Add README and update name to kaniko

2018-04-02 11:05:23 -07:00 · 2018-04-02 11:05:23 -07:00 · fad0d25aec
parent 976afd1992
commit fad0d25aec
14 changed files with 91 additions and 56 deletions
--- a/14
+++ b/14
@ -23,7 +23,7 @@ GOOS ?= $(shell go env GOOS)
 GOARCH = amd64
 ORG := github.com/GoogleCloudPlatform
 PROJECT := k8s-container-builder
-REGISTRY?=gcr.io/kbuild-project
+REGISTRY?=gcr.io/kaniko-project

 REPOPATH ?= $(ORG)/$(PROJECT)

@ -32,23 +32,23 @@ GO_LDFLAGS := '-extldflags "-static"'
 GO_BUILD_TAGS := "containers_image_ostree_stub containers_image_openpgp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs exclude_graphdriver_overlay"

 EXECUTOR_PACKAGE = $(REPOPATH)/executor
-KBUILD_PACKAGE = $(REPOPATH)/kbuild
+KANIKO_PROJECT = $(REPOPATH)/kaniko

 out/executor: $(GO_FILES)
 	GOOS=$* GOARCH=$(GOARCH) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -tags $(GO_BUILD_TAGS) -o $@ $(EXECUTOR_PACKAGE)


-out/kbuild: $(GO_FILES)
-	GOOS=$* GOARCH=$(GOARCH) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -tags $(GO_BUILD_TAGS) -o $@ $(KBUILD_PACKAGE)
+out/kaniko: $(GO_FILES)
+	GOOS=$* GOARCH=$(GOARCH) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -tags $(GO_BUILD_TAGS) -o $@ $(KANIKO_PROJECT)

 .PHONY: test
-test: out/executor out/kbuild
+test: out/executor out/kaniko
 	@ ./test.sh

 .PHONY: integration-test
-integration-test: out/executor out/kbuild
+integration-test: out/executor out/kaniko
 	@ ./integration-test.sh

 .PHONY: images
-images: out/executor out/kbuild
+images: out/executor out/kaniko
 	docker build -t $(REGISTRY)/executor:latest -f deploy/Dockerfile .
--- a/README.md
+++ b/README.md
@ -1 +1,36 @@
-kbuild is a tool to build container images from a Dockerfile in a Kubernetes cluster.
+# kaniko
+
+kaniko is a tool to build container images from a Dockerfile without a Docker daemon. This enables building container images in unpriviliged environments, which can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. 
+
+The majority of Dockerfile commands can be executed with kaniko, but we're still working on supporting the following commands:
+    * ADD
+    * SHELL
+    * HEALTHCHECK
+    * STOPSIGNAL
+    * ONBUILD
+    * ARG
+    * VOLUME
+
+We're currently in the process of building kaniko, so as of now it isn't production ready. Please let us know if you have any feature requests or find any bugs!
+
+## Running kaniko in a Kubernetes cluster
+
+kaniko runs as an image, which is responsible for building the final image from a Dockerfile and pushing it to a GCR registry.
+
+`make images`
+
+The image takes in three arguments: a path to a Dockerfile, a path to a build context, and the GCR registry the final image should be pushed to (in the form gcr.io/$PROJECT/$IMAGE:$TAG)
+
+
+## Comparison with Other Tools
+
+Similar tools include:
+    * [img](https://github.com/genuinetools/img)
+    * [orca-build](https://github.com/cyphar/orca-build)
+    * [buildah](https://github.com/projectatomic/buildah)
+
+All of these tools build container images; however, the way in which they accomplish this differs from kaniko. Both kaniko and img build unprivileged images, but they interpret “unprivileged” differently. img builds as a non root user from within the container, while kaniko is run in an unprivileged environment with root access inside the container. 
+
+Unlike orca-build, kaniko doesn't use runC to build images. Instead, it runs as a root user within the container.
+
+buildah requires the same root privilges as a Docker daemon does to run, while kaniko runs without any special privileges or permissions.  
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@ -15,7 +15,7 @@
 # Builds the static Go image to execute in a Kubernetes job

