2017-06-22 20:11:56 +00:00
[![asciicinema example ](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU.png )](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU)
2019-10-11 17:20:52 +00:00
# BuildKit
2017-06-22 20:11:56 +00:00
2017-08-08 08:00:39 +00:00
[![GoDoc ](https://godoc.org/github.com/moby/buildkit?status.svg )](https://godoc.org/github.com/moby/buildkit/client/llb)
2020-11-26 18:02:04 +00:00
[![Build Status ](https://github.com/moby/buildkit/workflows/build/badge.svg )](https://github.com/moby/buildkit/actions?query=workflow%3Abuild)
2017-08-08 08:00:39 +00:00
[![Go Report Card ](https://goreportcard.com/badge/github.com/moby/buildkit )](https://goreportcard.com/report/github.com/moby/buildkit)
2020-11-22 03:03:55 +00:00
[![codecov ](https://codecov.io/gh/moby/buildkit/branch/master/graph/badge.svg )](https://codecov.io/gh/moby/buildkit)
2017-08-08 08:00:39 +00:00
2017-06-22 20:11:56 +00:00
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.
Key features:
2019-07-27 22:03:54 +00:00
- Automatic garbage collection
- Extendable frontend formats
- Concurrent dependency resolution
- Efficient instruction caching
- Build cache import/export
- Nested build job invocations
- Distributable workers
- Multiple output formats
- Pluggable architecture
- Execution without root privileges
2017-06-22 20:11:56 +00:00
Read the proposal from https://github.com/moby/moby/issues/32925
2017-12-21 00:27:58 +00:00
Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056cc5317
2019-10-11 17:20:52 +00:00
Join `#buildkit` channel on [Docker Community Slack ](http://dockr.ly/slack )
2020-12-09 03:54:13 +00:00
:information_source: If you are visiting this repo for the usage of BuildKit-only Dockerfile features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)` , please refer to [`frontend/dockerfile/docs/syntax.md` ](frontend/dockerfile/docs/syntax.md ).
2018-10-30 05:56:22 +00:00
2019-10-11 17:20:52 +00:00
:information_source: [BuildKit has been integrated to `docker build` since Docker 18.06 . ](https://docs.docker.com/develop/develop-images/build_enhancements/ )
You don't need to read this document unless you want to use the full-featured standalone version of BuildKit.
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE - RUN doctoc TO UPDATE -->
- [Used by ](#used-by )
- [Quick start ](#quick-start )
- [Starting the `buildkitd` daemon: ](#starting-the-buildkitd-daemon )
- [Exploring LLB ](#exploring-llb )
- [Exploring Dockerfiles ](#exploring-dockerfiles )
- [Building a Dockerfile with `buildctl` ](#building-a-dockerfile-with-buildctl )
- [Building a Dockerfile using external frontend: ](#building-a-dockerfile-using-external-frontend )
- [Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)` ](#building-a-dockerfile-with-experimental-features-like-run---mounttypebindcachetmpfssecretssh )
- [Output ](#output )
2019-11-07 02:23:15 +00:00
- [Image/Registry ](#imageregistry )
2019-10-11 17:20:52 +00:00
- [Local directory ](#local-directory )
- [Docker tarball ](#docker-tarball )
- [OCI tarball ](#oci-tarball )
- [containerd image store ](#containerd-image-store )
- [Cache ](#cache )
- [Garbage collection ](#garbage-collection )
- [Export cache ](#export-cache )
- [Inline (push image and cache together) ](#inline-push-image-and-cache-together )
- [Registry (push image and cache separately) ](#registry-push-image-and-cache-separately )
- [Local directory ](#local-directory-1 )
- [`--export-cache` options ](#--export-cache-options )
- [`--import-cache` options ](#--import-cache-options )
- [Consistent hashing ](#consistent-hashing )
2020-12-28 17:09:30 +00:00
