Tejal Desai
parent
4919fb5bca
commit
c8b19894bb
|
|
@ -63,7 +63,6 @@ _If you are interested in contributing to kaniko, see [DEVELOPMENT.md](DEVELOPME
|
|||
- [--single-snapshot](#--single-snapshot)
|
||||
- [--skip-tls-verify](#--skip-tls-verify)
|
||||
- [--skip-tls-verify-pull](#--skip-tls-verify-pull)
|
||||
- [--additional-whitelist](#--additional-whitelist)
|
||||
- [--snapshotMode](#--snapshotmode)
|
||||
- [--target](#--target)
|
||||
- [--tarPath](#--tarpath)
|
||||
|
|
@ -494,9 +493,6 @@ Set this flag to skip TLS certificate validation when pushing to a registry. It
|
|||
|
||||
Set this flag to skip TLS certificate validation when pulling from a registry. It is supposed to be used for testing purposes only and should not be used in production!
|
||||
|
||||
#### --additional-whitelist
|
||||
Set this flag with a list of filepaths and Kaniko will ignore these paths during the build. Useful for improving build performance on large filesystems.
|
||||
|
||||
#### --snapshotMode
|
||||
|
||||
You can set the `--snapshotMode=<full (default), time>` flag to set how kaniko will snapshot the filesystem.
|
||||
|
|
|
|||
|
|
@ -75,6 +75,12 @@ var RootCmd = &cobra.Command{
|
|||
return errors.New("You must provide --destination if setting ImageNameDigestFile")
|
||||
}
|
||||
|
||||
if additionalWhitelist == nil {
|
||||
additionalWhitelist = []string{
|
||||
"/var/run",
|
||||
}
|
||||
}
|
||||
|
||||
for _, path := range additionalWhitelist {
|
||||
util.AddToWhitelist(path)
|
||||
}
|
||||
|
|
@ -152,7 +158,7 @@ func addKanikoOptionsFlags() {
|
|||
|
||||
// We use nil as the default value so we can differentiate between the flag passed
|
||||
// with an empty list and the flag not set
|
||||
RootCmd.PersistentFlags().StringSliceVar(&additionalWhitelist, "additional-whitelist", []string{}, "Paths to whitelist. These will be ignored by kaniko to improve performance.")
|
||||
RootCmd.PersistentFlags().StringSliceVar(&additionalWhitelist, "additional-whitelist", nil, "Paths to whitelist. These will be ignored be kaniko to improve performance.")
|
||||
}
|
||||
|
||||
// addHiddenFlags marks certain flags as hidden from the executor help text
|
||||
|
|
|
|||
|
|
@ -38,12 +38,26 @@ import (
|
|||
)
|
||||
|
||||
func Test_DetectFilesystemWhitelist(t *testing.T) {
|
||||
type testcase struct {
|
||||
desc string
|
||||
additionalWhitelist []string
|
||||
expectedWhitelist []WhitelistEntry
|
||||
testDir, err := ioutil.TempDir("", "")
|
||||
if err != nil {
|
||||
t.Fatalf("Error creating tempdir: %s", err)
|
||||
}
|
||||
fileContents := `
|
||||
228 122 0:90 / / rw,relatime - aufs none rw,si=f8e2406af90782bc,dio,dirperm1
|
||||
229 228 0:98 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
|
||||
230 228 0:99 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755
|
||||
231 230 0:100 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
|
||||
232 228 0:101 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro`
|
||||
|
||||
path := filepath.Join(testDir, "mountinfo")
|
||||
if err := os.MkdirAll(filepath.Dir(path), 0750); err != nil {
|
||||
t.Fatalf("Error creating tempdir: %s", err)
|
||||
}
|
||||
if err := ioutil.WriteFile(path, []byte(fileContents), 0644); err != nil {
|
||||
t.Fatalf("Error writing file contents to %s: %s", path, err)
|
||||
}
|
||||
|
||||
err = DetectFilesystemWhitelist(path)
|
||||
expectedWhitelist := []WhitelistEntry{
|
||||
{"/kaniko", false},
|
||||
{"/proc", false},
|
||||
|
|
@ -52,82 +66,36 @@ func Test_DetectFilesystemWhitelist(t *testing.T) {
|
|||
{"/sys", false},
|
||||
{"/etc/mtab", false},
|
||||
}
|
||||
actualWhitelist := whitelist
|
||||
sort.Slice(actualWhitelist, func(i, j int) bool {
|
||||
