Enhance docs with Buildkit

qu1queee · qu1queee · commit 22995efc1be6 · 2021-04-01T16:41:45.000+02:00
Document usage of BuildKit and update all related docs
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ Shipwright supports any tool that can build container images in Kubernetes clust
 
 - [Kaniko](https://github.com/GoogleContainerTools/kaniko)
 - [Cloud Native Buildpacks](https://buildpacks.io/)
+- [Buildkit](https://github.com/moby/buildkit)
 - [Buildah](https://buildah.io/)
 
 ## Try It!
diff --git a/docs/buildstrategies.md b/docs/buildstrategies.md
@@ -16,6 +16,10 @@ SPDX-License-Identifier: Apache-2.0
   - [Try it](#try-it)
 - [Kaniko](#kaniko)
   - [Installing Kaniko Strategy](#installing-kaniko-strategy)
+- [Buildkit](#buildkit)
+  - [Cache Exporters](#cache-exporters)
+  - [Known Limitations](#known-limitations)
+  - [Installing Buildkit Strategy](#installing-buildkit-strategy)
 - [ko](#ko)
   - [Installing ko Strategy](#installing-ko-strategy)
 - [Source to Image](#source-to-image)
@@ -106,6 +110,32 @@ kubectl apply -f samples/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml
 
 ---
 
+## Buildkit
+
+[Buildkit](https://github.com/moby/buildkit) is composed of the `buildctl` client and the `buildkitd` daemon. For the `buildkit` ClusterBuildStrategy, it runs on a [daemonless](https://github.com/moby/buildkit#daemonless) mode, where both client and ephemeral daemon run in a single container. In addition, it runs without privileges ( _[rootless](https://github.com/moby/buildkit/blob/master/docs/rootless.md)_ ).
+
+### Cache Exporters
+
+By default, the `buildkit` ClusterBuildStrategy will use caching to optimize the build times. When pushing an image to a registry, it will use the `inline` export cache, which pushes the image and cache together. Please refer to [export-cache docs](https://github.com/moby/buildkit#export-cache) for more information.
+
+### Known Limitations
+
+The `buildkit` ClusterBuildStrategy currently locks the following parameters:
+
+- A `Dockerfile` name needs to be `Dockerfile`, this is currently not configurable.
+- Exporter caches are enable by default, this is currently not configurable.
+- To allow running rootless, it requires both [AppArmor](https://kubernetes.io/docs/tutorials/clusters/apparmor/) as well as [SecComp](https://kubernetes.io/docs/tutorials/clusters/seccomp/) to be disabled using the `unconfined` profile.
+
+### Installing Buildkit Strategy
+
+To install the cluster scope strategy, use:
+
+```sh
+kubectl apply -f samples/buildstrategy/buildkit/buildstrategy_buildkit_cr.yaml
+```
+
+---
+
 ## ko
 
 The `ko` ClusterBuilderStrategy is using [ko](https://github.com/google/ko)'s publish command to build an image from a Golang main package.
diff --git a/docs/tutorials/README.md b/docs/tutorials/README.md
@@ -34,6 +34,7 @@ The default installation includes these [buildstrategies](/docs/buildstrategies.
 
 * [Buildpacks-v3](docs/buildstrategies.md#buildpacks-v3)
 * [Kaniko](docs/buildstrategies.md#kaniko)
+* [Buildkit](docs/buildstrategies.md#buildkit)
 * [Source-to-Image](docs/buildstrategies.md#source-to-image)
 * [Buildah](docs/buildstrategies.md#buildah)
 * [ko](docs/buildstrategies.md#ko)
@@ -46,6 +47,8 @@ For more information about strategies see the related [docs](/docs/buildstrategi
 
 * [Example with Buildpacks](/docs/tutorials/building_with_buildpacks.md)
 
