diff --git a/Makefile b/Makefile index 86e38cc92..7e4e8abf3 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ GOOS ?= $(shell go env GOOS) GOARCH = amd64 ORG := github.com/GoogleCloudPlatform PROJECT := k8s-container-builder -REGISTRY?=gcr.io/kbuild-project +REGISTRY?=gcr.io/kaniko-project REPOPATH ?= $(ORG)/$(PROJECT) @@ -32,23 +32,23 @@ GO_LDFLAGS := '-extldflags "-static"' GO_BUILD_TAGS := "containers_image_ostree_stub containers_image_openpgp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs exclude_graphdriver_overlay" EXECUTOR_PACKAGE = $(REPOPATH)/executor -KBUILD_PACKAGE = $(REPOPATH)/kbuild +KANIKO_PROJECT = $(REPOPATH)/kaniko out/executor: $(GO_FILES) GOARCH=$(GOARCH) GOOS=linux CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -tags $(GO_BUILD_TAGS) -o $@ $(EXECUTOR_PACKAGE) -out/kbuild: $(GO_FILES) - GOOS=$* GOARCH=$(GOARCH) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -tags $(GO_BUILD_TAGS) -o $@ $(KBUILD_PACKAGE) +out/kaniko: $(GO_FILES) + GOOS=$* GOARCH=$(GOARCH) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -tags $(GO_BUILD_TAGS) -o $@ $(KANIKO_PROJECT) .PHONY: test -test: out/executor out/kbuild +test: out/executor out/kaniko @ ./test.sh .PHONY: integration-test -integration-test: out/executor out/kbuild +integration-test: out/executor out/kaniko @ ./integration-test.sh .PHONY: images -images: out/executor out/kbuild +images: out/executor out/kaniko docker build -t $(REGISTRY)/executor:latest -f deploy/Dockerfile . diff --git a/README.md b/README.md index a0171eed9..b6184d978 100644 --- a/README.md +++ b/README.md @@ -1 +1,142 @@ -kbuild is a tool to build container images from a Dockerfile in a Kubernetes cluster. \ No newline at end of file +# kaniko + +kaniko is a tool to build unpriviliged container images from a Dockerfile. +kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. +This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. + +The majority of Dockerfile commands can be executed with kaniko, but we're still working on supporting the following commands: +* SHELL +* HEALTHCHECK +* STOPSIGNAL +* ONBUILD +* ARG + +We're currently in the process of building kaniko, so as of now it isn't production ready. +Please let us know if you have any feature requests or find any bugs! + +## How does kaniko work? + +The kaniko executor image is responsible for building an image from a Dockerfile and pushing it to a registry. +Within the executor image, we extract the filesystem of the base image (the FROM image in the Dockerfile). +We then execute the commands in the Dockerfile, snapshotting the filesystem in userspace after each one. +After each command, we append a layer of changed files to the base image (if there are any) and update image metadata. + +## kaniko Build Contexts +kaniko supports local directories and GCS buckets as build contexts. To specify a local directory, pass in the `--context` flag as an argument to the executor image. +To specify a GCS bucket, pass in the `--bucket` flag. +The GCS bucket should contain a compressed tar of the build context called `context.tar.gz`, which kaniko will unpack and use as the build context. + +To create `context.tar.gz`, run the following command: +```shell +tar -C -zcvf context.tar.gz . +``` + +Or, you can use [skaffold](https://github.com/GoogleCloudPlatform/skaffold) to create `context.tar.gz` by running +``` +skaffold docker context +``` + +We can copy over the compressed tar to a GCS bucket with gsutil: + +``` +gsutil cp context.tar.gz gs:// +``` + +## Running kaniko locally + +Requirements: +* Docker +* gcloud + +We can run the kaniko executor image locally in a Docker daemon to build and push an image from a Dockerfile. + +First, we want to load the executor image into the Docker daemon by running +```shell +make images +``` + +To run kaniko in Docker, run the following command: +```shell +./run_in_docker.sh +``` + +## Running kaniko in a Kubernetes cluster + +Requirements: +* Standard Kubernetes cluster +* Kubernetes Secret + +To run kaniko in a Kubernetes cluster, you will need a standard running Kubernetes cluster and a Kubernetes secret, which contains the auth