Simple CRD that uses luet and img to build packages on Kubernetes. It doesn't require privileged permissions, and builds the image as user 1000 in the workload pod.
If you need to build docker images only, have a look at img-controller
To install it in your k8s cluster:
$ kubectl apply -f https://raw.githubusercontent.com/mudler/luet-k8s/master/hack/kube.yamlThe controller expose a new PackageBuild Kubernetes resource type, which can be used to build docker images with img and packages with luet.
To build a package, for example:
$ cat <<EOF | kubectl apply -f - apiVersion: build.luet.io/v1alpha1 kind: PackageBuild metadata: name: test spec: packageName: container/img repository: url: "https://github.com/mocaccinoOS/mocaccino-extra" options: pull: true imageRepository: "quay.io/mocaccinocache/extra-amd64-cache" EOFapiVersion: build.luet.io/v1alpha1 kind: PackageBuild metadata: name: test spec: annotations: # Annotations to apply to workload pod labels: # Labels to apply to workload pod nodeSelector: # node Selector labels packageName: container/img registry: enabled: true username: "user" password: "pass" registry: "quay.io" fromSecret: "secret-key" # Only if using credentials from secret storage: enabled: true url: "minio_url" secretKey: "minio_secret_key" accessID: "minio_access_id" bucket: "bucket" path: "/bucket/path" fromSecret: "secret-Key" # Only if using credentials from secrets repository: url: "https://github.com/mocaccinoOS/mocaccino-extra" path: "/foo/path" checkout: "hash_or_branch" options: pull: true clean: true onlyTarget: true full: true all: true privileged: true compression: "gzip" resources: requests: cpu: "100m" memory: "200Mi" limits: cpu: "10m" memory: "1Mi" push: true tree: - /tree/path noDeps: true color: true spinner: true imageRepository: "quay.io/mocaccinocache/extra-amd64-cache"If storage and registry credentials are sourced from secrets, the secret should have the following fields and live in the same namespace of the workload:
storageUrl: "" storageSecretKey: "" storageAccessID: "" registryUri: "" registryPassword: "" registryUsername: ""First delete all the workload from the cluster, by deleting all the packagebuild resources.
Then run:
$ kubectl delete -f https://raw.githubusercontent.com/mudler/luet-k8s/master/hack/kube.yaml