How to secure a Tekton-based Build of Container Images on Kubernetes

The Build Kubernetes API project is an API to build container-images on Kubernetes using popular strategies and tools buildpack-v3, kaniko and buildah. The Build Kubernetes API has two CRDs (the Build and BuildRun) to register a strategy and then start the actual application builds using a registered strategy. RedHat and IBM work together to create a production ready Build service API for end users, which leverages the security of building inside a cluster and aims to improve the developer user experience. Security Compliance is an important feature in the project. The solution is based on Kubernetes RBAC and Pod Security Policy to make sure the container-images build process is executed smoothly and without any catastrophic destruction on the Kubernetes cluster. The build applies to source code that is Docker or Docker-less build based, and uses popular strategies like Buildpack-v3, Kaniko and Buildah to achieve this.