- [Systemd socket activation ](#systemd-socket-activation )
2019-10-11 17:20:52 +00:00
- [Expose BuildKit as a TCP service ](#expose-buildkit-as-a-tcp-service )
- [Load balancing ](#load-balancing )
- [Containerizing BuildKit ](#containerizing-buildkit )
2020-08-05 09:42:32 +00:00
- [Podman ](#podman )
2019-10-11 17:20:52 +00:00
- [Kubernetes ](#kubernetes )
- [Daemonless ](#daemonless )
- [Opentracing support ](#opentracing-support )
- [Running BuildKit without root privileges ](#running-buildkit-without-root-privileges )
- [Building multi-platform images ](#building-multi-platform-images )
- [Contributing ](#contributing )
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Used by
2018-06-13 04:55:44 +00:00
2018-12-14 12:37:20 +00:00
BuildKit is used by the following projects:
2018-06-13 04:55:44 +00:00
2019-10-11 17:20:52 +00:00
- [Moby & Docker ](https://github.com/moby/moby/pull/37151 ) (`DOCKER_BUILDKIT=1 docker build`)
2019-07-27 22:03:54 +00:00
- [img ](https://github.com/genuinetools/img )
- [OpenFaaS Cloud ](https://github.com/openfaas/openfaas-cloud )
- [container build interface ](https://github.com/containerbuilding/cbi )
2019-10-11 17:20:52 +00:00
- [Tekton Pipelines ](https://github.com/tektoncd/catalog ) (formerly [Knative Build Templates ](https://github.com/knative/build-templates ))
2019-07-27 22:03:54 +00:00
- [the Sanic build tool ](https://github.com/distributed-containers-inc/sanic )
- [vab ](https://github.com/stellarproject/vab )
2019-09-14 23:47:12 +00:00
- [Rio ](https://github.com/rancher/rio )
2021-05-03 22:06:26 +00:00
- [kim ](https://github.com/rancher/kim )
2019-10-11 17:20:52 +00:00
- [PouchContainer ](https://github.com/alibaba/pouch )
- [Docker buildx ](https://github.com/docker/buildx )
2019-11-12 09:31:00 +00:00
- [Okteto Cloud ](https://okteto.com/ )
2020-04-16 21:32:15 +00:00
- [Earthly earthfiles ](https://github.com/vladaionescu/earthly )
2019-10-11 17:20:52 +00:00
## Quick start
2018-10-30 05:56:22 +00:00
2019-10-11 17:20:52 +00:00
:information_source: For Kubernetes deployments, see [`examples/kubernetes` ](./examples/kubernetes ).
2017-06-22 20:11:56 +00:00
2019-10-11 17:20:52 +00:00
BuildKit is composed of the `buildkitd` daemon and the `buildctl` client.
While the `buildctl` client is available for Linux, macOS, and Windows, the `buildkitd` daemon is only available for Linux currently.
2017-06-22 20:11:56 +00:00
2019-10-11 17:20:52 +00:00
The `buildkitd` daemon requires the following components to be installed:
2019-10-29 05:18:22 +00:00
- [runc ](https://github.com/opencontainers/runc ) or [crun ](https://github.com/containers/crun )
2019-07-27 22:03:54 +00:00
- [containerd ](https://github.com/containerd/containerd ) (if you want to use containerd worker)
2017-06-22 20:11:56 +00:00
2019-10-11 17:20:52 +00:00
The latest binaries of BuildKit are available [here ](https://github.com/moby/buildkit/releases ) for Linux, macOS, and Windows.
2017-12-13 04:34:55 +00:00
2019-10-11 17:20:52 +00:00
[Homebrew package ](https://formulae.brew.sh/formula/buildkit ) (unofficial) is available for macOS.
```console
$ brew install buildkit
2017-06-22 20:11:56 +00:00
```
2019-10-11 17:20:52 +00:00
To build BuildKit from source, see [`.github/CONTRIBUTING.md` ](./.github/CONTRIBUTING.md ).
2017-06-22 20:11:56 +00:00
2019-10-11 17:20:52 +00:00
### Starting the `buildkitd` daemon:
You need to run `buildkitd` as the root user on the host.
2017-12-21 00:27:58 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
$ sudo buildkitd
2017-12-21 00:27:58 +00:00
```
2019-10-11 17:20:52 +00:00
To run `buildkitd` as a non-root user, see [`docs/rootless.md` ](docs/rootless.md ).