return actualWhitelist[i].Path < actualWhitelist[j].Path
|
||||
})
|
||||
sort.Slice(expectedWhitelist, func(i, j int) bool {
|
||||
return expectedWhitelist[i].Path < expectedWhitelist[j].Path
|
||||
})
|
||||
testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist)
|
||||
|
||||
testCases := []testcase{
|
||||
{
|
||||
desc: "no additional whitelist",
|
||||
expectedWhitelist: expectedWhitelist,
|
||||
},
|
||||
{
|
||||
desc: "one additional whitelist - /var/run",
|
||||
additionalWhitelist: []string{"/var/run"},
|
||||
expectedWhitelist: append(expectedWhitelist, WhitelistEntry{"/var/run", false}),
|
||||
},
|
||||
{
|
||||
desc: "two additional whitelist - /var/run, /usr/bin",
|
||||
additionalWhitelist: []string{"/var/run", "/usr/bin"},
|
||||
expectedWhitelist: append(
|
||||
expectedWhitelist,
|
||||
WhitelistEntry{"/var/run", false},
|
||||
WhitelistEntry{"/usr/bin", false},
|
||||
),
|
||||
},
|
||||
}
|
||||
tmpInitial := make([]WhitelistEntry, len(initialWhitelist))
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.desc, func(t *testing.T) {
|
||||
expectedWhitelist := tc.expectedWhitelist
|
||||
additionalWhitelist := tc.additionalWhitelist
|
||||
copy(tmpInitial, initialWhitelist)
|
||||
defer func() {
|
||||
initialWhitelist = tmpInitial
|
||||
}()
|
||||
|
||||
tmpWhitelist := make([]WhitelistEntry, len(initialWhitelist))
|
||||
copy(tmpWhitelist, initialWhitelist)
|
||||
AddToWhitelist("/var/run")
|
||||
|
||||
testDir, err := ioutil.TempDir("", "")
|
||||
if err != nil {
|
||||
t.Fatalf("Error creating tempdir: %s", err)
|
||||
}
|
||||
fileContents := `
|
||||
228 122 0:90 / / rw,relatime - aufs none rw,si=f8e2406af90782bc,dio,dirperm1
|
||||
229 228 0:98 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
|
||||
230 228 0:99 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755
|
||||
231 230 0:100 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
|
||||
232 228 0:101 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro`
|
||||
err = DetectFilesystemWhitelist(path)
|
||||
expectedWhitelist = append(expectedWhitelist,
|
||||
WhitelistEntry{"/var/run", false})
|
||||
|
||||
path := filepath.Join(testDir, "mountinfo")
|
||||
if err := os.MkdirAll(filepath.Dir(path), 0750); err != nil {
|
||||
t.Fatalf("Error creating tempdir: %s", err)
|
||||
}
|
||||
if err := ioutil.WriteFile(path, []byte(fileContents), 0644); err != nil {
|
||||
t.Fatalf("Error writing file contents to %s: %s", path, err)
|
||||
}
|
||||
|
||||
for _, wl := range additionalWhitelist {
|
||||
AddToWhitelist(wl)
|
||||
}
|
||||
|
||||
err = DetectFilesystemWhitelist(path)
|
||||
actualWhitelist := whitelist
|
||||
|
||||
if len(actualWhitelist) != len(expectedWhitelist) {
|
||||
t.Errorf(
|
||||
"expected whitelist to have %d items but was %d",
|
||||
len(expectedWhitelist),
|
||||
len(actualWhitelist),
|
||||
)
|
||||
}
|
||||
|
||||
sort.Slice(actualWhitelist, func(i, j int) bool {
|
||||
return actualWhitelist[i].Path < actualWhitelist[j].Path
|
||||
})
|
||||
sort.Slice(expectedWhitelist, func(i, j int) bool {
|
||||
return expectedWhitelist[i].Path < expectedWhitelist[j].Path
|
||||
})
|
||||
|
||||
testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist)
|
||||
|
||||
initialWhitelist = tmpWhitelist
|
||||
})
|
||||
}
|
||||
actualWhitelist = whitelist
|
||||
sort.Slice(actualWhitelist, func(i, j int) bool {
|
||||
return actualWhitelist[i].Path < actualWhitelist[j].Path
|
||||
})
|
||||
sort.Slice(expectedWhitelist, func(i, j int) bool {
|
||||
return expectedWhitelist[i].Path < expectedWhitelist[j].Path
|
||||
})
|
||||
testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist)
|
||||
}
|
||||
|
||||
var tests = []struct {
|
||||
|
|
|
|||
Loading…
Reference in New Issue