Commit Graph

98 Commits (390c6886f4a310af5ee0d45eaab35dc36b21f23e)

Author SHA1 Message Date
Anders F Björklund 4d6a45bfae Isolate systemd user network namespace from host
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
2021-11-19 07:59:19 +01:00
Anders F Björklund 149400aa7e Add systemd support for rootless buildkitd
Also add systemd notify support, for both.

Use proxy and access all, for rootlesskit.

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
2021-11-18 20:34:55 +01:00
CrazyMax 54b8ff2fc8
go fmt: add //go:build
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-10-28 13:26:43 +02:00
Tonis Tiigi ac61da5890 update go to 1.17
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-08-16 19:56:45 -07:00
Anders F Björklund 75d6fc2589 Set default socket permissions to 660
The systemd default is 666, it seems.

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
2021-07-30 13:41:14 +02:00
Tonis Tiigi 9f0236add1 daemonless: wait for daemon to finish before exit
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-07-15 19:38:01 -07:00
Tonis Tiigi e0124e192c llb: add constraints to async llb
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-06-22 21:34:43 -07:00
Sebastiaan van Stijn 22dd74ae93
update to go 1.16
This updates all occurrences of Go 1.13 to Go 1.16; also updated
the code that's used to redact credentials in URLs to use the Go
implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-02 00:31:57 +02:00
Anders F Björklund 0028c5ed7f Add support for fd:// for socket activation
Used go-systemd code from moby/moby daemon

Only added `buildkitd --addr fd://` for now.

Don't do systemd fds for windows buildkitd

Add buildkit systemd units README/examples

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
2020-12-30 16:57:23 +01:00
CrazyMax 072078a403
Add lint
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2020-11-22 18:11:05 +01:00
Tonis Tiigi ecf070a027 exec: use platform specific default path
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-10-23 15:30:23 -07:00
Akihiro Suda d376a39357
buildctl-daemonless.sh: show log on "could not connect to ..."
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-07-24 16:14:59 +09:00
Anurag Goel 3cca542065
Fix shell args expansion in buildctl-daemonless.sh
When the special positional params character isn't enclosed in double
quotes it prevents users from passing in arguments spanning multiple
words. For example, `--opt build-arg:"word1 word2"` fails. Enclosing in
double quotes treats each parameter as a separate word.

More here:
https://tiswww.case.edu/php/chet/bash/bashref.html#index-_0024_0040

Signed-off-by: Anurag Goel <anurag@render.com>
2020-05-21 17:35:39 -07:00
Akihiro Suda 5fd091cedc create-certs.sh: fix a typo
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-05-17 10:23:09 +09:00
Jonathan Azoff f592be2bbc
Allow max retries on socket connect for buildctl
Signed-off-by: Jonathan Azoff <jon@azof.fr>
2020-05-15 00:25:02 -07:00
Tonis Tiigi 1a9d366b49 llb: asyncronous llb graph generation support
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-04-03 14:55:10 -07:00
Tonis Tiigi a60ecfa4ae vendor: restore dependency versions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-24 17:31:01 -08:00
ChaosGramer fe7a49fa09
add readiness and liveness probe as example
Signed-off-by: Jan Vaehsen (Windows) <janvaehsen@trieforce.de>
2019-11-22 18:20:28 +01:00
Akihiro Suda 14d5f06ed2 examples/kubernetes: use Parallel mode for StatefulSet
Parallel mode releaxes the pod creation order constraint.

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#parallel-pod-management

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-11-12 19:24:52 +09:00
Akihiro Suda 1bde5d99d5 massive doc updates
* examples/kubernetes: newly added
* docs/rootless.md: cleaned up for better readability
* examples/README.md: split out from the main README.md
* examples/build-using-dockerfile/README.md: split out from the main README.md
* README.md: add TOC using https://github.com/thlorenz/doctoc
* README.md: add mTLS configuration (relates to #1074)
* README.md: add more adoptions
* README.md: add inline cache (fix #976)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-16 18:55:27 +09:00
Tonis Tiigi ce9dfec05f hack: update containerd daemon
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-09-20 14:59:54 -07:00
Tonis Tiigi b407790852 update containerd daemon to 1.2.7 and old to 1.1.7
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-08-20 17:02:43 -07:00
Ciro S. Costa 437a2d55c1 debug: add `fileop` to `--dot`
Previously, `fileop`s where not included in the set of possible op types
that were treated in the `dot` formatting in `buildctl debug dump-llb`
when using the `--dot` flag.

This commit add support for such fileop, allowing one to see basic
properties associated with the op.

Signed-off-by: Ciro S. Costa <cscosta@pivotal.io>
2019-08-04 16:50:42 -04:00
Tonis Tiigi 96b6a28312 exporter: allow oci exporters visibility to response metadata
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-07-31 10:21:19 -07:00
Akihiro Suda bf220d3915 add buildctl-daemonless.sh
The script spawns ephemeral daemon for "daemonless" UX.

