Part of github.com/k14s collection: ytt | kbld | kapp | kwt

kbld is a tool centered around immutable
Docker image references (i.e. digests) for Kubernetes configuration.

Github Docs Download Binary

Why?

Docker images can be referenced by their name (nginx), name-tag pair (nginx:1.14), or a digest (nginx@sha256:c398dc3f2...). Using non-digest methods may lead to hard to find deployment inconsistencies, hence it's a good practice to use image digests as they uniquely represent a particular image and cannot change.

kbld helps Kubernetes users convert non-digest image references to their digest form so that it's easier to track which images are used and how they change over time.

Additionally, kbld can orchestrate image building (delegates to tools like Docker) and pushing (to registries) and capture digest references of built images.

Basic Usage

# Configurations picked up from a directory
$ kbld -R -f examples/cassandra/ | kubectl apply -f -

# Can be used with helm charts
$ helm template my-chart --values my-vals.yml | kbld -f - | kubectl apply -f -

# ... and with kustomize
$ kustomize build ./some-app | kbld -f - | kubectl apply -f -

# ... or templated with ytt and deployed with kapp
$ ytt template -R -f ./some-app | kbld -f - | kapp -y deploy -a some-app -f -

Examples

Resolves name-tag pair reference (nginx:1.7.9) into digest reference (index.docker.io/library/nginx@sha256:c398dc3f2...)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: index.docker.io/library/nginx@sha256:c398dc3f2...
        ports:
        - containerPort: 80

Builds app from local directory (configured via Sources), pushes image as docker.io/dkalinin/simple-app (configured via ImageDestinations), and finally resolves it to a digest reference index.docker.io/dkalinin/simple-app@sha256:e932e46fd....

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app1-deployment
  labels:
    app: app1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: app1
  template:
    metadata:
      labels:
        app: app1
    spec:
      containers:
      - name: app1
        image: app1
        ports:
        - containerPort: 80

#! Specifies where to find app1 image source
---
apiVersion: kbld.k14s.io/v1alpha1
kind: Sources
sources:
- image: app1
  path: .

#! Specifies where to push app1 image
---
apiVersion: kbld.k14s.io/v1alpha1
kind: ImageDestinations
destinations:
- image: app1
  newImage: docker.io/dkalinin/simple-app

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app1-deployment
  labels:
    app: app1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: app1
  template:
    metadata:
      labels:
        app: app1
    spec:
      containers:
      - name: app1
        image: index.docker.io/dkalinin/simple-app@sha256:e932e46fd...
        ports:
        - containerPort: 80