public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Use a multistage image to remove all redundancies on Dockerfiles (#2547) 

As all Kaniko variants should be upgraded at once, all following the same specifications, it is easier for maintainers to bump Go or other image dependencies in a single place.

On top of that, there were an issue building `ppc64le` images because of a semantic error on the if condition that checks the arch used.

Signed-off-by: Ferran Vidal <ferran.vidal.p@gmail.com>
This commit is contained in:
Ferran Vidal 2023-06-05 18:20:40 +02:00 committed by GitHub
parent f4dae004ef
commit 507fe00b42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 73 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/images.yaml vendored
View File

@ -32,28 +32,28 @@ jobs:
include:
- image: executor
dockerfile: ./deploy/Dockerfile
target: kaniko-executor
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
image-name: gcr.io/kaniko-project/executor
tag: ${{ github.sha }}
release-tag: latest
- image: executor-debug
dockerfile: ./deploy/Dockerfile_debug
target: kaniko-debug
platforms: linux/amd64,linux/arm64,linux/s390x
image-name: gcr.io/kaniko-project/executor
tag: ${{ github.sha }}-debug
release-tag: debug
- image: executor-slim
dockerfile: ./deploy/Dockerfile_slim
target: kaniko-slim
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
image-name: gcr.io/kaniko-project/executor
tag: ${{ github.sha }}-slim
release-tag: slim
- image: warmer
dockerfile: ./deploy/Dockerfile_warmer
target: kaniko-warmer
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
image-name: gcr.io/kaniko-project/warmer
tag: ${{ github.sha }}
@ -91,7 +91,7 @@ jobs:
id: build-and-push
with:
context: .
file: ${{ matrix.dockerfile }}
file: ./deploy/Dockerfile
platforms: ${{ steps.platforms.outputs.platforms }}
push: ${{ github.event_name != 'pull_request' }} # Only push if not a PR.
tags: ${{ matrix.image-name }}:${{ matrix.tag }}
@ -99,6 +99,7 @@ jobs:
# https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#github-cache
cache-from: type=gha
cache-to: type=gha,mode=max
target: ${{ matrix.target }}
# Sign images if not a PR.
- if: github.event_name != 'pull_request'

14
Makefile
View File

@ -48,10 +48,10 @@ export GOFLAGS = -mod=vendor
out/executor: $(GO_FILES)
GOARCH=$(GOARCH) GOOS=linux CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(EXECUTOR_PACKAGE)
GOARCH=$(GOARCH) GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(EXECUTOR_PACKAGE)
out/warmer: $(GO_FILES)
GOARCH=$(GOARCH) GOOS=linux CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(WARMER_PACKAGE)
GOARCH=$(GOARCH) GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(WARMER_PACKAGE)
.PHONY: install-container-diff
install-container-diff:
@ -93,17 +93,17 @@ integration-test-misc:
.PHONY: k8s-executor-build-push
k8s-executor-build-push:
DOCKER_BUILDKIT=1 docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile .
DOCKER_BUILDKIT=1 docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:latest -f deploy/Dockerfile --target kaniko-executor .
docker push $(REGISTRY)/executor:latest
.PHONY: images
images: DOCKER_BUILDKIT=1
images:
docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile .
docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:debug -f deploy/Dockerfile_debug .
docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:slim -f deploy/Dockerfile_slim .
docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile_warmer .
docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:latest -f deploy/Dockerfile --target kaniko-executor .
docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:debug -f deploy/Dockerfile --target kaniko-debug .
docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:slim -f deploy/Dockerfile --target kaniko-slim .
docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile --target kaniko-warmer .
.PHONY: push
push:

74
deploy/Dockerfile
View File

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM golang:1.20
FROM golang:1.20 AS builder
WORKDIR /src
# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
@ -20,6 +20,8 @@ ARG TARGETARCH
ARG TARGETOS
ENV GOARCH=$TARGETARCH
ENV GOOS=$TARGETOS
ENV CGO_ENABLED=0
ENV GOBIN=/usr/local/bin
@ -27,17 +29,19 @@ ENV GOBIN=/usr/local/bin
# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
# the existing compiled versions distributed in GitHub releases
ARG GCR_HELPER_VERSION="2.1.8"
# Checksums can be obtained from https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.1.8/checksums.txt
ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
RUN if [ $TARGETARCH = "ppc64le"]; then \
go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install pointing to the tag's commit
RUN if [ "$TARGETARCH" = "ppc64le" ]; then \
GCR_HELPER_COMMIT=$(git ls-remote -t https://github.com/GoogleCloudPlatform/docker-credential-gcr v$GCR_HELPER_VERSION | head -1 | awk '{print $1}') \
&& go install github.com/GoogleCloudPlatform/docker-credential-gcr@${GCR_HELPER_COMMIT}; \
else \
echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
&& curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
&& eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
&& echo "${GCR_HELPER_SHA} /tmp/gcr-helper.tar.gz" | sha256sum -c - \
&& tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
@ -56,30 +60,68 @@ COPY . .
RUN \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg \
make GOARCH=$TARGETARCH
make out/executor out/warmer
# Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates
FROM scratch
# Create kaniko directory with world write permission to allow non root run
# use musl busybox since it's staticly compiled
RUN --mount=from=busybox:musl,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"]
# use musl busybox since it's staticly compiled on all platforms
FROM busybox:musl AS busybox
FROM scratch AS kaniko-base-slim
# Create kaniko directory with world write permission to allow non root run
RUN --mount=from=busybox,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"]
COPY --from=0 /src/out/executor /kaniko/executor
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER root
ENV PATH /usr/local/bin:/kaniko
ENV SSL_CERT_DIR=/kaniko/ssl/certs
FROM kaniko-base-slim AS kaniko-base
COPY --from=builder --chown=0:0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=builder --chown=0:0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=builder --chown=0:0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=builder /kaniko/.docker /kaniko/.docker
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
WORKDIR /workspace
### FINAL STAGES ###
FROM kaniko-base AS kaniko-warmer
COPY --from=builder /src/out/warmer /kaniko/warmer
ENTRYPOINT ["/kaniko/warmer"]
FROM kaniko-base AS kaniko-executor
COPY --from=builder /src/out/executor /kaniko/executor
ENTRYPOINT ["/kaniko/executor"]
FROM kaniko-executor AS kaniko-debug
ENV PATH /usr/local/bin:/kaniko:/busybox
COPY --from=builder /src/out/warmer /kaniko/warmer
COPY --from=busybox /bin /busybox
# Declare /busybox as a volume to get it automatically in the path to ignore
VOLUME /busybox
RUN ["/busybox/mkdir", "-p", "/bin"]
RUN ["/busybox/ln", "-s", "/busybox/sh", "/bin/sh"]
FROM kaniko-base-slim AS kaniko-slim
COPY --from=builder /src/out/executor /kaniko/executor
ENTRYPOINT ["/kaniko/executor"]

94
deploy/Dockerfile_debug
View File

@ -1,94 +0,0 @@
# Copyright 2018 Google, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM golang:1.20
WORKDIR /src
# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
ARG TARGETARCH
ARG TARGETOS
ENV GOARCH=$TARGETARCH
ENV CGO_ENABLED=0
ENV GOBIN=/usr/local/bin
# Get GCR credential helper
# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
# the existing compiled versions distributed in GitHub releases
ARG GCR_HELPER_VERSION="2.1.8"
ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
RUN if [ $TARGETARCH = "ppc64le"]; then \
go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
else \
echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
&& curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
&& eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
&& echo "${GCR_HELPER_SHA} /tmp/gcr-helper.tar.gz" | sha256sum -c - \
&& tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
fi
# Get Amazon ECR credential helper
RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
# Get ACR docker env credential helper
RUN go install github.com/chrismellard/docker-credential-acr-env@82a0ddb2758901b711d9d1614755b77e401598a1
# Add .docker config dir
RUN mkdir -p /kaniko/.docker
COPY . .
RUN \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg \
make GOARCH=$TARGETARCH && \
make GOARCH=$TARGETARCH out/warmer
# Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates
# use musl busybox since it's staticly compiled on all platforms
FROM busybox:musl as busybox
FROM scratch
# Create kaniko directory with world write permission to allow non root run
RUN --mount=from=busybox,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"]
COPY --from=0 /src/out/executor /kaniko/executor
COPY --from=0 /src/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=busybox /bin /busybox
# Declare /busybox as a volume to get it automatically in the path to ignore
VOLUME /busybox
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER root
ENV PATH /usr/local/bin:/kaniko:/busybox
ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
WORKDIR /workspace
RUN ["/busybox/mkdir", "-p", "/bin"]
RUN ["/busybox/ln", "-s", "/busybox/sh", "/bin/sh"]
ENTRYPOINT ["/kaniko/executor"]

