The resource BuildRun (buildruns.dev/v1alpha1) is the build process of a Build resource definition which is executed in Kubernetes.
A BuildRun resource allows the user to define:
- The
BuildRunname, through which the user can monitor the status of the image construction. - A referenced
Buildinstance to use during the build construction. - A service account for hosting all related secrets in order to build the image.
A BuildRun is available within a namespace.
The controller watches for:
- Updates on a
Buildresource (CRD instance) - Updates on a
TaskRunresource (CRD instance)
When the controller reconciles it:
- Looks for any existing owned
TaskRunsand update its parentBuildRunstatus. - Retrieves the specified
SAand sets this with the specify output secret on theBuildresource. - Generates a new tekton
TaskRunif it does not exist, and set a reference to this resource(as a child of the controller). - On any subsequent updates on the
TaskRun, the parentBuildRunresource instance will be updated.
The BuildRun definition supports the following fields:
-
Required:
apiVersion- Specifies the API version, for exampleshipwright.io/v1alpha1.kind- Specifies the Kind type, for exampleBuildRun.metadata- Metadata that identify the CRD instance, for example the name of theBuildRun.spec.buildRef- Specifies an existingBuildresource instance to use.
-
Optional:
spec.serviceAccount- Refers to the SA to use when building the image. (defaults to thedefaultSA)spec.timeout- Defines a custom timeout. The value needs to be parsable by ParseDuration, for example5m. The value overwrites the value that is defined in theBuild.spec.output.image- Refers to a custom location where the generated image would be pushed. The value will overwrite theoutput.imagevalue which is defined inBuild. ( Note: other properties of the output, for example, the credentials cannot be specified in the buildRun spec. )
A BuildRun resource can reference a Build resource, that indicates what image to build. For example:
apiVersion: shipwright.io/v1alpha1
kind: BuildRun
metadata:
name: buildpack-nodejs-buildrun-namespaced
spec:
buildRef:
name: buildpack-nodejs-build-namespacedA BuildRun resource can define a serviceaccount to use. Usually this SA will host all related secrets referenced on the Build resource, for example:
apiVersion: shipwright.io/v1alpha1
kind: BuildRun
metadata:
name: buildpack-nodejs-buildrun-namespaced
spec:
buildRef:
name: buildpack-nodejs-build-namespaced
serviceAccount:
name: pipelineYou can also use set the spec.serviceAccount.generate path to true. This will generate the service account during runtime for you.
Note: When the SA is not defined, the BuildRun will default to the default SA in the namespace.
The BuildRun resource is updated as soon as the current image building status changes:
$ kubectl get buildrun buildpacks-v3-buildrun
NAME SUCCEEDED REASON MESSAGE STARTTIME COMPLETIONTIME
buildpacks-v3-buildrun Unknown Pending Pending 1sAnd finally:
$ kubectl get buildrun buildpacks-v3-buildrun
NAME SUCCEEDED REASON MESSAGE STARTTIME COMPLETIONTIME
buildpacks-v3-buildrun True Succeeded All Steps have completed executing 4m28s 16sThe above allows users to get an overview of the building mechanism state.
A BuildRun resource stores the relevant information regarding the state of the object under Status.Conditions.
Conditions allow users to easily understand the resource state, without needing to understand resource-specific details.
For the BuildRun we use a Condition of the type Succeeded, which is a well-known type for resources that run to completion.
The Status.Conditions hosts different fields, like Status, Reason and Message. Users can expect this fields to be populated with relevant information.
The following table illustrates the different states a BuildRun can have under its Status.Conditions:
| Status | Reason | CompletionTime is set | Description |
|---|---|---|---|
| Unknown | Pending | No | The BuildRun is waiting on a Pod in status Pending. |
| Unknown | Running | No | The BuildRun has been validate and started to perform its work. |
| True | Succeeded | Yes | The BuildRun Pod is done. |
| False | Failed | Yes | The BuildRun failed in one of the steps. |
| False | BuildRunTimeout | Yes | The BuildRun timed out. |
| False | UnknownStrategyKind | Yes | The Build specified strategy Kind is unknown. (options: ClusterBuildStrategy or BuildStrategy) |
| False | ClusterBuildStrategyNotFound | Yes | The referenced cluster strategy was not found in the cluster. |
| False | BuildStrategyNotFound | Yes | The referenced namespaced strategy was not found in the cluster. |
| False | SetOwnerReferenceFailed | Yes | Setting ownerreferences from the BuildRun to the related TaskRun failed. |
| False | TaskRunIsMissing | Yes | The BuildRun related TaskRun was not found. |
| False | TaskRunGenerationFailed | Yes | The generation of a TaskRun spec failed. |
| False | ServiceAccountNotFound | Yes | The referenced service account was not found in the cluster. |
| False | BuildRegistrationFailed | Yes | The related Build in the BuildRun is on a Failed state. |
| False | BuildNotFound | Yes | The related Build in the BuildRun was not found. |
Note: We heavily rely on the Tekton TaskRun Conditions for populating the BuildRun ones, with some exceptions.
To make it easier for users to understand why did a BuildRun failed, users can infer from the Status.FailedAt field, the pod and container where the failure took place.
In addition, the Status.Conditions will host under the Message field a compacted message containing the kubectl command to trigger, in order to retrieve the logs.
For every BuildRun controller reconciliation, the buildSpec in the Status of the BuildRun is updated if an existing owned TaskRun is present. During this update, a Build resource snapshot is generated and embedded into the status.buildSpec path of the BuildRun. A buildSpec is just a copy of the original Build spec, from where the BuildRun executed a particular image build. The snapshot approach allows developers to see the original Build configuration.
The BuildRun resource abstracts the image construction by delegating this work to the Tekton Pipeline TaskRun. Compared to a Tekton Pipeline Task, a TaskRun runs all steps until completion of the Task or until a failure occurs in the Task.
The BuildRun controller during the Reconcile will generate a new TaskRun. During the execution, the controller will embed in the TaskRun Task definition the requires steps to execute. These steps are define in the strategy defined in the Build resource, either a ClusterBuildStrategy or a BuildStrategy.