2018-06-04 14:14:08 +00:00
The buildkitd daemon supports two worker backends: OCI (runc) and containerd.
2017-12-21 00:27:58 +00:00
2019-07-27 22:03:54 +00:00
By default, the OCI (runc) worker is used. You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker.
2017-12-21 00:27:58 +00:00
We are open to adding more backends.
2020-12-28 17:09:30 +00:00
To start the buildkitd daemon using systemd socket activiation, you can install the buildkit systemd unit files.
See [Systemd socket activation ](#systemd-socket-activation )
2019-10-11 17:20:52 +00:00
The buildkitd daemon listens gRPC API on `/run/buildkit/buildkitd.sock` by default, but you can also use TCP sockets.
See [Expose BuildKit as a TCP service ](#expose-buildkit-as-a-tcp-service ).
### Exploring LLB
2017-12-21 00:27:58 +00:00
2018-02-27 07:06:01 +00:00
BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C.
2019-07-27 22:03:54 +00:00
- Marshaled as Protobuf messages
- Concurrently executable
- Efficiently cacheable
- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented)
2018-02-27 07:06:01 +00:00
2019-10-11 17:20:52 +00:00
See [`solver/pb/ops.proto` ](./solver/pb/ops.proto ) for the format definition, and see [`./examples/README.md` ](./examples/README.md ) for example LLB applications.
2018-02-27 07:06:01 +00:00
2019-10-11 17:20:52 +00:00
Currently, the following high-level languages has been implemented for LLB:
2018-02-27 07:06:01 +00:00
2019-07-27 22:03:54 +00:00
- Dockerfile (See [Exploring Dockerfiles ](#exploring-dockerfiles ))
- [Buildpacks ](https://github.com/tonistiigi/buildkit-pack )
2019-10-11 17:20:52 +00:00
- [Mockerfile ](https://matt-rickard.com/building-a-new-dockerfile-frontend/ )
- [Gockerfile ](https://github.com/po3rin/gockerfile )
2020-05-26 21:17:09 +00:00
- [bldr (Pkgfile) ](https://github.com/talos-systems/bldr/ )
2020-07-27 05:38:36 +00:00
- [HLB ](https://github.com/openllb/hlb )
- [Earthfile (Earthly) ](https://github.com/earthly/earthly )
- [Cargo Wharf (Rust) ](https://github.com/denzp/cargo-wharf )
2019-07-27 22:03:54 +00:00
- (open a PR to add your own language)
2017-12-21 00:27:58 +00:00
2019-10-11 17:20:52 +00:00
### Exploring Dockerfiles
2017-06-22 20:11:56 +00:00
2019-10-11 17:20:52 +00:00
Frontends are components that run inside BuildKit and convert any build definition to LLB. There is a special frontend called gateway (`gateway.v0`) that allows using any image as a frontend.
2017-12-21 00:27:58 +00:00
2019-10-11 17:20:52 +00:00
During development, Dockerfile frontend (`dockerfile.v0`) is also part of the BuildKit repo. In the future, this will be moved out, and Dockerfiles can be built using an external image.
2017-09-21 00:09:57 +00:00
2019-10-11 17:20:52 +00:00
#### Building a Dockerfile with `buildctl`
2017-09-21 00:09:57 +00:00
2019-07-27 22:03:54 +00:00
```bash
buildctl build \
--frontend=dockerfile.v0 \
--local context=. \
--local dockerfile=.
# or
buildctl build \
--frontend=dockerfile.v0 \
--local context=. \
--local dockerfile=. \
--opt target=foo \
--opt build-arg:foo=bar
2017-09-21 00:09:57 +00:00
```
2017-12-21 00:27:58 +00:00
`--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location.
2017-12-13 04:34:55 +00:00
2019-10-11 17:20:52 +00:00
#### Building a Dockerfile using external frontend:
2017-11-09 23:39:46 +00:00
2020-12-09 03:49:51 +00:00
External versions of the Dockerfile frontend are pushed to https://hub.docker.com/r/docker/dockerfile-upstream and https://hub.docker.com/r/docker/dockerfile and can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `docker/dockerfile-upstream:master` or `docker/dockerfile-upstream:master-labs` image can be used.
