* Add support for configurable compression algorithm (gzip, zstd) and compression level
We want to make the layer compression in kaniko configurable, so we have added two optional command line arguments “--compression” and “--compression-level”. The former allows the user to specify a compression algorithm (zstd, gzip) and the latter can be used to specify the compression level.
Depending on the selected compression algorithm and level we modify the set of layerOptions that are used to create tarball layers in `push.go` and `build.go`.
The actual implementation of the zstd support can be found in our fork of the go-containerregistry package for which we have filed this PR: google/go-containerregistry#1487
The changes should be fully backwards compatible.
* Restrict inputs for compression flag to gzip and zstd
This change will ensure that users can only specify supported compression algorithms (`zstd`, `gzip`) to the `--compression` flag.
* Fix incorrect type for switch statements on config.Compression
* fix(ci): Bump golangci-lint to 1.51.1
* chore(lint): fix gofmt and goimport issues
* chore(lint): fix linter issues
- Adapted error comparison according to linter recommendation
- Disabled noctx linting for http request where canceling makes no sense
- Disabled nilerror linting where nil error is returned on purpose
- Disabled makezero linter where slice is explicitly deepcopied
* chore(ci): Update go version in tests workflows
* fix(ci): Allow boilerplate years from 2000-2099
Previously the regex only allowed the copyright notice to contain the
years 2018,2019,2020,2021, or 2022. This commit widens to regex to
20\d\d allowing any year in the range [2000-2099]
* feat(ci): Replace minikube with k3s for intregration tests
The existing setup for minikube is very complicated, replicating most of
the setup steps for a full kubernetes cluster in an only partially
supported minikube configuration (driver=none). Furthermore the existing
setup has been broken for sometime, likely, at least in part due to the
changes to CNI and CRI in recent kubernetes versions.
Since what we actually need is only a running Kubernetes cluster on the
node and access to a registry on localhost:5000, we can switch the
extremely complicated minikube setup for a lightweight cluster using
k3s. Minikube came with a default addon for running a registry on every
node, but the same is not the case for k3s, instead we make use of the
package helm controller and its HelmChart CR to deploy twuni/docker-registry.helm
and expose it on localhost using the integrated LoadBalancer controller.
* fix(test-684): pin base container version
The dockerfile for the regression test connected to issue 684 used a
rolling tag as base image, making it flaky and fail since it was
introduced.
This commit pins the base image to the digest of bionic-20200219, which,
based on the date of the commit that introduced to the dockerfile would
be the most newest ubuntu build and likely what the "rolling" tag
resolved to back then. Since this also an image from the pre-oci days of
ubuntu, this circumvents a bug in container-diff as well
(https://github.com/GoogleContainerTools/container-diff/issues/389)
* Adds the ability to provide `--cache-repo` as an OCI image layout path
- Adds cache.LayoutCache to implement cache.LayerCache interface
- When opts.CacheRepo has "oci:" prefix, instantiates a LayoutCache
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add integration test for layout cache
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Updates from PR review
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* fix: Correct flatten function in layers
- Added a test.
- Cache current image, track deletes in `whiteouts` as well as normal adds in `layers`.
- Fix ugly delete behavior of `layerHashCache`.
Delete it when crerating a new snapshot.
- Slight cleanup in `snapshot.go`.
- Format ugly `WalkFS` function.
* fix: Add symbolic link changes to Hasher and CacheHasher
* fix: Better log messages
* fix(ci): Integration tests
* fix(ci): Add `--no-cache` to docker builds
* fix(ci): Pass credentials for error integration test
* np: Missing .gitignore in `hack`
* np: Capitalize every log message
- Correct some linting.
* fix: Key function
- Merge only last layer onto `currentImage`.
* fix: Remove old obsolete `cacheHasher`
* update kaniko-dir flag description
* add dir check anonymous func for check to config or env
* add kaniko dir constant in default options
* Update cmd/executor/cmd/root.go
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* add CopyDir util usage for checkKanikoDir func
* add removal of kaniko dir on successful copy of new files
* add comment for CopyDir usage
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* Use canonical image architectures. Closes#1995.
Prior to this change, Kaniko was not using the platform's canonical value.
* Update platform unit test.
* remove configurables from constants
* add configurables to config init
* add kaniko dir flag
* cleanup pkg constants
* replace buildcontext constants pkg occurrences with config
* add KanikoDir to KanikoOptions
* replace executor constants pkg occurrences with config
* remove redundant KanikoDir assignment
* replace constants to config for IntermediateStagesDir
* fix imports
* add default kaniko directory into constants
* add check for kanikoDir on use
* update init to use default path constant
* update executor kanikoDir check
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* alter checkKanikoDir parameter
* add TestKanikoDir func
* update error handling style
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* remove shorthand flag usage from test
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* add docstring to integration test
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* remove shorthand flag from kaniko-dir
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* Correctly handle platforms that include CPU variants
Prior to this change, Kaniko would only select the platform-specific
image from a multi-platform image using the OS and architecture to
select the image. This leads to problems when there are two platforms
that are indistinguishable using only this information (e.g.,
linux/arm/v5 and linux/arm/v7).
