From ab42a919a561b8f47acd268816d614b5a2b172d8 Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Mon, 15 Jun 2020 12:01:25 -0300 Subject: [PATCH 1/3] feat: recurse submodules Signed-off-by: Carlos Alexandro Becker --- pkg/buildcontext/git.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/buildcontext/git.go b/pkg/buildcontext/git.go index 18d6e2ded..a9b715c03 100644 --- a/pkg/buildcontext/git.go +++ b/pkg/buildcontext/git.go @@ -50,9 +50,10 @@ func (g *Git) UnpackTarFromBuildContext() (string, error) { directory := constants.BuildContextDir parts := strings.Split(g.context, "#") options := git.CloneOptions{ - URL: getGitPullMethod() + "://" + parts[0], - Auth: getGitAuth(), - Progress: os.Stdout, + URL: getGitPullMethod() + "://" + parts[0], + Auth: getGitAuth(), + Progress: os.Stdout, + RecurseSubmodules: git.DefaultSubmoduleRecursionDepth, } if len(parts) > 1 { options.ReferenceName = plumbing.ReferenceName(parts[1]) From 5f7872b0a82cce77fad0a3408104b2b7dd769091 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Tue, 16 Jun 2020 21:26:06 +0400 Subject: [PATCH 2/3] Fix README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5e0b7bdb7..bb5bdbd95 100644 --- a/README.md +++ b/README.md @@ -197,7 +197,7 @@ Complete example of how to interactively run kaniko with `.tar.gz` Standard Inpu echo -e 'FROM alpine \nRUN echo "created from standard input"' > Dockerfile | tar -cf - Dockerfile | gzip -9 | kubectl run kaniko \ --rm --stdin=true \ --image=gcr.io/kaniko-project/executor:latest --restart=Never \ ---overrides='{ +--overrides='{ "apiVersion": "v1", "spec": { "containers": [ @@ -211,12 +211,12 @@ echo -e 'FROM alpine \nRUN echo "created from standard input"' > Dockerfile | ta "--context=tar://stdin", "--destination=gcr.io/my-repo/my-image" ], "volumeMounts": [ - { + { "name": "cabundle", "mountPath": "/kaniko/ssl/certs/" }, - { - "name": "docker-config", + { + "name": "docker-config", "mountPath": "/kaniko/.docker/" }] }], @@ -225,9 +225,9 @@ echo -e 'FROM alpine \nRUN echo "created from standard input"' > Dockerfile | ta "name": "cabundle", "configMap": { "name": "cabundle"}}, - { + { "name": "docker-config", - "configMap": { + "configMap": { "name": "docker-config" }} ] } @@ -613,7 +613,7 @@ Set this flag as `--log-format=` to set the log format. Default #### --log-timestamp -Set this flag as `--log-format=` to add timestamps to `` log format. Defaults to `false`. +Set this flag as `--log-timestamp=` to add timestamps to `` log format. Defaults to `false`. #### --whitelist-var-run From c42881410c90ff36fa97f4089cdd1ff2557057ba Mon Sep 17 00:00:00 2001 From: Jon Johnson Date: Tue, 23 Jun 2020 10:45:33 -0700 Subject: [PATCH 3/3] Add pkg.dev to automagic config file population Kaniko currently does config file setup for GCR such that pushing to GCR automagically works. This change does the same for pkg.dev: https://cloud.google.com/artifact-registry This also tightens up the hostname check to ensure we don't send credentials to a registry that happens to contain "gcr.io". --- pkg/executor/push.go | 9 +++++---- pkg/executor/push_test.go | 4 ++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/pkg/executor/push.go b/pkg/executor/push.go index 623c92525..d0733eb15 100644 --- a/pkg/executor/push.go +++ b/pkg/executor/push.go @@ -105,19 +105,20 @@ func CheckPushPermissions(opts *config.KanikoOptions) error { continue } + registryName := destRef.Repository.Registry.Name() // Historically kaniko was pre-configured by default with gcr credential helper, // in here we keep the backwards compatibility by enabling the GCR helper only - // when gcr.io is in one of the destinations. - if strings.Contains(destRef.RegistryStr(), "gcr.io") { + // when gcr.io (or pkg.dev) is in one of the destinations. + if registryName == "gcr.io" || strings.HasSuffix(registryName, ".gcr.io") || strings.HasSuffix(registryName, ".pkg.dev") { // Checking for existence of docker.config as it's normally required for // authenticated registries and prevent overwriting user provided docker conf if _, err := fs.Stat(DockerConfLocation()); os.IsNotExist(err) { - if err := execCommand("docker-credential-gcr", "configure-docker").Run(); err != nil { + flags := fmt.Sprintf("--registries=%s", registryName) + if err := execCommand("docker-credential-gcr", "configure-docker", flags).Run(); err != nil { return errors.Wrap(err, "error while configuring docker-credential-gcr helper") } } } - registryName := destRef.Repository.Registry.Name() if opts.Insecure || opts.InsecureRegistries.Contains(registryName) { newReg, err := name.NewRegistry(registryName, name.WeakValidation, name.Insecure) if err != nil { diff --git a/pkg/executor/push_test.go b/pkg/executor/push_test.go index 2fd36f23c..f7699ce19 100644 --- a/pkg/executor/push_test.go +++ b/pkg/executor/push_test.go @@ -299,8 +299,12 @@ func TestCheckPushPermissions(t *testing.T) { }{ {"gcr.io/test-image", true, false}, {"gcr.io/test-image", false, true}, + {"us-docker.pkg.dev/test-image", true, false}, + {"us-docker.pkg.dev/test-image", false, true}, {"localhost:5000/test-image", false, false}, {"localhost:5000/test-image", false, true}, + {"notgcr.io/test-image", false, false}, + {"notgcr.io/test-image", false, true}, } execCommand = fakeExecCommand