Merge pull request #1208 from jedevc/kubernetes-builder-docs

docs: add new kubernetes build driver docs

docs/guides/kubernetes-builder.md

@@ -0,0 +1,236 @@
+---
+title: "Kubernetes builder"
+description: "Connect buildx to a kubernetes cluster"
+keywords: build, buildx, buildkit
+---
+
+The buildx kubernetes driver allows connecting your local development or ci
+environments to your kubernetes cluster to allow access to more powerful
+and varied compute resources.
+
+This guide assumes you already have an existing kubernetes cluster - if you don't already
+have one, you can easily follow along by installing
+[minikube](https://minikube.sigs.k8s.io/docs/).
+
+Before connecting buildx to your cluster, you may want to create a dedicated
+namespace using `kubectl` to keep your buildx-managed resources separate. You
+can call your namespace anything you want, or use the existing `default`
+namespace, but we'll create a `buildkit` namespace for now:
+
+```console
+$ kubectl create namespace buildkit
+```
+
+Then create a new buildx builder:
+
+```console
+$ docker buildx create \
+  --bootstrap \
+  --name=kube \
+  --driver=kubernetes \
+  --driver-opt=namespace=buildkit
+```
+
+This assumes that the kubernetes cluster you want to connect to is currently
+accessible via the kubectl command, with the `KUBECONFIG` environment variable
+[set appropriately](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/#set-the-kubeconfig-environment-variable)
+if neccessary.
+
+You should now be able to see the builder in the list of buildx builders:
+
+```console
+$ docker buildx ls
+NAME/NODE                DRIVER/ENDPOINT STATUS  PLATFORMS
+kube                     kubernetes              
+  kube0-6977cdcb75-k9h9m                 running linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/386
+default *                docker
+  default                default         running linux/amd64, linux/386
+```
+
+The buildx driver creates the neccessary resources on your cluster in the
+specified namespace (in this case, `buildkit`), while keeping your
+driver configuration locally. You can see the running pods with:
+
+```console
+$ kubectl -n buildkit get deployments
+NAME    READY   UP-TO-DATE   AVAILABLE   AGE
+kube0   1/1     1            1           32s
+
+$ kubectl -n buildkit get pods
+NAME                     READY   STATUS    RESTARTS   AGE
+kube0-6977cdcb75-k9h9m   1/1     Running   0          32s
+```
+
+You can use your new builder by including the `--builder` flag when running
+buildx commands. For example (replacing `<user>` and `<image>` with your Docker
+Hub username and desired image output respectively):
+
+```console
+$ docker buildx build . \
+  --builder=kube \
+  -t <user>/<image> \
+  --push
+```
+
+## Scaling Buildkit
+
+One of the main advantages of the kubernetes builder is that you can easily
+scale your builder up and down to handle increased build load. These controls
+are exposed via the following options:
+
+- `replicas=N`
+  - This scales the number of buildkit pods to the desired size. By default,
+    only a single pod will be created, but increasing this allows taking of
+    advantage of multiple nodes in your cluster.
+- `requests.cpu`, `requests.memory`, `limits.cpu`, `limits.memory`
+  - These options allow requesting and limiting the resources available to each
+    buildkit pod according to the official kubernetes documentation
+    [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+    
+For example, to create 4 replica buildkit pods:
+
+```console
+$ docker buildx create \
+  --bootstrap \
+  --name=kube \
+  --driver=kubernetes \
+  --driver-opt=namespace=buildkit,replicas=4
+```
+
+Listing the pods, we get:
+
+```console
+$ kubectl -n buildkit get deployments
+NAME    READY   UP-TO-DATE   AVAILABLE   AGE
+kube0   4/4     4            4           8s
+
+$ kubectl -n buildkit get pods
+NAME                     READY   STATUS    RESTARTS   AGE
+kube0-6977cdcb75-48ld2   1/1     Running   0          8s
+kube0-6977cdcb75-rkc6b   1/1     Running   0          8s
+kube0-6977cdcb75-vb4ks   1/1     Running   0          8s
+kube0-6977cdcb75-z4fzs   1/1     Running   0          8s
+```
+    
+Additionally, you can use the `loadbalance=(sticky|random)` option to control
+the load-balancing behavior when there are multiple replicas. While `random`
+should selects random nodes from the available pool, which should provide