This change more explicitly selects the right image from a
multi-platform image, taking CPU variant into account (v5 vs v7), using
containerd's CPU variant detection logic.
This also moves platform defaulting up as early as possible in execution
as it can go, so that malformed platform values are detected as soon as
possible.
* set platform in unit test
* Remove tarball.WithCompressedCaching flag to resolve OOM Killed error
Large images cannot be build as the kaniko container will be killed due to an OOM error. Removing the tarball compression drastically reduces the memory required to push large image layers. Fixes#1680
This change may increase the build time for smaller images. Therefore a command line option to trigger the compression or a more intelligent behaviour may be useful.
* Add new command line flag to toggle compressed caching
* Add unittest for build with --compressed-caching command line flag set to false
* avoid deleting whiteouts if they are in ignore list
* fix snapshotter ignore list
* include filesystem mounts in ignorelist of snapshotter
* clean up ignore list logic
* add unit and integration tests for #1652
* fix tests and ignore list updates
* exit codes of failed RUN commands may now be propagated to the caller by using the --propagate-exit-code flag
* removed exit code propagation flag; the exit function now unwraps the error and looks for an exit code
* added integration test for exit code propagation
* added trailing new line in test Dockerfile_exit_code_propagation; tidying up README.md removing all traces of error propagation flag
* moved exit code propagation test to integration_test.go; moved exit code propagation test files to 'testdata' to avoid interference with other integration tests
* initial commit
* remove bazel jobs
* fix arch
* more fixes after testing and code review comments
* fix build platform
* add individual cloudbuild.yaml as its taking 45 mins for a cloud build trigger
* add buildx plugin
* add more debugging
* update busybox version to fix CVE-2018-1000500
* fix
* lint + more debug
* fix
* fix
* fix
* remove images from cloudbiuld
* move CI job back to docker
* one more fix
* lets see
* bring it back
* move CI job back to docker
* remove aerg from top
* live restart config
* remove live restore as minikube setup failed
* add --force-systemd
* add --force-systemd and docker driver none
* change the --run flag
* docker info and some logs removed
* fix docker command
* upgrade version for buildx to 0.5.1
* remove docker service from travis.yml and add systemd cgroup config
* move the docker config up
* move them back to docker build
* fix
* fix all dockerfiles
* fix warmer
* fix
* rm bazel jobs
* add more logs
* fix debug
Co-authored-by: ankitm123 <ankitmohapatra123@gmail.com>
which means we can now:
- set up one or more mirrors
- set up registries certificates
- skip TLS verify
- use plain HTTP
using the same set of flags that are defined for the executor
The upstream of github.com/genuinetools/amicontained switched to the
container runtime detection via github.com/genuinetools/bpfd/proc,
which supports a larger range of container runtimes. With this change
(among others) Podman can be detected correctly.
Fixes#1501.
Fixes#1473
The initial implementation of the registry mirror only allowed a single mirror, and if pulling from the mirror failed, the build would fail.
This change introduces:
- multiple registry mirrors instead of a single one
- fallback if an image can't be pulled from a registry
This is the same behavior as the docker daemon and will allow using a registry mirror such as `mirror.gcr.io` which is incomplete and doesn't have all the content that the default registry on docker.io has.
Note that there are no changes in the CLI flags, the `--registry-mirror` flag is still valid. But now it can be used multiple times to set up more than one registry mirror.
Co-authored-by: Tejal Desai <tejaldesai@google.com>
This is extenion of current code to build s390x version of kaniko
executor image and add it to multi-arch manifest
Signed-off-by: Yulia Gaponenko <yulia.gaponenko1@de.ibm.com>
* Extend .dockerignore integration test with copies in later stages
.dockerignore should continue to apply when copying from the build context in later stages, but it currently doesn't
* Replace excluded global with passed along FileContext struct
This new FileContext struct allows much cleaner handling of context specific file exclusions.
The global excluded file state is no longer needed.
Additionally this also fixes the issue where excluded files aren't being applied for build context copies in later build stages.
Lavrenti Frobeen
Joël Pepper
Natalie Arellano
Gabriel Nützi
chenggui53
Ramy
Jason D'Amour
Jack
Diego Gonzalez
Igor Scheller
Oliver Gregorius
Jason Hall
Tejal Desai
Janosch Maier
Rhianna
Jose Donizetti
Kamal Nasser
Benjamin Krenn
Chris Hoffman
Jon Friesen
Sascha Schwarze
Or Geva
Vincent Behar
Severin Strobl
mickkael
Yulia Gaponenko
ejose19
Matt Moore
Tinjo Schöni
Thomas Stromberg
Carlos Alexandro Becker
Tejal Desai