required to push the final image. + +To create the secret, first you will need to create a service account in the Pantheon project you want to push the final image to, with `Storage Admin` permissions. +You can download a JSON key for this service account, and rename it `kaniko-secret.json`. +To create the secret, run: + +```shell +kubectl create secret generic kaniko-secret --from-file= +``` + +The Kubernetes Pod spec should look similar to this, with the args parameters filled in: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: kaniko +spec: + containers: + - name: kaniko + image: gcr.io/kaniko-project/executor:latest + args: ["--dockerfile=", + "--bucket=", + "--destination="] + volumeMounts: + - name: kaniko-secret + mountPath: /secret + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /secret/kaniko-secret.json + restartPolicy: Never + volumes: + - name: kaniko-secret + secret: + secretName: kaniko-secret +``` + +This example pulls the build context from a GCS bucket. +To use a local directory build context, you could consider using configMaps to mount in small build contexts. + +## Running kaniko in Google Container Builder +To run kaniko in GCB, add it to your build config as a build step: + +```yaml +steps: + - name: gcr.io/kaniko-project/executor:latest + args: ["--dockerfile=", + "--context=", + "--destination="] +``` +kaniko will build and push the final image in this build step. + +## Comparison with Other Tools + +Similar tools include: +* [img](https://github.com/genuinetools/img) +* [orca-build](https://github.com/cyphar/orca-build) +* [buildah](https://github.com/projectatomic/buildah) +* [FTL](https://github.com/GoogleCloudPlatform/runtimes-common/tree/master/ftl) + +All of these tools build container images with different approaches. +Both kaniko and img build unprivileged images, but they interpret “unprivileged” differently. +img builds as a non root user from within the container, while kaniko is run in an unprivileged environment with root access inside the container. + +orca-build depends on runC to build images from Dockerfiles; since kaniko doesn't use runC it doesn't require the use of kernel namespacing techniques. + +buildah requires the same root privilges as a Docker daemon does to run, while kaniko runs without any special privileges or permissions. + +FTL aims to achieve the fastest possible creation of Docker images for a subset of images. +It can be thought of as a special-case "fast path" that can be used in conjunction with the support for general Dockerfiles kaniko provides. + +## Community + +[kaniko-users](https://groups.google.com/forum/#!forum/kaniko-users) Google group diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 3020be1bc..37b07e01d 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -15,10 +15,11 @@ # Builds the static Go image to execute in a Kubernetes job FROM scratch -ADD out/executor /kbuild/executor +ADD out/executor /kaniko/executor ADD files/ca-certificates.crt /etc/ssl/certs/ ADD files/docker-credential-gcr /usr/local/bin/ ADD files/config.json /root/.docker/ +RUN ["docker-credential-gcr", "config", "--token-source=env"] ENV HOME /root ENV PATH /usr/local/bin -ENTRYPOINT ["/kbuild/executor"] +ENTRYPOINT ["/kaniko/executor"] diff --git a/executor/cmd/root.go b/executor/cmd/root.go index cc6e37815..1c938606a 100644 --- a/executor/cmd/root.go +++ b/executor/cmd/root.go @@ -50,13 +50,15 @@ func init() { var RootCmd = &cobra.Command{ Use: "executor", PersistentPreRunE: func(cmd *cobra.Command, args []string) error { - return util.SetLogLevel(logLevel) + if err := util.SetLogLevel(logLevel); err != nil { + return err + } + if err := resolveSourceContext(); err != nil { + return err + } + return checkDockerfilePath() }, Run: func(cmd *cobra.Command, args []string) { - if err := resolveSourceContext(); err != nil { - logrus.Error(err) - os.Exit(1) - } if err := execute(); err != nil { logrus.Error(err) os.Exit(1) @@ -64,6 +66,18 @@ var RootCmd = &cobra.Command{ }, } +func checkDockerfilePath() error { + if util.FilepathExists(dockerfilePath) { + return nil + } + // Otherwise, check if the path relative