No other technology has shaped IT in recent years as much as Application Container. But how are they built? I will answer this question in this article, using the Knative Build component, and show how you can benefit from it.

Based on my previous articles, we use the Kubernetes Cluster and the Knative Installation.

Knative Build

The Knative Build component allows you to build container images based on source code. The built images can be used by the Kubernetes cluster, e.g. in the Knative Serving component. It runs on-cluster and is implemented by a Kubernetes Custom Resource Definition (CRD). The design of the container images has an optimized size and offers better runtime performance. Knative Build is not a comprehensive CI/CD solution but allows to offer building blocks that can be integrated into existing CI/CD solution.

The Knative Build API offers the following three main types:

Build represents a build of a container image. A Build is made up of a source, and a set of steps. Steps can mount volumes to share data between themselves. A build may be created by instantiating a BuildTemplate.¹

represents a build of a container image. A Build is made up of a source, and a set of steps. Steps can mount volumes to share data between themselves. A build may be created by instantiating a BuildTemplate.¹ BuildTemplate is a template that can used to easily create Builds within a namespace.²

is a template that can used to easily create Builds within a namespace.² ClusterBuildTemplate is a template that can used to easily create Builds which is available across entire Kubernetes cluster.³

Currently it is possible to get data for the build from the following three sources:

git - A Git repositories.

- A Git repositories. gcs - An archiveGoogle Cloud Storage.

- An archiveGoogle Cloud Storage. custom - A container image.

For a secure use of the sources, the Knative Build System offers two authentication types:

kubernetes.io/basic-auth by username and password.

by username and password. kubernetes.io/ssh-auth by SSH-private key.

Requirements

In this example we will build an a container image based on the helloworld “Golang” sample.

Another part of the build will be Kaniko. To create images from a standard Dockerfile, it usually requires interactive access to a docker daemon, which itself needs root access on the machine to run. This makes it difficult to build images on a Kubernetes cluster without access to the Docker Daemons. To work around this problem, Google has developed the Kaniko tool. It provides an executor to build container images inside a container running on a Kubernetes cluster. For a Kaniko technical deep-dive please follow the Kaniko documentation link.

The second part for our image build is access to a container registry like Docker Hub. It is necessary that you create an account and provide the credentials to Kubernetes. To create an account you can follow the link to the Docker Hub documentation.

Build Preparation

Now we can start to provide the Docker Hub credentials and the service account for our Knative build. We have to create two yaml-files docker-secret.yaml and service-account.yaml .

The content of the docker-secret.yaml , it is necessary to generate a base64 string for username and password.

Config example by Mete Atamel from Github

For creating the service account please add the following content to the service-account.yaml :

Config example by Mete Atamel from Github

Now we are ready to apply the files on Kubernetes.

Config example by Mete Atamel from Github

After the apply we are ready to look at the yaml-file for our build.

Container Image Build

For creating a container image build we need an additional yaml-file build-helloworld-go.yaml with the following content. We use the Knative API endpoint build.knative.dev/v1alpha1 and the kind type “Build”. Another important section of our yaml-file is “spec”. It includes the serviceAccountName of our before created Service Account “build-bot”. Beside that we see the github source of helloworld-go sample and the build step which describes that to use the Kaniko executor. After the execution of the executor, the image is pushed to Docker Hub.

The yaml-file can be executed with the following command.

After the apply command we can check the pod by kubectl get pods .

And you can observe the log output of the container image build and the upload to the Docker Hub registry.