2017-12-21 00:27:58 +00:00
2019-07-27 22:03:54 +00:00
```bash
buildctl build \
--frontend gateway.v0 \
--opt source=docker/dockerfile \
--local context=. \
--local dockerfile=.
buildctl build \
--frontend gateway.v0 \
--opt source=docker/dockerfile \
2021-11-02 17:02:27 +00:00
--opt context=https://github.com/moby/moby.git \
2019-07-27 22:03:54 +00:00
--opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org
2017-11-09 23:39:46 +00:00
```
2017-09-21 00:09:57 +00:00
2019-10-11 17:20:52 +00:00
#### Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)`
2018-10-30 05:56:22 +00:00
See [`frontend/dockerfile/docs/experimental.md` ](frontend/dockerfile/docs/experimental.md ).
2019-01-31 16:30:39 +00:00
### Output
2017-12-21 00:27:58 +00:00
2019-01-31 16:30:39 +00:00
By default, the build result and intermediate cache will only remain internally in BuildKit. An output needs to be specified to retrieve the result.
2017-12-21 00:27:58 +00:00
2019-11-07 02:23:15 +00:00
#### Image/Registry
2017-09-21 00:09:57 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
buildctl build ... --output type=image,name=docker.io/username/image,push=true
2017-09-21 00:09:57 +00:00
```
2019-12-27 13:55:17 +00:00
To export the cache embed with the image and pushing them to registry together, type `registry` is required to import the cache, you should specify `--export-cache type=inline` and `--import-cache type=registry,ref=...` . To export the cache to a local directy, you should specify `--export-cache type=local` .
Details in [Export cache ](#export-cache ).
2017-11-09 23:39:46 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
buildctl build ...\
--output type=image,name=docker.io/username/image,push=true \
--export-cache type=inline \
--import-cache type=registry,ref=docker.io/username/image
2017-11-09 23:39:46 +00:00
```
2019-11-07 02:23:15 +00:00
Keys supported by image output:
* `name=[value]` : image name
* `push=true` : push after creating the image
* `push-by-digest=true` : push unnamed image
* `registry.insecure=true` : push to insecure HTTP registry
* `oci-mediatypes=true` : use OCI mediatypes in configuration JSON instead of Docker's
* `unpack=true` : unpack image after creation (for use with containerd)
* `dangling-name-prefix=[value]` : name image with `prefix@<digest>` , used for anonymous images
* `name-canonical=true` : add additional canonical name `name@<digest>`
2021-03-30 12:59:03 +00:00
* `compression=[uncompressed,gzip]` : choose compression type for layers newly created and cached, gzip is default value
* `force-compression=true` : forcefully apply `compression` option to all layers (including already existing layers).
2019-11-07 02:23:15 +00:00
2019-10-11 17:20:52 +00:00
If credentials are required, `buildctl` will attempt to read Docker configuration file `$DOCKER_CONFIG/config.json` .
`$DOCKER_CONFIG` defaults to `~/.docker` .
2017-11-09 23:39:46 +00:00
2019-10-11 17:20:52 +00:00
#### Local directory
2017-09-21 00:09:57 +00:00
2017-12-21 00:27:58 +00:00
The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images.
2019-07-27 22:03:54 +00:00
```bash
2019-01-31 16:30:39 +00:00
buildctl build ... --output type=local,dest=path/to/output-dir
2017-09-21 00:09:57 +00:00
```
2019-05-19 12:27:11 +00:00
To export specific files use multi-stage builds with a scratch stage and copy the needed files into that stage with `COPY --from` .
2019-07-27 22:03:54 +00:00
2019-05-09 17:47:31 +00:00
```dockerfile
...
FROM scratch as testresult
COPY --from=builder /usr/src/app/testresult.xml .
...
```
2019-07-27 22:03:54 +00:00
```bash
2019-05-09 17:47:31 +00:00
buildctl build ... --opt target=testresult --output type=local,dest=path/to/output-dir
```
2019-03-27 06:10:21 +00:00
Tar exporter is similar to local exporter but transfers the files through a tarball.