Usage:
  docker run -it --rm  \
  --security-opt seccomp=unconfined --security-opt apparmor=unconfined \
  -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \
  -v /path/to/dir:/tmp/work \
  --entrypoint buildctl-daemonless.sh \
  moby/buildkit:master-rootless \
  build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-05-26 12:39:34 +09:00
Tonis Tiigi dad1297d91 update runc to v1.0.0-rc8
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-05-15 14:22:42 -07:00
Akihiro Suda aa9c666e16 add example/kube-consistent-hash
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-04-23 19:35:29 +09:00
Akihiro Suda a67ba78d9e
Merge pull request #809 from tonistiigi/fileop
llb: fileop implementation
2019-03-18 10:07:10 +09:00
Akihiro Suda cd89a8ce3d go 1.12
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-17 04:38:23 +09:00
Tonis Tiigi 8a4674bab4 fileop: add dockerfile support
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-15 17:49:50 -07:00
Akihiro Suda 5c9f7b8ff0 buildctl: new CLI ("Option C+")
See https://github.com/moby/buildkit/pull/807#issuecomment-468146089

Close #774

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-06 13:20:21 +09:00
Akihiro Suda 05ccbce8f5 bump up runc (CVE-2019-5736)
0a8e4117e7
https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/Tc1ELm-8oDI

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-11 23:41:25 +09:00
Akihiro Suda b42582793a bump up runc
Including critical security fix for `runc run --no-pivot` (unlikely to
affect BuildKit): https://github.com/opencontainers/runc/pull/1962

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-01-15 16:23:21 +09:00
Akihiro Suda 6ed72d683f update containerd to v1.2.1, runc to v1.0.0-rc6
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-12-26 19:48:01 +09:00
Akihiro Suda 7d92f2d6ad buildctl: support --no-cache for Dockerfile frontend
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-30 17:49:36 +09:00
Akihiro Suda 048130d1d0 simplify rootless
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-16 14:05:58 +09:00
Tonis Tiigi fb9e2c1030 vendor: update containerd to v1.2.0-rc.1
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-10-12 15:27:54 -07:00
Tibor Vass 36be95ea0e
Merge pull request #623 from tonistiigi/failfast
buildctl: replace withblock with dial error check
2018-09-17 11:44:57 -07:00
Akihiro Suda bf571a519e update Go to 1.11
For consistency with Moby (moby/moby#37358)

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-09-15 14:25:11 +09:00
Tonis Tiigi 653fb12ecf buildctl: replace withblock with dial error check
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-09-13 17:29:01 -07:00
Akihiro Suda 2fa4c37854 update containerd (binary: v1.1.3, library: Aug 23, 2018)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-08-23 16:21:55 +09:00
Akihiro Suda af46188e9b
Merge pull request #533 from ijc/client-gateway
access gateway API from client
2018-08-17 05:12:23 +09:00
Ian Campbell 5383270387 examples: demonstrate client-side Build() interface.
Adds an option/envvar to `examples/build-using-dockerfile` which uses a client
side instance of the dockerfile frontend.

Signed-off-by: Ian Campbell <ijc@docker.com>
2018-08-14 11:50:08 +01:00
Ian Campbell ccc559bc43 progressui: allow caller to customise "Building" string
In clients which are doinging multiple builds or phases it can be useful to say
something more specific here (e.g. "Building first image", "Probing" etc)

Signed-off-by: Ian Campbell <ijc@docker.com>
2018-08-08 16:29:01 +01:00
Tonis Tiigi b444b9f323 llbsolver: validate runtime platforms for exec op
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-25 10:38:03 -07:00
Ian Campbell 97ffd6cce8 client: take a context.Context to New().
This allows two things:

- The caller to set a shorter timeout than previously hardcoded 30s. In
  `buildctl` reduce the timeout to 5s. Since the existing timeout has gone
  callers will need to arrange to pass one themselves.
- The caller can arrange for the context to be cancelled for other reasons, use
  this in `buildctl` to plumb through the Ctrl-C handling, meaning that
  `buildctl` now exits almost immediately on Ctrl-C instead of after several
  seconds.

Signed-off-by: Ian Campbell <ijc@docker.com>
2018-06-11 14:28:08 +01:00
Tonis Tiigi 39e19516fc progressui: add better streaming text build status
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-06 14:31:42 -07:00
Akihiro Suda 18ac6e2d9a test.Dockerfile: new target: "rootless"
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-06-04 23:17:03 +09:00
Akihiro Suda c12e3170af examples/buildkit*: add libseccomp-dev
libseccomp-dev is required for building containerd:

  > make bin/containerd
  ..
  # pkg-config --cflags libseccomp libseccomp
  Package libseccomp was not found in the pkg-config search path.
  ..

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-17 17:28:08 +09:00
Akihiro Suda 72c08b5cb9 update containerd (binary: v1.1.0, library: May 11, 2018)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-05-11 15:46:15 +09:00