# Build an Image
# From your source code
To build an OCI image out of your application source code, all you need to do is create a new Image resource on Kubernetes. kpack will then use the preinstalled Cloud Native Buildpacks (opens new window) to figure out what type of language and runtime your code needs and build it into a runnable image for you:
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: demo-java-image
namespace: mycloud
spec:
tag: harbor.demo.kube-plus.cloud/mycloud/java-demo # specify target image registry path here
imageTaggingStrategy: BuildNumber
serviceAccountName: image-registry-service-account # be sure to use this service account if you push images to harbor.demo.kube-plus.cloud
builder:
name: default-builder
kind: ClusterBuilder
source:
git: # this example uses app source code from a public github repository
url: https://github.com/spring-projects/spring-petclinic
revision: 82cb521d636b282340378d80a6307a08e3d4a4c4
$ kubectl apply -n mycloud -f app-source-to-image.yaml
This will use the default serviceAccountName image-registry-service-account, which should be provided within your namespace and allows access to the default image registry as part of the Swisscom Application Platform.
# Private git repository
If you want to use source code not from a public git repository you can do that as well.
For that use case kubernetes.io/basic-auth secrets are used with a specific kpack.io/git annotation that references a remote git location.
For a private github repository, the basic auth secret would look like this:
apiVersion: v1
kind: Secret
metadata:
name: my-basic-git-user-pass
annotations:
kpack.io/git: https://github.com
type: kubernetes.io/basic-auth
stringData:
username: <username>
password: <password>
To then make use of these secrets with kpack you have to also create a service account and reference the service account in the Image resource.
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-custom-service-account
secrets:
- name: my-basic-git-user-pass
# Private image registry
The same technique as for private github repositories applies too if you want the build service to push the image on to a private image registry. you will need to explicitely specify a service account and its registry credentials accordingly:
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: demo-java-image
namespace: mycloud
spec:
tag: 301419571376.dkr.ecr.eu-central-1.amazonaws.com/custom-image-registry/image-path
imageTaggingStrategy: BuildNumber
serviceAccountName: custom-image-service-account
builder:
name: default-builder
kind: ClusterBuilder
source:
git:
url: https://github.com/spring-projects/spring-petclinic
revision: 82cb521d636b282340378d80a6307a08e3d4a4c4
---
# defines a new service account which we specified to use in the Image resource above with "serviceAccountName"
apiVersion: v1
kind: ServiceAccount
metadata:
name: custom-image-service-account
namespace: mycloud
# this service account refers to the secret containing the private registry credentials
secrets:
- name: custom-image-registry-credentials
imagePullSecrets:
- name: custom-image-registry-credentials
---
# defines a new secret containing the private registry credentials
apiVersion: v1
kind: Secret
metadata:
name: custom-image-registry-credentials
namespace: mycloud
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: '{"auths":{"301419571376.dkr.ecr.eu-central-1.amazonaws.com":{"username":"AWS","password":"*****","auth":"*****"}}}'
$ kubectl apply -n mycloud -f custom-image-registry.yaml
Be sure to check out the full documentation (opens new window) on Image.
# Secrets / Service Account
A more detailed documentation on how to use secrets for private git repositories or private image registries can be found here (opens new window)
# View build logs / progress
Following up on the image build progress or viewing the logs can be done by using the kpack-cli (opens new window).
Use the kp build logs <image-name> -n <namespace> command as described here (opens new window) in detail.
$ kp build logs demo-simple-image -n mycloud
===> PREPARE
Build reason(s): CONFIG
CONFIG:
resources: {}
- source: {}
+ source:
+ git:
+ revision: ee041cb5039942f9004910609a58287357f28674
+ url: https://github.com/JamesClonk/web-container
Loading secret for "harbor.demo.kube-plus.cloud" from secret "image-registry-service-account" at location "/var/build-secrets/image-registry-service-account"
Cloning "https://github.com/JamesClonk/web-container" @ "ee041cb5039942f9004910609a58287357f28674"...