+better balancing across all replicas, `sticky` (the default) attempts to
+connect the same build performed multiple times to the same node each time,
+ensuring better local cache utilization.
+
+For more information on scalability, see the options for [buildx create](https://docs.docker.com/engine/reference/commandline/buildx_create/#kubernetes-driver-1).
+
+## Multi-arch builds
+
+The kubernetes buildx driver has support for creating [multi-architecture images](https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images),
+for easily building for multiple platforms at once.
+
+### QEMU
+
+Like the other containerized driver `docker-container`, the kubernetes driver
+also supports using [QEMU](https://www.qemu.org/) (user mode) to build
+non-native platforms. If using a default setup like above, no extra setup
+should be needed, you should just be able to start building for other
+architectures, by including the `--platform` flag.
+
+For example, to build a Linux image for `amd64` and `arm64`:
+
+```console
+$ docker buildx build . \
+  --builder=kube \
+  --platform=linux/amd64,linux/arm64 \
+  -t <user>/<image> \
+  --push
+```
+
+> **Warning**
+> QEMU performs full-system emulation of non-native platforms, which is *much*
+> slower than native builds. Compute-heavy tasks like compilation and
+> compression/decompression will likely take a large performance hit.
+
+Note, if you're using a custom buildkit image using the `image=<image>` driver
+option, or invoking non-native binaries from within your build, you may need to
+explicitly enable QEMU using the `qemu.install` option during driver creation:
+
+```console
+$ docker buildx create \
+  --bootstrap \
+  --name=kube \
+  --driver=kubernetes \
+  --driver-opt=namespace=buildkit,qemu.install=true
+```
+
+### Native
+
+If you have access to cluster nodes of different architectures, we can
+configure the kubernetes driver to take advantage of these for native builds.
+To do this, we need to use the `--append` feature of `docker buildx create`.
+
+To start, we can create our builder with explicit support for a single
+architecture, `amd64`:
+
+```console
+$ docker buildx create \
+  --bootstrap \
+  --name=kube \
+  --driver=kubernetes \
+  --platform=linux/amd64 \
+  --node=builder-amd64 \
+  --driver-opt=namespace=buildkit,nodeselector="kubernetes.io/arch=amd64"
+```
+
+This creates a buildx builder `kube` containing a single builder node `builder-amd64`.
+Note that the buildx concept of a node is not the same as the kubernetes
+concept of a node - the buildx node in this case could connect multiple
+kubernetes nodes of the same architecture together.
+
+With our `kube` driver created, we can now introduce another architecture into
+the mix, for example, like before we can use `arm64`:
+
+```console
+$ docker buildx create \
+  --append \
+  --bootstrap \
+  --name=kube \
+  --driver=kubernetes \
+  --platform=linux/arm64 \
+  --node=builder-arm64 \
+  --driver-opt=namespace=buildkit,nodeselector="kubernetes.io/arch=arm64"
+```
+
+If you list builders now, you should be able to see both nodes present:
+
+```console
+$ docker buildx ls
+NAME/NODE       DRIVER/ENDPOINT                                         STATUS   PLATFORMS
+kube            kubernetes                                                       
+  builder-amd64 kubernetes:///kube?deployment=builder-amd64&kubeconfig= running  linux/amd64*, linux/amd64/v2, linux/amd64/v3, linux/386
+  builder-arm64 kubernetes:///kube?deployment=builder-arm64&kubeconfig= running  linux/arm64*
+```
+
+You should now be able to build multi-arch images with `amd64` and `arm64`
+combined, by specifying those platforms together in your buildx command:
+
+```console
+$ docker buildx build --builder=kube --platform=linux/amd64,linux/arm64 -t <user>/<image> --push .
+```
+
+You can repeat the `buildx create --append` command for as many different
+architectures that you want to support.
+
+## Rootless mode
+
+The kubernetes driver supports rootless mode. For more information on how
+rootless mode works, and it's requirements, see [here](https://github.com/moby/buildkit/blob/master/docs/rootless.md).
+
+To enable it in your cluster, you can use the `rootless=true` driver option:
+
+```console
+$ docker buildx create \
+  --name=kube \
+  --driver=kubernetes \
+  --driver-opt=namespace=buildkit,rootless=true
+```
+
+This will create your pods without `securityContext.privileged`.