to the build context exists + if util.FilepathExists(filepath.Join(srcContext, dockerfilePath)) { + dockerfilePath = filepath.Join(srcContext, dockerfilePath) + return nil + } + return errors.New("please provide a valid path to a Dockerfile within the build context") +} + // resolveSourceContext unpacks the source context if it is a tar in a GCS bucket // it resets srcContext to be the path to the unpacked build context within the image func resolveSourceContext() error { @@ -83,11 +97,6 @@ func resolveSourceContext() error { } logrus.Debugf("Unpacked tar from %s to path %s", bucket, buildContextPath) srcContext = buildContextPath - // If path to dockerfile doesn't exist, assume it is in the unpacked tar - if !util.FilepathExists(dockerfilePath) { - logrus.Debugf("Expecting dockerfile to be located at %s within the tar build context", dockerfilePath) - dockerfilePath = filepath.Join(srcContext, dockerfilePath) - } return nil } diff --git a/integration_tests/dockerfiles/config_test_add.json b/integration_tests/dockerfiles/config_test_add.json index b6d7a2020..135cd04a3 100644 --- a/integration_tests/dockerfiles/config_test_add.json +++ b/integration_tests/dockerfiles/config_test_add.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-add:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-add:latest", + "Image1": "gcr.io/kaniko-test/docker-test-add:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-add:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_bucket_buildcontext.json b/integration_tests/dockerfiles/config_test_bucket_buildcontext.json index 690bbea5a..04c066831 100644 --- a/integration_tests/dockerfiles/config_test_bucket_buildcontext.json +++ b/integration_tests/dockerfiles/config_test_bucket_buildcontext.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-bucket-buildcontext:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-bucket-buildcontext:latest", + "Image1": "gcr.io/kaniko-test/docker-test-bucket-buildcontext:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-bucket-buildcontext:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_copy.json b/integration_tests/dockerfiles/config_test_copy.json index 6d222de51..c2fcf57d6 100644 --- a/integration_tests/dockerfiles/config_test_copy.json +++ b/integration_tests/dockerfiles/config_test_copy.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-copy:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-copy:latest", + "Image1": "gcr.io/kaniko-test/docker-test-copy:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-copy:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_extract_fs.json b/integration_tests/dockerfiles/config_test_extract_fs.json index a5b03a8e9..2143ed492 100644 --- a/integration_tests/dockerfiles/config_test_extract_fs.json +++ b/integration_tests/dockerfiles/config_test_extract_fs.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-extract-filesystem:latest", - "Image2": "gcr.io/kbuild-test/kbuild-extract-filesystem:latest", + "Image1": "gcr.io/kaniko-test/docker-extract-filesystem:latest", + "Image2": "gcr.io/kaniko-test/kaniko-extract-filesystem:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_run.json b/integration_tests/dockerfiles/config_test_run.json index 19cab3219..4bd52a28a 100644 --- a/integration_tests/dockerfiles/config_test_run.json +++ b/integration_tests/dockerfiles/config_test_run.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-run:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-run:latest", + "Image1": "gcr.io/kaniko-test/docker-test-run:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-run:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_run_2.json b/integration_tests/dockerfiles/config_test_run_2.json index 0301973df..11f48cbca 100644 --- a/integration_tests/dockerfiles/config_test_run_2.json +++ b/integration_tests/dockerfiles/config_test_run_2.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-run-2:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-run-2:latest", + "Image1": "gcr.io/kaniko-test/docker-test-run-2:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-run-2:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_volume.json b/integration_tests/dockerfiles/config_test_volume.json index 72e958d85..c4ba05ffe 100644 --- a/integration_tests/dockerfiles/config_test_volume.json +++ b/integration_tests/dockerfiles/config_test_volume.