+* [Example with Buildkit](/docs/tutorials/building_with_buildkit.md)
+
 Depending on your source code you might want to try a specific example. The following table serves as a guide to help you understand which
 strategy to choose:
 
diff --git a/docs/tutorials/building_with_buildkit.md b/docs/tutorials/building_with_buildkit.md
@@ -0,0 +1,128 @@
+
+# Building with Buildkit
+
+Before starting, make sure you have Tekton and Shipwright Build installed.
+
+See the [Try It!](../../README.md#try-it) section for more information.
+
+## Getting Started
+
+### Registry Authentication
+
+For this tutorial, we will require to create a `tutorial-secret` Kubernetes secret to access a [DockerHub](https://hub.docker.com/) registry, as follows:
+
+```sh
+$ REGISTRY_SERVER=https://index.docker.io/v1/ REGISTRY_USER=<your_registry_user> REGISTRY_PASSWORD=<your_registry_password>
+$ kubectl create secret docker-registry tutorial-secret --docker-server=$REGISTRY_SERVER --docker-username=$REGISTRY_USER --docker-password=$REGISTRY_PASSWORD  --docker-email=me@here.com
+```
+
+_Note_: For more information about authentication, please refer to the related [docs](/docs/development/authentication.md).
+
+## Create the strategy
+
+Ensure all strategies are in place, see the [Try It!](../../README.md#try-it) section for more information.
+
+```sh
+$ kubectl get cbs
+NAME              AGE
+buildah           96s
+buildkit          78s
+buildpacks-v3     96s
+kaniko            96s
+ko                96s
+source-to-image   96s
+```
+
+_Note_: For more information about strategies, please refer to the related [docs](/docs/buildstrategies.md).
+
+## Creating a Build
+
+For the Build definition, we will require the following:
+
+- A GitHub repository containing a Go [application](https://github.com/shipwright-io/sample-go/tree/main/docker-build) that requires a `Dockerfile`.
+- The `tutorial-secret` we just created.
+- The `buildkit` ClusterBuildStrategy.
+
+Let's apply our Build and wait for it to be ready:
+
+```bash
+$ export REGISTRY_ORG=<your_registry_org>
+$ cat <<EOF | kubectl apply -f -
+apiVersion: shipwright.io/v1alpha1
+kind: Build
+metadata:
+  name: go-tutorial-buildkit
+spec:
+  source:
+    url: https://github.com/shipwright-io/sample-go
+    contextDir: docker-build/
+  dockerfile: docker-build/
+  strategy:
+    name: buildkit
+    kind: ClusterBuildStrategy
+  output:
+    image: docker.io/${REGISTRY_ORG}/go-tutorial:latest
+    credentials:
+      name: tutorial-secret
+EOF
+```
+
+_Note_: Pay attention to the definition under `spec.source.dockerfile`. The `buildkit` expects a path to where your `Dockerfile` is located.
+
+Verify that the `go-tutorial` Build was created successfully:
+
+```sh
+$ kubectl get build
+NAME                         REGISTERED   REASON      BUILDSTRATEGYKIND      BUILDSTRATEGYNAME   CREATIONTIME
+go-tutorial-buildkit         True         Succeeded   ClusterBuildStrategy   buildkit            4s
+```
+
+_Note_: For more information about Build resources, please refer to the related [docs](/docs/build.md).
+
+## Creating a BuildRun
+
+Second, we will create a `BuildRun` resource that references our previous `go-tutorial` Build:
+
+```sh
+$ cat <<EOF | kubectl create -f -
+apiVersion: shipwright.io/v1alpha1
+kind: BuildRun
+metadata:
+  name: a-buildkit-buildrun
+spec:
+  buildRef:
+    name: go-tutorial-buildkit
+EOF
+```
+
+Wait until your `go-tutorial-buildrun` buildrun is completed:
+
+```sh
+$ kubectl get buildrun
+NAME                  SUCCEEDED   REASON    STARTTIME   COMPLETIONTIME
+a-buildkit-buildrun   Unknown     Pending   4s
+```
+
+To know more about the state of the BuildRun, the `.Status.Conditions` fields provide more data:
+
+```sh
+$ kubectl get buildrun a-buildkit-buildrun -o json | jq '.status.conditions[]'
+{
+  "lastTransitionTime": "2021-04-01T09:15:13Z",
+  "message": "All Steps have completed executing",
+  "reason": "Succeeded",
+  "status": "True",
+  "type": "Succeeded"
+}
+```
+
+_Note_: A BuildRun is a resource that runs to completion. The `REASON` column reflects the state of the resource. If the BuildRun ran to completion successfully,
+a `Succeeded` `REASON` is expected.
+
+_Note_: For more information about BuildRun resources, please refer to the related [docs](/docs/buildrun.md).
+
+## Closing
+
+Congratulations! You just created a container image from https://github.com/shipwright-io/sample-go using [Buildkit](https://github.com/moby/buildkit).
+
+The new container image should now be available in your container registry.