 FROM scratch
-ADD out/executor /kbuild/executor
+ADD out/executor /kaniko/executor
 ADD files/ca-certificates.crt /etc/ssl/certs/
 ADD files/docker-credential-gcr /usr/local/bin/
 ADD files/config.json /root/.docker/
--- a/integration_tests/dockerfiles/config_test_copy.json
+++ b/integration_tests/dockerfiles/config_test_copy.json
@ -1,7 +1,7 @@
 [
  {
-    "Image1": "gcr.io/kbuild-test/docker-test-copy:latest",
-    "Image2": "gcr.io/kbuild-test/kbuild-test-copy:latest",
+    "Image1": "gcr.io/kaniko-test/docker-test-copy:latest",
+    "Image2": "gcr.io/kaniko-test/kaniko-test-copy:latest",
    "DiffType": "File",
    "Diff": {
      "Adds": null,
--- a/integration_tests/dockerfiles/config_test_extract_fs.json
+++ b/integration_tests/dockerfiles/config_test_extract_fs.json
@ -1,7 +1,7 @@
 [
  {
-    "Image1": "gcr.io/kbuild-test/docker-extract-filesystem:latest",
-    "Image2": "gcr.io/kbuild-test/kbuild-extract-filesystem:latest",
+    "Image1": "gcr.io/kaniko-test/docker-extract-filesystem:latest",
+    "Image2": "gcr.io/kaniko-test/kaniko-extract-filesystem:latest",
    "DiffType": "File",
    "Diff": {
      "Adds": null,
--- a/integration_tests/dockerfiles/config_test_run.json
+++ b/integration_tests/dockerfiles/config_test_run.json
@ -1,7 +1,7 @@
 [
  {
-    "Image1": "gcr.io/kbuild-test/docker-test-run:latest",
-    "Image2": "gcr.io/kbuild-test/kbuild-test-run:latest",
+    "Image1": "gcr.io/kaniko-test/docker-test-run:latest",
+    "Image2": "gcr.io/kaniko-test/kaniko-test-run:latest",
    "DiffType": "File",
    "Diff": {
      "Adds": null,
--- a/integration_tests/dockerfiles/config_test_run_2.json
+++ b/integration_tests/dockerfiles/config_test_run_2.json
@ -1,7 +1,7 @@
 [
  {
-    "Image1": "gcr.io/kbuild-test/docker-test-run-2:latest",
-    "Image2": "gcr.io/kbuild-test/kbuild-test-run-2:latest",
+    "Image1": "gcr.io/kaniko-test/docker-test-run-2:latest",
+    "Image2": "gcr.io/kaniko-test/kaniko-test-run-2:latest",
    "DiffType": "File",
    "Diff": {
      "Adds": null,
--- a/integration_tests/integration_test_yaml.go
+++ b/integration_tests/integration_test_yaml.go
@ -93,12 +93,12 @@ type testyaml struct {
 }

 var executorImage = "executor-image"
-var executorCommand = "/kbuild/executor"
+var executorCommand = "/kaniko/executor"
 var dockerImage = "gcr.io/cloud-builders/docker"
 var ubuntuImage = "ubuntu"
-var testRepo = "gcr.io/kbuild-test/"
+var testRepo = "gcr.io/kaniko-test/"
 var dockerPrefix = "docker-"
-var kbuildPrefix = "kbuild-"
+var kanikoPrefix = "kaniko-"
 var daemonPrefix = "daemon://"
 var containerDiffOutputFile = "container-diff.json"

@ -137,23 +137,23 @@ func main() {
 			Args: []string{"build", "-t", dockerImageTag, "-f", test.dockerfilePath, test.context},
 		}

-		// Then, buld the image with kbuild
-		kbuildImage := testRepo + kbuildPrefix + test.repo
-		kbuild := step{
+		// Then, buld the image with kaniko
+		kanikoImage := testRepo + kanikoPrefix + test.repo
+		kaniko := step{
 			Name: executorImage,
-			Args: []string{executorCommand, "--destination", kbuildImage, "--dockerfile", test.dockerfilePath, "--context", test.context},
+			Args: []string{executorCommand, "--destination", kanikoImage, "--dockerfile", test.dockerfilePath, "--context", test.context},
 		}