Successfully cloned "https://github.com/JamesClonk/web-container" @ "ee041cb5039942f9004910609a58287357f28674" in path "/workspace"
===> DETECT
3 of 7 buildpacks participating
paketo-buildpacks/ca-certificates 2.4.2
paketo-buildpacks/go-dist 0.7.0
paketo-buildpacks/go-build 0.5.0
===> ANALYZE
no stack metadata found at path ''
Previous image with name "" not found
Restoring metadata for "paketo-buildpacks/ca-certificates:helper" from app image
===> RESTORE
===> BUILD
Paketo CA Certificates Buildpack 2.4.2
https://github.com/paketo-buildpacks/ca-certificates
Launch Helper: Reusing cached layer
Paketo Go Distribution Buildpack 0.7.0
Resolving Go version
Candidate version sources (in priority order):
<unknown> -> ""
Selected Go version (using <unknown>): 1.16.9
Executing build process
Installing Go 1.16.9
Completed in 4.108s
Paketo Go Build Buildpack 0.5.0
Executing build process
Running 'go build -o /layers/paketo-buildpacks_go-build/targets/bin -buildmode pie -trimpath .'
Completed in 11.259s
Assigning launch processes:
web: /layers/paketo-buildpacks_go-build/targets/bin/workspace
workspace: /layers/paketo-buildpacks_go-build/targets/bin/workspace
===> EXPORT
Reusing layers from image 'harbor.demo.kube-plus.cloud/mycloud/java-demo@sha256:26fd8a53e33ebfefbd434f5cfd001852cf4cd4d572dcdd50956db90ca0af2fe9'
Reusing layer 'paketo-buildpacks/ca-certificates:helper'
Adding layer 'paketo-buildpacks/go-build:targets'
Adding 1/1 app layer(s)
Reusing layer 'launcher'
Adding layer 'config'
Adding layer 'process-types'
Adding label 'io.buildpacks.lifecycle.metadata'
Adding label 'io.buildpacks.build.metadata'
Adding label 'io.buildpacks.project.metadata'
Setting default process type 'web'
Saving harbor.demo.kube-plus.cloud/mycloud/java-demo...
*** Images (sha256:1ae0555bd3f4d7de11f7926b8e883d72a0085e010deb5f7d974fdfbf9f55dba3):
harbor.demo.kube-plus.cloud/mycloud/java-demo
harbor.demo.kube-plus.cloud/mycloud/java-demo:b1.20211029.120125
Adding cache layer 'paketo-buildpacks/go-dist:go'
Adding cache layer 'paketo-buildpacks/go-build:gocache'
===> COMPLETION
Build successful
# View build status
Get a look at the current build status, which buildpacks it uses, etc. by using the kp build status <image-name> -n <namespace> command as described here (opens new window) in detail.
$ kp build status demo-simple-image -n mycloud
Image: harbor.demo.kube-plus.cloud/mycloud/java-demo@sha256:1ae0555bd3f4d7de11f7926b8e883d72a0085e010deb5f7d974fdfbf9f55dba3
Status: SUCCESS
Reason: CONFIG
resources: {}
- source: {}
+ source:
+ git:
+ revision: ee041cb5039942f9004910609a58287357f28674
+ url: https://github.com/JamesClonk/web-container
Started: 2021-10-29 14:01:25
Finished: 2021-10-29 14:02:17
Pod Name: demo-simple-image-build-1-build-pod
Builder: harbor.demo.kube-plus.cloud/kpack/kpack-builder@sha256:d58f71306826025f21a8c1da124ea93249749bca69bff930380f9ab2b511ac93
Run Image: index.docker.io/paketobuildpacks/run@sha256:2e326d8a9c51b48e778e7cbc87d364f1ee7808ddd4f18483e958c629c573358b
Source: GitUrl
Url: https://github.com/JamesClonk/web-container
Revision: ee041cb5039942f9004910609a58287357f28674
BUILDPACK ID BUILDPACK VERSION HOMEPAGE
paketo-buildpacks/ca-certificates 2.4.2 https://github.com/paketo-buildpacks/ca-certificates
paketo-buildpacks/go-dist 0.7.0 https://github.com/paketo-buildpacks/go-dist
paketo-buildpacks/go-build 0.5.0 https://github.com/paketo-buildpacks/go-build