2019-07-27 22:03:54 +00:00
```bash
2019-03-27 06:10:21 +00:00
buildctl build ... --output type=tar,dest=out.tar
buildctl build ... --output type=tar > out.tar
```
2019-10-11 17:20:52 +00:00
#### Docker tarball
2017-12-18 00:20:19 +00:00
2019-07-27 22:03:54 +00:00
```bash
2017-12-18 00:20:19 +00:00
# exported tarball is also compatible with OCI spec
2019-01-31 16:30:39 +00:00
buildctl build ... --output type=docker,name=myimage | docker load
2017-12-18 00:20:19 +00:00
```
2019-10-11 17:20:52 +00:00
#### OCI tarball
2017-12-13 06:09:48 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-01-31 16:30:39 +00:00
buildctl build ... --output type=oci,dest=path/to/output.tar
buildctl build ... --output type=oci > output.tar
2017-12-13 06:09:48 +00:00
```
2019-10-11 17:20:52 +00:00
#### containerd image store
The containerd worker needs to be used
```bash
buildctl build ... --output type=image,name=docker.io/username/image
ctr --namespace=buildkit images ls
```
To change the containerd namespace, you need to change `worker.containerd.namespace` in [`/etc/buildkit/buildkitd.toml` ](./docs/buildkitd.toml.md ).
## Cache
To show local build cache (`/var/lib/buildkit`):
```bash
buildctl du -v
```
To prune local build cache:
```bash
buildctl prune
```
### Garbage collection
See [`./docs/buildkitd.toml.md` ](./docs/buildkitd.toml.md ).
### Export cache
BuildKit supports the following cache exporters:
* `inline` : embed the cache into the image, and push them to the registry together
* `registry` : push the image and the cache separately
* `local` : export to a local directory
In most case you want to use the `inline` cache exporter.
However, note that the `inline` cache exporter only supports `min` cache mode.
To enable `max` cache mode, push the image and the cache separately by using `registry` cache exporter.
#### Inline (push image and cache together)
```bash
buildctl build ... \
--output type=image,name=docker.io/username/image,push=true \
--export-cache type=inline \
--import-cache type=registry,ref=docker.io/username/image
```
Note that the inline cache is not imported unless `--import-cache type=registry,ref=...` is provided.
2017-12-13 06:09:48 +00:00
2019-10-11 17:20:52 +00:00
:information_source: Docker-integrated BuildKit (`DOCKER_BUILDKIT=1 docker build`) and `docker buildx` requires
`--build-arg BUILDKIT_INLINE_CACHE=1` to be specified to enable the `inline` cache exporter.
However, the standalone `buildctl` does NOT require `--opt build-arg:BUILDKIT_INLINE_CACHE=1` and the build-arg is simply ignored.
2018-09-11 08:02:46 +00:00
2019-10-11 17:20:52 +00:00
#### Registry (push image and cache separately)
2018-09-11 08:02:46 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
buildctl build ... \
--output type=image,name=localhost:5000/myrepo:image,push=true \
--export-cache type=registry,ref=localhost:5000/myrepo:buildcache \
--import-cache type=registry,ref=localhost:5000/myrepo:buildcache \
2018-09-11 08:02:46 +00:00
```
2019-10-11 17:20:52 +00:00
#### Local directory
2018-09-11 08:02:46 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-04-10 03:14:54 +00:00
buildctl build ... --export-cache type=local,dest=path/to/output-dir
2019-11-01 06:09:00 +00:00
buildctl build ... --import-cache type=local,src=path/to/input-dir
2018-09-11 08:02:46 +00:00
```
The directory layout conforms to OCI Image Spec v1.0.
2019-10-11 17:20:52 +00:00
#### `--export-cache` options
- `type` : `inline` , `registry` , or `local`
2019-07-27 22:03:54 +00:00
- `mode=min` (default): only export layers for the resulting image
2019-10-11 17:20:52 +00:00
- `mode=max` : export all the layers of all intermediate steps. Not supported for `inline` cache exporter.
