In this blog I posted on Medium last year, I showed you how to cross-build the ppc64le container images on an x86_64 machine. Now in this blog post, instead of using an x86_64 machine, we will achieve the same using a "container within container" approach through the Tekton pipeline. To do this, we will use a buildah image as the base image for our task and will execute the required shell script to build the ppc64le image.
Setup the Tekton pipeline
Pre-requisites
- An x86_64 OpenShift cluster with version 4.9 or above
- Enable Role-Based Access Control (RBAC) in the clusters
- Grant cluster-admin role to the current user on the cluster
Step 1: Environment Setup
Login to the x86 Openshift Cluster and create a new project “tekton-pipelines”
. This namespace is used by all the Tekton components.
oc login -u kubeadmin -p <kubepassword>
oc new-project tekton-pipelines
Step 2: Install OpenShift Pipelines Operator
- Log into your cluster’s OpenShift Console with cluster-admin privileges
- Use the left-hand menu to navigate to Operators
- In the Operators, submenu click on OperatorHub
- Use the Filter/Search box to filter on OpenShift Pipelines
- Click the Red Hat OpenShift Pipelines tile
- In the flyout menu to the right-click the Install button near the top
- On the next screen “Install Operator” scroll to the bottom of the page and click Install
Step 3: Install Tekton CLI
You can install tkn CLI from here depending on the OS and arch which you are using. After the successful installation, you can check the version by running this command:
rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.26.0/tektoncd-cli-0.26.0_Linux-64bit.rpm
tkn version
Step 4: Install Tekton Dashboard
oc apply -f https://github.com/tektoncd/dashboard/releases/download/v0.29.1/tekton-dashboard-release.yaml
oc get pods --namespace tekton-pipelines --watch
oc create route edge tekton-dashboard --service=tekton-dashboard --port=http --insecure-policy=Redirect -n tekton-pipelines
Verify that the Dashboard pod is in a running state by executing the command below:
oc get pods --namespace tekton-pipelines --watch
NAME READY STATUS RESTARTS AGE
tekton-dashboard-545b99657d-xnmz7 1/1 Running 0 5d
Open the route link provided by running the command below in your browser to access the Tekton dashboard.
oc get route
Build the Tekton pipeline
Step 1. Clone the source code
git clone https://github.com/mayurwaghmode/cross-building-containers.git
cd cross-building-containers
Step 2. Setup quay repository with proper account permissions
Create a Quay repository where you want to deploy the ppc64le container image built from the Tekton pipeline. Make sure that you have Read+Write permissions to the repository.
Update the below parameter from the pipeline.yaml
file
- REMOTE_REPO_URL: quay repository URL
Step 3. Create Image Push Secret
To push the image to Dockerhub, credentials are required. Create the Kubernetes secret name image-push-secrets which will be used to mount as an environment variable when the buildah task is running.
export USERNAME={YOUR_QUAY_USERNAME}
export PASSWORD={YOUR_QUAY_PASSWORD}
kubectl create secret generic image-push-secrets --from-literal=username=$USERNAME --from-literal=password=$PASSWORD
Step 4. Create a pipeline service account
This service account will be used in PipelineRun for running the pipeline.
oc apply -f config/sa-pipeline.yaml
Step 5. Add privileged
security context constraints to the pipeline service account
oc adm policy add-scc-to-user privileged -z quay-service
oc apply -f config/sa-pipeline.yaml
Run the pipeline
Step 1. Create all the required resources
oc apply -f task/
oc apply -f pipelineresources/
oc apply -f pipeline/
Step 2. Run the pipeline
oc apply -f pipeline-run.yaml
Step 3. Monitor the PipelineRun on the Tekton dashboard
The command below can be used to see the PipelineRun logs on CLI:
tkn p logs -f
Done! The ppc64le image is built and deployed to the remote repository using a container within container approach through the Tekton pipeline running on an x86 cluster. Now that your ppc64le image is public, you can run it on any ppc64le system with podman or docker!
podman run REMOTE_REPO_URL
Thanks for reading! I hope you found this tutorial helpful. Feel free to reach out in case of any queries. Happy learning! Originally published on Medium