DevSecOps and Automation on Power

 View Only

Cross-building ppc64le container images using Tekton Pipeline

By Mayur Waghmode posted Mon September 26, 2022 09:35 AM

  

Setup the Tekton pipeline

Pre-requisites

  • An x86_64 OpenShift cluster with version 4.9 or above
  • Enable Role-Based Access Control (RBAC) in the clusters
  • Grant cluster-admin role to the current user on the cluster

Step 1: Environment Setup

oc login -u kubeadmin -p <kubepassword>
oc new-project tekton-pipelines

Step 2: Install OpenShift Pipelines Operator

  1. Log into your cluster’s OpenShift Console with cluster-admin privileges
  2. Use the left-hand menu to navigate to Operators
  3. In the Operators, submenu click on OperatorHub
  4. Use the Filter/Search box to filter on OpenShift Pipelines
  5. Click the Red Hat OpenShift Pipelines tile
  6. In the flyout menu to the right-click the Install button near the top
  7. On the next screen “Install Operator” scroll to the bottom of the page and click Install

Step 3: Install Tekton CLI

rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.26.0/tektoncd-cli-0.26.0_Linux-64bit.rpm
tkn version

Step 4: Install Tekton Dashboard

oc apply -f https://github.com/tektoncd/dashboard/releases/download/v0.29.1/tekton-dashboard-release.yaml
oc get pods --namespace tekton-pipelines --watch
oc create route edge tekton-dashboard --service=tekton-dashboard --port=http --insecure-policy=Redirect -n tekton-pipelines
oc get pods --namespace tekton-pipelines --watch
NAME READY STATUS RESTARTS AGE
tekton-dashboard-545b99657d-xnmz7 1/1 Running 0 5d
oc get route


Build the Tekton pipeline

Step 1. Clone the source code

git clone https://github.com/mayurwaghmode/cross-building-containers.git
cd cross-building-containers

Step 2. Setup quay repository with proper account permissions

  • REMOTE_REPO_URL: quay repository URL

Step 3. Create Image Push Secret

export USERNAME={YOUR_QUAY_USERNAME}
export PASSWORD={YOUR_QUAY_PASSWORD}
kubectl create secret generic image-push-secrets --from-literal=username=$USERNAME --from-literal=password=$PASSWORD

Step 4. Create a pipeline service account

oc apply -f config/sa-pipeline.yaml

Step 5. Add privileged security context constraints to the pipeline service account

oc adm policy add-scc-to-user privileged -z quay-service
oc apply -f config/sa-pipeline.yaml


Run the pipeline

Step 1. Create all the required resources

oc apply -f task/
oc apply -f pipelineresources/
oc apply -f pipeline/

Step 2. Run the pipeline

oc apply -f pipeline-run.yaml

Step 3. Monitor the PipelineRun on the Tekton dashboard


The command below can be used to see the PipelineRun logs on CLI:
tkn p logs -f


Done! The ppc64le image is built and deployed to the remote repository using a container within container approach through the Tekton pipeline running on an x86 cluster. Now that your ppc64le image is public, you can run it on any ppc64le system with podman or docker!

podman run REMOTE_REPO_URL


Thanks for reading! I hope you found this tutorial helpful. Feel free to reach out in case of any queries. Happy learning! Originally published on Medium

Permalink