2019-07-27 22:03:54 +00:00
- `ref=docker.io/user/image:tag` : reference for `registry` cache exporter
- `dest=path/to/output-dir` : directory for `local` cache exporter
2020-10-26 19:13:59 +00:00
- `oci-mediatypes=true|false` : whether to use OCI mediatypes in exported manifests for `local` and `registry` exporter. Since BuildKit `v0.8` defaults to true.
2018-09-11 08:02:46 +00:00
#### `--import-cache` options
2019-10-11 17:20:52 +00:00
- `type` : `registry` or `local` . Use `registry` to import `inline` cache.
2019-07-27 22:03:54 +00:00
- `ref=docker.io/user/image:tag` : reference for `registry` cache importer
- `src=path/to/input-dir` : directory for `local` cache importer
2019-11-01 06:09:00 +00:00
- `digest=sha256:deadbeef` : digest of the manifest list to import for `local` cache importer.
2020-01-29 12:32:55 +00:00
- `tag=customtag` : custom tag of image for `local` cache importer.
2020-03-06 23:58:10 +00:00
Defaults to the digest of "latest" tag in `index.json` is for digest, not for tag
2019-10-11 17:20:52 +00:00
### Consistent hashing
If you have multiple BuildKit daemon instances but you don't want to use registry for sharing cache across the cluster,
consider client-side load balancing using consistent hashing.
See [`./examples/kubernetes/consistenthash` ](./examples/kubernetes/consistenthash ).
2018-09-11 08:02:46 +00:00
2021-04-29 02:08:53 +00:00
## Metadata
To output build metadata such as the image digest, pass the `--metadata-file` flag.
The metadata will be written as a JSON object to the specified file.
The directory of the specified file must already exist and be writable.
```
buildctl build ... --metadata-file metadata.json
```
```
{"containerimage.digest": "sha256:ea0cfb27fd41ea0405d3095880c1efa45710f5bcdddb7d7d5a7317ad4825ae14",...}
```
2020-12-28 17:09:30 +00:00
## Systemd socket activation
On Systemd based systems, you can communicate with the daemon via [Systemd socket activation ](http://0pointer.de/blog/projects/socket-activation.html ), use `buildkitd --addr fd://` .
You can find examples of using Systemd socket activation with BuildKit and Systemd in [`./examples/systemd` ](./examples/systemd ).
2019-10-11 17:20:52 +00:00
## Expose BuildKit as a TCP service
2017-12-21 00:27:58 +00:00
2019-10-11 17:20:52 +00:00
The `buildkitd` daemon can listen the gRPC API on a TCP socket.
It is highly recommended to create TLS certificates for both the daemon and the client (mTLS).
Enabling TCP without mTLS is dangerous because the executor containers (aka Dockerfile `RUN` containers) can call BuildKit API as well.
2017-09-21 00:09:57 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
buildkitd \
--addr tcp://0.0.0.0:1234 \
--tlscacert /path/to/ca.pem \
--tlscert /path/to/cert.pem \
--tlskey /path/to/key.pem
2017-09-21 00:09:57 +00:00
```
2017-07-10 17:47:52 +00:00
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
buildctl \
--addr tcp://example.com:1234 \
--tlscacert /path/to/ca.pem \
--tlscert /path/to/clientcert.pem \
--tlskey /path/to/clientkey.pem \
build ...
2017-12-21 00:27:58 +00:00
```
2019-10-11 17:20:52 +00:00
### Load balancing
`buildctl build` can be called against randomly load balanced the `buildkitd` daemon.
See also [Consistent hashing ](#consistenthashing ) for client-side load balancing.
## Containerizing BuildKit
2017-10-12 12:18:07 +00:00
2019-10-11 17:20:52 +00:00
BuildKit can also be used by running the `buildkitd` daemon inside a Docker container and accessing it remotely.
