Strategy
object exists in theBuild
resource. -
Validates if the specified parameters in the
Build
CR exist in the referenced build strategy. It also validates if the parameter names collide with any reserved names. -
Validates if the container registry output secret exists in the
Build
resource. -
Validates if the referenced
spec.source.git.url
endpoint URL exists in theBuild
resource.
The build run controller monitors any updates in the Build
or TaskRun
resource and performs the following tasks:
-
Searches for any existing
TaskRun
resource and updates its parentBuildRun
resource status. -
Retrieves the specified service account and sets it along with the output secret in the
Build
resource. -
If a
TaskRun
resource does not exist, the controller generates a new TektonTaskRun
resource and sets a reference to theTaskRun
resource. -
For any subsequent updates in the
TaskRun
resource, the controller updates the parentBuildRun
resource.
2.4.1. Build validations
To avoid triggering BuildRun
resources that will fail because of incorrect or missing dependencies or configuration settings, the build controller validates them in advance. If all validations are successful, you view a status.reason
field named Succeeded
. However, if any validations fail, you must check the status.reason
and status.message
fields to understand the root cause.
status.reason field | Description |
---|---|
| The referenced strategy at namespace level does not exist. |
| The referenced strategy at cluster level does not exist. |
|
Setting owner references between a |
| The secret used to authenticate to Git does not exist. |
| The secret used to authenticate to the container registry does not exist. |
| The secret used to authenticate to the container registry does not exist. |
| Multiple secrets used for authentication are missing. |
|
One or many defined |
|
The parameters are not defined in the referenced strategy. You must define those parameters in the |
|
The defined |
|
The build name in the |
| Indicates that the name for a user-provided environment variable is blank. |
| Indicates that the value for a user-provided environment variable is blank. |