47
deploy/Dockerfile_slim
View File

@ -1,47 +0,0 @@
# Copyright 2020 Google, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Builds the static Go image to execute in a Kubernetes job
FROM golang:1.20
# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
ARG TARGETARCH
WORKDIR /src
COPY . .
RUN \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg \
make GOARCH=$TARGETARCH
# Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates
FROM scratch
# Create kaniko directory with world write permission to allow non root run
# use musl busybox since it's staticly compiled
RUN --mount=from=busybox:musl,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"]
COPY --from=0 /src/out/executor /kaniko/executor
COPY files/nsswitch.conf /etc/nsswitch.conf
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
ENV HOME /root
ENV USER root
ENV PATH /usr/local/bin:/kaniko
ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENTRYPOINT ["/kaniko/executor"]

84
deploy/Dockerfile_warmer
View File

@ -1,84 +0,0 @@
# Copyright 2018 Google, Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM golang:1.20
WORKDIR /src
# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
ARG TARGETARCH
ARG TARGETOS
ENV GOARCH=$TARGETARCH
ENV CGO_ENABLED=0
ENV GOBIN=/usr/local/bin
# Get GCR credential helper
# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
# the existing compiled versions distributed in GitHub releases
ARG GCR_HELPER_VERSION="2.1.8"
ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
RUN if [ $TARGETARCH = "ppc64le"]; then \
go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
else \
echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
&& curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
&& eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
&& echo "${GCR_HELPER_SHA} /tmp/gcr-helper.tar.gz" | sha256sum -c - \
&& tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
fi
# Get Amazon ECR credential helper
RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
# Get ACR docker env credential helper
RUN go install github.com/chrismellard/docker-credential-acr-env@82a0ddb2758901b711d9d1614755b77e401598a1
# Add .docker config dir
RUN mkdir -p /kaniko/.docker
COPY . .
RUN \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg \
make GOARCH=$TARGETARCH out/warmer
# Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates
FROM scratch
# Create kaniko directory with world write permission to allow non root run
# use musl busybox since it's staticly compiled
RUN --mount=from=busybox:musl,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"]
COPY --from=0 /src/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
ENV USER /root
ENV PATH /usr/local/bin:/kaniko
ENV SSL_CERT_DIR=/kaniko/ssl/certs
ENV DOCKER_CONFIG /kaniko/.docker/
ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
WORKDIR /workspace
ENTRYPOINT ["/kaniko/warmer"]

4
integration/integration_test.go
View File

@ -153,10 +153,10 @@ func buildRequiredImages() error {
command []string
}{{
name: "Building kaniko image",
command: []string{"docker", "build", "-t", ExecutorImage, "-f", "../deploy/Dockerfile", ".."},
command: []string{"docker", "build", "-t", ExecutorImage, "-f", "../deploy/Dockerfile", "--target", "kaniko-executor", ".."},
}, {
name: "Building cache warmer image",
command: []string{"docker", "build", "-t", WarmerImage, "-f", "../deploy/Dockerfile_warmer", ".."},
command: []string{"docker", "build", "-t", WarmerImage, "-f", "../deploy/Dockerfile", "--target", "kaniko-warmer", ".."},
}, {
name: "Building onbuild base image",
command: []string{"docker", "build", "-t", config.onbuildBaseImage, "-f", fmt.Sprintf("%s/Dockerfile_onbuild_base", dockerfilesPath), "."},