2017-10-12 12:18:07 +00:00
2019-10-11 17:20:52 +00:00
We provide the container images as [`moby/buildkit` ](https://hub.docker.com/r/moby/buildkit/tags/ ):
2018-10-30 05:56:22 +00:00
2019-07-27 22:03:54 +00:00
- `moby/buildkit:latest` : built from the latest regular [release ](https://github.com/moby/buildkit/releases )
- `moby/buildkit:rootless` : same as `latest` but runs as an unprivileged user, see [`docs/rootless.md` ](docs/rootless.md )
- `moby/buildkit:master` : built from the master branch
- `moby/buildkit:master-rootless` : same as master but runs as an unprivileged user, see [`docs/rootless.md` ](docs/rootless.md )
2018-10-30 05:56:22 +00:00
2017-10-12 12:18:07 +00:00
To run daemon in a container:
2019-07-27 22:03:54 +00:00
```bash
2019-10-11 17:20:52 +00:00
docker run -d --name buildkitd --privileged moby/buildkit:latest
export BUILDKIT_HOST=docker-container://buildkitd
2017-10-15 19:13:47 +00:00
buildctl build --help
2017-10-12 12:18:07 +00:00
```
2020-08-05 09:42:32 +00:00
### Podman
To connect to a BuildKit daemon running in a Podman container, use `podman-container://` instead of `docker-container://` .
```bash
podman run -d --name buildkitd --privileged moby/buildkit:latest
buildctl --addr=podman-container://buildkitd build --frontend dockerfile.v0 --local context=. --local dockerfile=. --output type=oci | podman load foo
```
`sudo` is not required.
2019-10-11 17:20:52 +00:00
### Kubernetes
For Kubernetes deployments, see [`examples/kubernetes` ](./examples/kubernetes ).
### Daemonless
2020-12-09 03:49:51 +00:00
To run the client and an ephemeral daemon in a single container ("daemonless mode"):
2019-05-26 02:59:17 +00:00
2019-07-27 22:03:54 +00:00
```bash
docker run \
-it \
--rm \
--privileged \
-v /path/to/dir:/tmp/work \
--entrypoint buildctl-daemonless.sh \
moby/buildkit:master \
build \
--frontend dockerfile.v0 \
--local context=/tmp/work \
--local dockerfile=/tmp/work
2019-05-26 02:59:17 +00:00
```
2019-07-27 22:03:54 +00:00
2019-05-26 02:59:17 +00:00
or
2019-07-27 22:03:54 +00:00
```bash
docker run \
-it \
--rm \
--security-opt seccomp=unconfined \
--security-opt apparmor=unconfined \
-e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \
-v /path/to/dir:/tmp/work \
--entrypoint buildctl-daemonless.sh \
moby/buildkit:master-rootless \
build \
--frontend \
dockerfile.v0 \
--local context=/tmp/work \
--local dockerfile=/tmp/work
```
2019-10-11 17:20:52 +00:00
## Opentracing support
2018-01-08 21:05:27 +00:00
BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger ](https://github.com/jaegertracing/jaeger ), set `JAEGER_TRACE` environment variable to the collection address.
2019-07-27 22:03:54 +00:00
```bash
2018-01-08 21:05:27 +00:00
docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest
export JAEGER_TRACE=0.0.0.0:6831
# restart buildkitd and buildctl so they know JAEGER_TRACE
# any buildctl command should be traced to http://127.0.0.1:16686/
```
2019-10-11 17:20:52 +00:00
## Running BuildKit without root privileges
2017-07-01 04:58:51 +00:00
2019-10-11 17:20:52 +00:00
Please refer to [`docs/rootless.md` ](docs/rootless.md ).
2017-07-01 04:58:51 +00:00
2019-10-11 17:20:52 +00:00
## Building multi-platform images
2018-05-30 02:49:43 +00:00
2019-10-11 17:20:52 +00:00
See [`docker buildx` documentation ](https://github.com/docker/buildx#building-multi-platform-images )
2017-06-22 20:11:56 +00:00
2019-10-11 17:20:52 +00:00
## Contributing
2017-06-22 20:11:56 +00:00
2019-07-27 22:03:54 +00:00
Want to contribute to BuildKit? Awesome! You can find information about contributing to this project in the [CONTRIBUTING.md ](/.github/CONTRIBUTING.md )
2019-10-11 17:20:52 +00:00