Commit Graph

25 Commits (23af9dcb86ab24a66bef2534933eb62add91815f)

Author SHA1 Message Date
Tonis Tiigi 9f6172c8bd docs: update external dockerfile docs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-12-08 21:26:18 -08:00
Akihiro Suda b182bcb07e
docs/rootless.md: add instruction for isolating netns
Isolating network namespace with `rootlesskit --net=slirp4netns` is
recommended for protecting localhost sockets and abstract sockets on the host.

This is not meaningful for running rootless buildkitd inside a
container, so slirp4netns is not added in Dockerfile.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 17:47:41 +09:00
ktock 5cbf8a152b Add documentation about stargz/eStargz support
Signed-off-by: ktock <ktokunaga.mail@gmail.com>
2020-10-30 19:25:41 +09:00
Akihiro Suda 444d506251
docs/rootless.md: drop support for Debian 9 and Fedora 30
Debian 9 has reached EOL on 2020-07-06: https://wiki.debian.org/DebianReleases
Fedora 30 has reached EOL on 2020-05-26: https://fedoraproject.org/wiki/End_of_life

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-07-27 14:34:56 +09:00
Tonis Tiigi 56f76a5621 resolver: support self signed certificates
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-03-16 22:09:27 -07:00
Akihiro Suda 8b56fac46b rootless: graduate from experimental
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:04:53 +09:00
Akihiro Suda 9f90f5a985 rootless: support fuse-overlayfs
While real overlayfs is available only in Ubuntu and Debian kernels,
fuse-overlayfs is universally available for kernel >= 4.18.

For dockerized deployment, `--device /dev/fuse` needs to be added to
`docker run` flags.

Kubernetes deployment needs a custom device plugin that enables
`/dev/fuse`, e.g. https://github.com/honkiko/k8s-hostdev-plugin

Instead of a device plugin, the device can be also enabled by setting
`securityContext.privileged` to `true`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-03 11:30:29 +09:00
Nikhil Pandeti 7efcee49c5 Oci worker binary documentation and add missing constructor arg in runc_test
Signed-off-by: Nikhil Pandeti <nikhil.pandeti@utexas.edu>
2019-12-12 13:25:56 -06:00
Nikhil Pandeti cb237bf24e Gofmt and goimports config.go, add documentation
Signed-off-by: Nikhil Pandeti <nikhil.pandeti@utexas.edu>
2019-12-12 12:32:47 -06:00
Akihiro Suda 04ba0e64a2 docs for Fedora 31 users
BuildKit with crun works fine on cgroup2 system.
Tested both Rootful and Rootless on Fedora 31, with crun v0.10.2.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-29 15:02:38 +09:00
Akihiro Suda 5938170b84 hack: rename Dockerfiles
Fix https://github.com/moby/buildkit/issues/1208

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-18 17:21:48 +09:00
Akihiro Suda 1bde5d99d5 massive doc updates
* examples/kubernetes: newly added
* docs/rootless.md: cleaned up for better readability
* examples/README.md: split out from the main README.md
* examples/build-using-dockerfile/README.md: split out from the main README.md
* README.md: add TOC using https://github.com/thlorenz/doctoc
* README.md: add mTLS configuration (relates to #1074)
* README.md: add more adoptions
* README.md: add inline cache (fix #976)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-16 18:55:27 +09:00
Dave Chen 3d0815be33 Add default configuration as a reference
Signed-off-by: Dave Chen <dave.chen@arm.com>
2019-06-06 16:57:23 +08:00
Fernando Miguel c572e1e0ed fix typo
replace with `documentation`

Signed-off-by: Fernando Miguel <github@FernandoMiguel.net>
2019-02-24 18:32:37 +00:00
Akihiro Suda c54f4a986d support --oci-worker-no-process-sandbox
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-01-08 10:42:52 +09:00
Sebastiaan van Stijn bcf8180540
docs: make experimental frontend features better discoverable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-14 12:57:43 +01:00
Akihiro Suda b5003d53eb update docs
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-11-01 16:17:26 +09:00
Akihiro Suda 048130d1d0 simplify rootless
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-16 14:05:58 +09:00
John Howard 2de2c04c8e Revendoring to move boltdb to bbolt
Signed-off-by: John Howard <jhoward@microsoft.com>
2018-09-18 11:18:08 -07:00
Akihiro Suda eebb7428f5 rootless: update docs/rootless.md
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-04 19:27:54 +09:00
Akihiro Suda 18ac6e2d9a test.Dockerfile: new target: "rootless"
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-06-04 23:17:03 +09:00
Akihiro Suda c9c0603847 fix rootless docs
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-06-01 13:04:55 +09:00
Akihiro Suda adef0dedef oci-worker: experimental support for rootless mode
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-31 16:05:13 +09:00
Tonis Tiigi 7a0ab0e8f6 docs: fix typos
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-05-18 18:08:44 -07:00
Tonis Tiigi 439877f59c solver-next: add design doc
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-05-14 09:53:34 -07:00