-		// Pull the kbuild image
-		pullKbuildImage := step{
+		// Pull the kaniko image
+		pullKanikoImage := step{
 			Name: dockerImage,
-			Args: []string{"pull", kbuildImage},
+			Args: []string{"pull", kanikoImage},
 		}

 		daemonDockerImage := daemonPrefix + dockerImageTag
-		daemonKbuildImage := daemonPrefix + kbuildImage
+		daemonKanikoImage := daemonPrefix + kanikoImage
 		// Run container diff on the images
-		args := "container-diff-linux-amd64 diff " + daemonDockerImage + " " + daemonKbuildImage + " --type=file -j >" + containerDiffOutputFile
+		args := "container-diff-linux-amd64 diff " + daemonDockerImage + " " + daemonKanikoImage + " --type=file -j >" + containerDiffOutputFile
 		containerDiff := step{
 			Name: ubuntuImage,
 			Args: []string{"sh", "-c", args},
@ -169,7 +169,7 @@ func main() {
 			Args: []string{"cmp", test.configPath, containerDiffOutputFile},
 		}

-		y.Steps = append(y.Steps, dockerBuild, kbuild, pullKbuildImage, containerDiff, catContainerDiffOutput, compareOutputs)
+		y.Steps = append(y.Steps, dockerBuild, kaniko, pullKanikoImage, containerDiff, catContainerDiffOutput, compareOutputs)
 	}

 	for _, test := range structureTests {
@ -181,19 +181,19 @@ func main() {
 			Args: []string{"build", "-t", dockerImageTag, "-f", test.dockerfilePath, test.dockerBuildContext},
 		}

-		// Build the image with kbuild
-		kbuildImage := testRepo + kbuildPrefix + test.repo
-		kbuild := step{
+		// Build the image with kaniko
+		kanikoImage := testRepo + kanikoPrefix + test.repo
+		kaniko := step{
 			Name: executorImage,
-			Args: []string{executorCommand, "--destination", kbuildImage, "--dockerfile", test.dockerfilePath},
+			Args: []string{executorCommand, "--destination", kanikoImage, "--dockerfile", test.dockerfilePath},
 		}
-		// Pull the kbuild image
-		pullKbuildImage := step{
+		// Pull the kaniko image
+		pullKanikoImage := step{
 			Name: dockerImage,
-			Args: []string{"pull", kbuildImage},
+			Args: []string{"pull", kanikoImage},
 		}
-		// Run structure tests on the kbuild and docker image
-		args := "container-structure-test -image " + kbuildImage + " " + test.structureTestYamlPath
+		// Run structure tests on the kaniko and docker image
+		args := "container-structure-test -image " + kanikoImage + " " + test.structureTestYamlPath
 		structureTest := step{
 			Name: ubuntuImage,
 			Args: []string{"sh", "-c", args},
@ -206,7 +206,7 @@ func main() {
 			Env:  []string{"PATH=/workspace:/bin"},
 		}

-		y.Steps = append(y.Steps, dockerBuild, kbuild, pullKbuildImage, structureTest, dockerStructureTest)
+		y.Steps = append(y.Steps, dockerBuild, kaniko, pullKanikoImage, structureTest, dockerStructureTest)
 	}

 	d, _ := yaml.Marshal(&y)
--- a/kaniko/cmd/root.go
+++ b/kaniko/cmd/root.go
@ -21,9 +21,9 @@ import (
 )

 var RootCmd = &cobra.Command{
-	Use:   "kbuild",
-	Short: "kbuild is a CLI tool for building container images with full Dockerfile support without the need for Docker",
-	Long: `kbuild is a CLI tool for building container images with full Dockerfile support. It doesn't require Docker,
+	Use:   "kaniko",
+	Short: "kaniko is a CLI tool for building container images with full Dockerfile support without the need for Docker",
+	Long: `kaniko is a CLI tool for building container images with full Dockerfile support. It doesn't require Docker,
 			and builds the images in a Kubernetes cluster before pushing the final image to a registry.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
--- a/kaniko/main.go
+++ b/kaniko/main.go
@ -18,7 +18,7 @@ package main

 import (
 	"fmt"
-	"github.com/GoogleCloudPlatform/k8s-container-builder/kbuild/cmd"
+	"github.com/GoogleCloudPlatform/k8s-container-builder/kaniko/cmd"
 	"os"
 )

