* Add support for configurable compression algorithm (gzip, zstd) and compression level
We want to make the layer compression in kaniko configurable, so we have added two optional command line arguments “--compression” and “--compression-level”. The former allows the user to specify a compression algorithm (zstd, gzip) and the latter can be used to specify the compression level.
Depending on the selected compression algorithm and level we modify the set of layerOptions that are used to create tarball layers in `push.go` and `build.go`.
The actual implementation of the zstd support can be found in our fork of the go-containerregistry package for which we have filed this PR: google/go-containerregistry#1487
The changes should be fully backwards compatible.
* Restrict inputs for compression flag to gzip and zstd
This change will ensure that users can only specify supported compression algorithms (`zstd`, `gzip`) to the `--compression` flag.
* Fix incorrect type for switch statements on config.Compression
* Adds the ability to provide `--cache-repo` as an OCI image layout path
- Adds cache.LayoutCache to implement cache.LayerCache interface
- When opts.CacheRepo has "oci:" prefix, instantiates a LayoutCache
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add integration test for layout cache
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Updates from PR review
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* fix: Correct flatten function in layers
- Added a test.
- Cache current image, track deletes in `whiteouts` as well as normal adds in `layers`.
- Fix ugly delete behavior of `layerHashCache`.
Delete it when crerating a new snapshot.
- Slight cleanup in `snapshot.go`.
- Format ugly `WalkFS` function.
* fix: Add symbolic link changes to Hasher and CacheHasher
* fix: Better log messages
* fix(ci): Integration tests
* fix(ci): Add `--no-cache` to docker builds
* fix(ci): Pass credentials for error integration test
* np: Missing .gitignore in `hack`
* np: Capitalize every log message
- Correct some linting.
* fix: Key function
- Merge only last layer onto `currentImage`.
* fix: Remove old obsolete `cacheHasher`
* Remove tarball.WithCompressedCaching flag to resolve OOM Killed error
Large images cannot be build as the kaniko container will be killed due to an OOM error. Removing the tarball compression drastically reduces the memory required to push large image layers. Fixes#1680
This change may increase the build time for smaller images. Therefore a command line option to trigger the compression or a more intelligent behaviour may be useful.
* Add new command line flag to toggle compressed caching
* Add unittest for build with --compressed-caching command line flag set to false
which means we can now:
- set up one or more mirrors
- set up registries certificates
- skip TLS verify
- use plain HTTP
using the same set of flags that are defined for the executor
* Allow DOCKER_CONFIG to be a filename
* UnitTest: DockerConfLocation must return a file if it is existent and passed using env, or default if the file is incorrect
Kaniko currently does config file setup for GCR such that pushing to GCR
automagically works. This change does the same for pkg.dev:
https://cloud.google.com/artifact-registry
This also tightens up the hostname check to ensure we don't send
credentials to a registry that happens to contain "gcr.io".
This uses the default provided retry transport by
go-containerregistry as this originally had no retries
built in.
This is useful to avoid intermittent failures of image
registries when returning a retryable status code.
Add tests. The tests assume a POSIX file system, but it seems many
other tests assume Linux, so perhaps this is not a problem, or at
least does not add a new problem.
Fixes#1235
If the DOCKER_CONFIG environment variable is set, use it when
determining if the Docker config file exists. Fall back to kaniko
default if it the DOCKER_CONFIG environment variable is not set.
Fixes#1228
Kaniko by default used to configure the GCR credential helper however
this caused Kaniko to fail when trying to use a base image from a public
GCR image. This patch makes it possible to use public GCR images as base
image when using docker even when you're not authenticated to GCR.
Co-authored-by: Nate Williams <nate.williams@files.com>
Fixed#296.
The output manifests may have `application/vnd.docker.distribution.manifest.v2+json`
as their media types instead of `application/vnd.oci.image.manifest.v1+json`.
Resolves#607
* Deleted a duplicate Gopkg.lock block for github.com/otiai10/copy to
prevent `dep ensure` from deleting it from vendor/
* Searched for breaking changes. Only found ones for
remote.Delete/List/Write/WriteIndex. Searched for those and fixed
* Noticed that NewInsecureRegistry was deprecated and replaced it
Lavrenti Frobeen
Natalie Arellano
Gabriel Nützi
Jason D'Amour
Jason Hall
Tejal Desai
Janosch Maier
Vivek Kumar
Lars Gröber
Sascha Schwarze
Or Geva
Josh Chorlton
Matt Moore
Vincent Behar
ejose19
Akram Ben Aissi
Tejal Desai
Jon Johnson
Ben Einaudi
Mitchell Friedman
David Dooling
Sam Stoelinga
Will Ripley
Don McCasland
alexa
chhsia0
Andreas Bergmeier
Taylor Barrella
Andreas Bergmeier