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-volume:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-volume:latest", + "Image1": "gcr.io/kaniko-test/docker-test-volume:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-volume:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/dockerfiles/config_test_workdir.json b/integration_tests/dockerfiles/config_test_workdir.json index c87503403..3b3fcefab 100644 --- a/integration_tests/dockerfiles/config_test_workdir.json +++ b/integration_tests/dockerfiles/config_test_workdir.json @@ -1,7 +1,7 @@ [ { - "Image1": "gcr.io/kbuild-test/docker-test-workdir:latest", - "Image2": "gcr.io/kbuild-test/kbuild-test-workdir:latest", + "Image1": "gcr.io/kaniko-test/docker-test-workdir:latest", + "Image2": "gcr.io/kaniko-test/kaniko-test-workdir:latest", "DiffType": "File", "Diff": { "Adds": null, diff --git a/integration_tests/integration_test_yaml.go b/integration_tests/integration_test_yaml.go index 3616d219a..f08dab881 100644 --- a/integration_tests/integration_test_yaml.go +++ b/integration_tests/integration_test_yaml.go @@ -26,12 +26,12 @@ const ( executorImage = "executor-image" dockerImage = "gcr.io/cloud-builders/docker" ubuntuImage = "ubuntu" - testRepo = "gcr.io/kbuild-test/" + testRepo = "gcr.io/kaniko-test/" dockerPrefix = "docker-" - kbuildPrefix = "kbuild-" + kanikoPrefix = "kaniko-" daemonPrefix = "daemon://" containerDiffOutputFile = "container-diff.json" - kbuildTestBucket = "kbuild-test-bucket" + kanikoTestBucket = "kaniko-test-bucket" buildcontextPath = "/workspace/integration_tests" dockerfilesPath = "/workspace/integration_tests/dockerfiles" ) @@ -41,8 +41,8 @@ var fileTests = []struct { dockerfilePath string configPath string dockerContext string - kbuildContext string - kbuildContextBucket bool + kanikoContext string + kanikoContextBucket bool repo string }{ { @@ -50,7 +50,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_extract_fs", configPath: "/workspace/integration_tests/dockerfiles/config_test_extract_fs.json", dockerContext: dockerfilesPath, - kbuildContext: dockerfilesPath, + kanikoContext: dockerfilesPath, repo: "extract-filesystem", }, { @@ -58,7 +58,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_run", configPath: "/workspace/integration_tests/dockerfiles/config_test_run.json", dockerContext: dockerfilesPath, - kbuildContext: dockerfilesPath, + kanikoContext: dockerfilesPath, repo: "test-run", }, { @@ -66,7 +66,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_run_2", configPath: "/workspace/integration_tests/dockerfiles/config_test_run_2.json", dockerContext: dockerfilesPath, - kbuildContext: dockerfilesPath, + kanikoContext: dockerfilesPath, repo: "test-run-2", }, { @@ -74,7 +74,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_copy", configPath: "/workspace/integration_tests/dockerfiles/config_test_copy.json", dockerContext: buildcontextPath, - kbuildContext: buildcontextPath, + kanikoContext: buildcontextPath, repo: "test-copy", }, { @@ -82,8 +82,8 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_copy", configPath: "/workspace/integration_tests/dockerfiles/config_test_bucket_buildcontext.json", dockerContext: buildcontextPath, - kbuildContext: kbuildTestBucket, - kbuildContextBucket: true, + kanikoContext: kanikoTestBucket, + kanikoContextBucket: true, repo: "test-bucket-buildcontext", }, { @@ -91,7 +91,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_workdir", configPath: "/workspace/integration_tests/dockerfiles/config_test_workdir.json", dockerContext: buildcontextPath, - kbuildContext: buildcontextPath, + kanikoContext: buildcontextPath, repo: "test-workdir", }, { @@ -99,7 +99,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_volume", configPath: "/workspace/integration_tests/dockerfiles/config_test_volume.json", dockerContext: buildcontextPath, - kbuildContext: buildcontextPath, + kanikoContext: buildcontextPath, repo: "test-volume", }, { @@ -107,7 +107,7 @@ var fileTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_add", configPath: "/workspace/integration_tests/dockerfiles/config_test_add.json", dockerContext: buildcontextPath, - kbuildContext: buildcontextPath, + kanikoContext: buildcontextPath, repo: "test-add", }, } @@ -117,7 +117,7 @@ var structureTests = []struct { dockerfilePath string structureTestYamlPath string dockerBuildContext string - kbuildContext string + kanikoContext string repo string }{ { @@ -125,7 +125,7 @@ var structureTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_env", repo: "test-env", dockerBuildContext: dockerfilesPath, - kbuildContext: dockerfilesPath, + kanikoContext: dockerfilesPath, structureTestYamlPath: "/workspace/integration_tests/dockerfiles/test_env.yaml", }, { @@ -133,7 +133,7 @@ var structureTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_metadata", repo: "test-metadata", dockerBuildContext: dockerfilesPath, - kbuildContext: dockerfilesPath, + kanikoContext: dockerfilesPath, structureTestYamlPath: "/workspace/integration_tests/dockerfiles/test_metadata.yaml", }, { @@ -141,7 +141,7 @@ var structureTests = []struct { dockerfilePath: "/workspace/integration_tests/dockerfiles/Dockerfile_test_user_run", repo: "test-user", dockerBuildContext: dockerfilesPath, - kbuildContext: dockerfilesPath, + kanikoContext: dockerfilesPath, structureTestYamlPath: "/workspace/integration_tests/dockerfiles/test_user.yaml", }, } @@ -182,7 +182,7 @@ func main() { } uploadTarBuildContext := step{ Name: "gcr.io/cloud-builders/gsutil", - Args: []string{"cp", "/workspace/context.tar.gz", "gs://kbuild-test-bucket/"}, + Args: []string{"cp", "/workspace/context.tar.gz", "gs://kaniko-test-bucket/"}, } // Build executor image @@ -201,27 +201,27 @@ func main() { Args: []string{"build", "-t", dockerImageTag, "-f", test.dockerfilePath, test.dockerContext}, } - // Then, buld the image with kbuild - kbuildImage := testRepo + kbuildPrefix + test.repo + // Then, buld the image with kaniko + kanikoImage := testRepo + kanikoPrefix + test.repo contextFlag := "--context" - if test.kbuildContextBucket { + if test.kanikoContextBucket { contextFlag = "--bucket" } - kbuild := step{ + kaniko := step{ Name: executorImage, - Args: []string{"--destination", kbuildImage, "--dockerfile", test.dockerfilePath, contextFlag, test.kbuildContext}, + Args: []string{"--destination", kanikoImage, "--dockerfile", test.dockerfilePath, contextFlag, test.kanikoContext}, } - // Pull the kbuild image - pullKbuildImage := step{ + // Pull the kaniko image + pullKanikoImage := step{ Name: dockerImage, - Args: []string{"pull", kbuildImage}, + Args: []string{"pull", kanikoImage}, } daemonDockerImage := daemonPrefix + dockerImageTag - daemonKbuildImage := daemonPrefix + kbuildImage + daemonKanikoImage := daemonPrefix + kanikoImage // Run container diff on the images - args := "container-diff-linux-amd64 diff " + daemonDockerImage + " " + daemonKbuildImage + " --type=file -j >" + containerDiffOutputFile + args := "container-diff-linux-amd64 diff " + daemonDockerImage + " " + daemonKanikoImage + " --type=file -j >" + containerDiffOutputFile containerDiff := step{ Name: ubuntuImage, Args: []string{"sh", "-c", args}, @@ -237,7 +237,7 @@ func main() { Args: []string{"cmp", test.configPath, containerDiffOutputFile}, } - y.Steps = append(y.Steps, dockerBuild, kbuild, pullKbuildImage, containerDiff, catContainerDiffOutput, compareOutputs) + y.Steps = append(y.Steps, dockerBuild, kaniko, pullKanikoImage, containerDiff, catContainerDiffOutput, compareOutputs) } for _, test := range structureTests { @@ -249,19 +249,19 @@ func main() { Args: []string{"build", "-t", dockerImageTag, "-f", test.dockerfilePath, test.dockerBuildContext}, } - // Build the image with kbuild - kbuildImage := testRepo + kbuildPrefix + test.repo - kbuild := step{ + // Build the image with kaniko + kanikoImage := testRepo + kanikoPrefix + test.repo + kaniko := step{ Name: executorImage, - Args: []string{"--destination", kbuildImage, "--dockerfile", test.dockerfilePath, "--context", test.kbuildContext}, + Args: []string{"--destination", kanikoImage, "--dockerfile", test.dockerfilePath, "--context", test.kanikoContext}, } - // Pull the kbuild image - pullKbuildImage := step{ + // Pull the kaniko image + pullKanikoImage := step{ Name: dockerImage, - Args: []string{"pull", kbuildImage}, + Args: []string{"pull", kanikoImage}, } - // Run structure tests on the kbuild and docker image - args := "container-structure-test -image " + kbuildImage + " " + test.structureTestYamlPath + // Run structure tests on the kaniko and docker image + args := "container-structure-test -image " + kanikoImage + " " + test.structureTestYamlPath structureTest := step{ Name: ubuntuImage, Args: []string{"sh", "-c", args}, @@ -274,7 +274,7 @@ func main() { Env: []string{"PATH=/workspace:/bin"}, } - y.Steps = append(y.Steps, dockerBuild, kbuild, pullKbuildImage, structureTest, dockerStructureTest) + y.Steps = append(y.Steps, dockerBuild, kaniko, pullKanikoImage, structureTest, dockerStructureTest) } d, _ := yaml.Marshal(&y) diff --git a/kbuild/cmd/root.go b/kaniko/cmd/root.go similarity index 86% rename from kbuild/cmd/root.go rename to kaniko/cmd/root.go index 0d7b9c05d..dc81e1a6c 100644 --- a/kbuild/cmd/root.go +++ b/kaniko/cmd/root.go @@ -21,9 +21,9 @@ import ( ) var RootCmd = &cobra.Command{ - Use: "kbuild", - Short: "kbuild is a CLI tool for building container images with full Dockerfile support without the need for Docker", - Long: `kbuild is a CLI tool for building container images with full Dockerfile support. It doesn't require Docker, + Use: "kaniko", + Short: "kaniko is a CLI tool for building container images with full Dockerfile support without the need for Docker", + Long: `kaniko is a CLI tool for building container images with full Dockerfile support. It doesn't require Docker, and builds the images in a Kubernetes cluster before pushing the final image to a registry.`, Run: func(cmd *cobra.Command, args []string) { }, diff --git a/kbuild/main.go b/kaniko/main.go similarity index 91% rename from kbuild/main.go rename to kaniko/main.go index 54046e53a..ba8a61643 100644 --- a/kbuild/main.go +++ b/kaniko/main.go @@ -18,7 +18,7 @@ package main import ( "fmt" - "github.com/GoogleCloudPlatform/k8s-container-builder/kbuild/cmd" + "github.com/GoogleCloudPlatform/k8s-container-builder/kaniko/cmd" "os" ) diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index f2f1709dd..004bb3c89 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -26,17 +26,17 @@ const ( // WorkspaceDir is the path to the workspace directory WorkspaceDir = "/workspace" - //KbuildDir is the path to the kbuild directory - KbuildDir = "/kbuild" + //KanikoDir is the path to the Kaniko directory + KanikoDir = "/kaniko" WhitelistPath = "/proc/self/mountinfo" - Author = "kbuild" + Author = "kaniko" // ContextTar is the default name of the tar uploaded to GCS buckets ContextTar = "context.tar.gz" // BuildContextDir is the directory a build context will be unpacked into, // for example, a tarball from a GCS bucket will be unpacked here - BuildContextDir = "/kbuild/buildcontext/" + BuildContextDir = "/kaniko/buildcontext/" ) diff --git a/pkg/snapshot/snapshot_test.go b/pkg/snapshot/snapshot_test.go index ef77e6f81..040669abe 100644 --- a/pkg/snapshot/snapshot_test.go +++ b/pkg/snapshot/snapshot_test.go @@ -39,7 +39,7 @@ func TestSnapshotFileChange(t *testing.T) { newFiles := map[string]string{ "foo": "newbaz1", "bar/bat": "baz", - "kbuild/bat": "bat", + "kaniko/bat": "bat", } if err := testutil.SetupFiles(testDir, newFiles); err != nil { t.Fatalf("Error setting up fs: %s", err) @@ -135,14 +135,14 @@ func TestSnapshotFiles(t *testing.T) { // Make some changes to the filesystem newFiles := map[string]string{ "foo": "newbaz1", - "kbuild/file": "bat", + "kaniko/file": "bat", } if err := testutil.SetupFiles(testDir, newFiles); err != nil { t.Fatalf("Error setting up fs: %s", err) } filesToSnapshot := []string{ filepath.Join(testDir, "foo"), - filepath.Join(testDir, "kbuild/file"), + filepath.Join(testDir, "kaniko/file"), } contents, err := snapshotter.TakeSnapshot(filesToSnapshot) if err != nil { @@ -199,7 +199,7 @@ func setUpTestDir() (string, *Snapshotter, error) { files := map[string]string{ "foo": "baz1", "bar/bat": "baz2", - "kbuild/file": "file", + "kaniko/file": "file", } // Set up initial files if err := testutil.SetupFiles(testDir, files); err != nil { diff --git a/pkg/util/bucket_util.go b/pkg/util/bucket_util.go index c96bb715c..043c2890f 100644 --- a/pkg/util/bucket_util.go +++ b/pkg/util/bucket_util.go @@ -25,7 +25,7 @@ import ( "path/filepath" ) -// UnpackTarFromGCSBucket unpacks the kbuild.tar file in the given bucket to the given directory +// UnpackTarFromGCSBucket unpacks the context.tar.gz file in the given bucket to the given directory func UnpackTarFromGCSBucket(bucketName, directory string) error { // Get the tar from the bucket tarPath, err := getTarFromBucket(bucketName, directory) @@ -41,7 +41,7 @@ func UnpackTarFromGCSBucket(bucketName, directory string) error { return os.Remove(tarPath) } -// getTarFromBucket gets kbuild.tar from the GCS bucket and saves it to the filesystem +// getTarFromBucket gets context.tar.gz from the GCS bucket and saves it to the filesystem // It returns the path to the tar file func getTarFromBucket(bucketName, directory string) (string, error) { ctx := context.Background() @@ -50,7 +50,7 @@ func getTarFromBucket(bucketName, directory string) (string, error) { return "", err } bucket := client.Bucket(bucketName) - // Get the tarfile kbuild.tar from the GCS bucket, and save it to a tar object + // Get the tarfile context.tar.gz from the GCS bucket, and save it to a tar object reader, err := bucket.Object(constants.ContextTar).NewReader(ctx) if err != nil { return "", err diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go index a97c75964..58815dbe2 100644 --- a/pkg/util/fs_util.go +++ b/pkg/util/fs_util.go @@ -30,7 +30,7 @@ import ( "time" ) -var whitelist = []string{"/kbuild"} +var whitelist = []string{"/kaniko"} var volumeWhitelist = []string{} // ExtractFileSystemFromImage pulls an image and unpacks it to a file system at root diff --git a/pkg/util/fs_util_test.go b/pkg/util/fs_util_test.go index c8ebc88cf..19bef1d9b 100644 --- a/pkg/util/fs_util_test.go +++ b/pkg/util/fs_util_test.go @@ -46,7 +46,7 @@ func Test_fileSystemWhitelist(t *testing.T) { } actualWhitelist, err := fileSystemWhitelist(path) - expectedWhitelist := []string{"/kbuild", "/proc", "/dev", "/dev/pts", "/sys"} + expectedWhitelist := []string{"/kaniko", "/proc", "/dev", "/dev/pts", "/sys"} sort.Strings(actualWhitelist) sort.Strings(expectedWhitelist) testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist) @@ -61,7 +61,7 @@ var tests = []struct { files: map[string]string{ "/workspace/foo/a": "baz1", "/workspace/foo/b": "baz2", - "/kbuild/file": "file", + "/kaniko/file": "file", }, directory: "/workspace/foo/", expectedFiles: []string{ @@ -84,7 +84,7 @@ var tests = []struct { "/workspace/foo/a": "baz1", "/workspace/foo/b": "baz2", "/workspace/baz": "hey", - "/kbuild/file": "file", + "/kaniko/file": "file", }, directory: "/workspace", expectedFiles: []string{ @@ -99,16 +99,16 @@ var tests = []struct { files: map[string]string{ "/workspace/foo/a": "baz1", "/workspace/foo/b": "baz2", - "/kbuild/file": "file", + "/kaniko/file": "file", }, directory: "", expectedFiles: []string{ "workspace/foo/a", "workspace/foo/b", - "kbuild/file", + "kaniko/file", "workspace", "workspace/foo", - "kbuild", + "kaniko", ".", }, }, diff --git a/run_in_docker.sh b/run_in_docker.sh index 50a0ca33f..dd90ea947 100755 --- a/run_in_docker.sh +++ b/run_in_docker.sh @@ -15,13 +15,13 @@ #!/bin/bash set -e -if [ $# -ne 2 ]; - then echo "Usage: run_in_docker.sh " +if [ $# -ne 3 ]; + then echo "Usage: run_in_docker.sh " fi - -context=$1 -tag=$2 +dockerfile=$1 +context=$2 +tag=$3 if [[ ! -e $HOME/.config/gcloud/application_default_credentials.json ]]; then echo "Application Default Credentials do not exist. Run [gcloud auth application-default login] to configure them" @@ -31,5 +31,5 @@ fi docker run \ -v $HOME/.config/gcloud:/root/.config/gcloud \ -v ${context}:/workspace \ - gcr.io/kbuild-project/executor:latest \ - /kbuild/executor -d ${tag} + gcr.io/kaniko-project/executor:latest \ + -f ${dockerfile} -d ${tag} -c /workspace/