* Remove tarball.WithCompressedCaching flag to resolve OOM Killed error
Large images cannot be build as the kaniko container will be killed due to an OOM error. Removing the tarball compression drastically reduces the memory required to push large image layers. Fixes#1680
This change may increase the build time for smaller images. Therefore a command line option to trigger the compression or a more intelligent behaviour may be useful.
* Add new command line flag to toggle compressed caching
* Add unittest for build with --compressed-caching command line flag set to false
which means we can now:
- set up one or more mirrors
- set up registries certificates
- skip TLS verify
- use plain HTTP
using the same set of flags that are defined for the executor
* Allow DOCKER_CONFIG to be a filename
* UnitTest: DockerConfLocation must return a file if it is existent and passed using env, or default if the file is incorrect
Kaniko currently does config file setup for GCR such that pushing to GCR
automagically works. This change does the same for pkg.dev:
https://cloud.google.com/artifact-registry
This also tightens up the hostname check to ensure we don't send
credentials to a registry that happens to contain "gcr.io".
This uses the default provided retry transport by
go-containerregistry as this originally had no retries
built in.
This is useful to avoid intermittent failures of image
registries when returning a retryable status code.
Add tests. The tests assume a POSIX file system, but it seems many
other tests assume Linux, so perhaps this is not a problem, or at
least does not add a new problem.
Fixes#1235
If the DOCKER_CONFIG environment variable is set, use it when
determining if the Docker config file exists. Fall back to kaniko
default if it the DOCKER_CONFIG environment variable is not set.
Fixes#1228
Kaniko by default used to configure the GCR credential helper however
this caused Kaniko to fail when trying to use a base image from a public
GCR image. This patch makes it possible to use public GCR images as base
image when using docker even when you're not authenticated to GCR.
Co-authored-by: Nate Williams <nate.williams@files.com>
Fixed#296.
The output manifests may have `application/vnd.docker.distribution.manifest.v2+json`
as their media types instead of `application/vnd.oci.image.manifest.v1+json`.
Resolves#607
* Deleted a duplicate Gopkg.lock block for github.com/otiai10/copy to
prevent `dep ensure` from deleting it from vendor/
* Searched for breaking changes. Only found ones for
remote.Delete/List/Write/WriteIndex. Searched for those and fixed
* Noticed that NewInsecureRegistry was deprecated and replaced it
This flag, when set, takes a file in the container and writes the image digest to it. This can be used to extract the exact digest of the built image by surrounding tooling without having to parse the logs from Kaniko, for example by pointing the file to a mounted volume or to a file used durint exit status, such as with Kubernetes' [Termination message policy](https://kubernetes.io/docs/tasks/debug-application-cluster/determine-reason-pod-failure/)]
When the flag is not set, the digest is not written to file and the executor behaves as before. The digest is also written to file in case of a tarball or a `--no-push`.
Closes#654
* Set TarPath to empty when pushing a layer
* Fix issues with layer caching, noPush and tarPath.
- Layer caching should work even when tarPath is specified, so this
commit changes the value of tarPath to empty when caching layers.
- When an image is built with just the tarPath and noPush
is true, we should still create the tarBall (which wasn't happening
before this commit).
* Set no-push to false for cache layers
* Remove extra log
* go-imports fix
Janosch Maier
Vivek Kumar
Lars Gröber
Sascha Schwarze
Or Geva
Josh Chorlton
Matt Moore
Tejal Desai
Vincent Behar
ejose19
Akram Ben Aissi
Tejal Desai
Jon Johnson
Ben Einaudi
Mitchell Friedman
David Dooling
Sam Stoelinga
Will Ripley
Don McCasland
alexa
chhsia0
Andreas Bergmeier
Taylor Barrella
Andreas Bergmeier
Gijs
Jason Hall
Anurag Goel
Daisuke Taniwaki
dlorenc