--- a/pkg/constants/constants.go
+++ b/pkg/constants/constants.go
@ -28,5 +28,5 @@ const (

 	WhitelistPath = "/proc/self/mountinfo"

-	Author = "kbuild"
+	Author = "kaniko"
 )
--- a/pkg/snapshot/snapshot_test.go
+++ b/pkg/snapshot/snapshot_test.go
@ -39,7 +39,7 @@ func TestSnapshotFileChange(t *testing.T) {
 	newFiles := map[string]string{
 		"foo":        "newbaz1",
 		"bar/bat":    "baz",
-		"kbuild/bat": "bat",
+		"kaniko/bat": "bat",
 	}
 	if err := testutil.SetupFiles(testDir, newFiles); err != nil {
 		t.Fatalf("Error setting up fs: %s", err)
@ -135,14 +135,14 @@ func TestSnapshotFiles(t *testing.T) {
 	// Make some changes to the filesystem
 	newFiles := map[string]string{
 		"foo":         "newbaz1",
-		"kbuild/file": "bat",
+		"kaniko/file": "bat",
 	}
 	if err := testutil.SetupFiles(testDir, newFiles); err != nil {
 		t.Fatalf("Error setting up fs: %s", err)
 	}
 	filesToSnapshot := []string{
 		filepath.Join(testDir, "foo"),
-		filepath.Join(testDir, "kbuild/file"),
+		filepath.Join(testDir, "kaniko/file"),
 	}
 	contents, err := snapshotter.TakeSnapshot(filesToSnapshot)
 	if err != nil {
@ -199,7 +199,7 @@ func setUpTestDir() (string, *Snapshotter, error) {
 	files := map[string]string{
 		"foo":         "baz1",
 		"bar/bat":     "baz2",
-		"kbuild/file": "file",
+		"kaniko/file": "file",
 	}
 	// Set up initial files
 	if err := testutil.SetupFiles(testDir, files); err != nil {
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@ -28,7 +28,7 @@ import (
 	"strings"
 )

-var whitelist = []string{"/kbuild"}
+var whitelist = []string{"/kaniko"}

 // ExtractFileSystemFromImage pulls an image and unpacks it to a file system at root
 func ExtractFileSystemFromImage(img string) error {
--- a/pkg/util/fs_util_test.go
+++ b/pkg/util/fs_util_test.go
@ -46,7 +46,7 @@ func Test_fileSystemWhitelist(t *testing.T) {
 	}

 	actualWhitelist, err := fileSystemWhitelist(path)
-	expectedWhitelist := []string{"/kbuild", "/proc", "/dev", "/dev/pts", "/sys"}
+	expectedWhitelist := []string{"/kaniko", "/proc", "/dev", "/dev/pts", "/sys"}
 	sort.Strings(actualWhitelist)
 	sort.Strings(expectedWhitelist)
 	testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist)
@ -61,7 +61,7 @@ var tests = []struct {
 		files: map[string]string{
 			"/workspace/foo/a": "baz1",
 			"/workspace/foo/b": "baz2",
-			"/kbuild/file":     "file",
+			"/kaniko/file":     "file",
 		},
 		directory: "/workspace/foo/",
 		expectedFiles: []string{
@ -84,7 +84,7 @@ var tests = []struct {
 			"/workspace/foo/a": "baz1",
 			"/workspace/foo/b": "baz2",
 			"/workspace/baz":   "hey",
-			"/kbuild/file":     "file",
+			"/kaniko/file":     "file",
 		},
 		directory: "/workspace",
 		expectedFiles: []string{
@ -99,16 +99,16 @@ var tests = []struct {
 		files: map[string]string{
 			"/workspace/foo/a": "baz1",
 			"/workspace/foo/b": "baz2",
-			"/kbuild/file":     "file",
+			"/kaniko/file":     "file",
 		},
 		directory: "",
 		expectedFiles: []string{
 			"workspace/foo/a",
 			"workspace/foo/b",
-			"kbuild/file",
+			"kaniko/file",
 			"workspace",
 			"workspace/foo",
-			"kbuild",
+			"kaniko",
 			".",
 		},
 	},