While real overlayfs is available only in Ubuntu and Debian kernels,
fuse-overlayfs is universally available for kernel >= 4.18.
For dockerized deployment, `--device /dev/fuse` needs to be added to
`docker run` flags.
Kubernetes deployment needs a custom device plugin that enables
`/dev/fuse`, e.g. https://github.com/honkiko/k8s-hostdev-plugin
Instead of a device plugin, the device can be also enabled by setting
`securityContext.privileged` to `true`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The check for running as a non-admin euid() doesn't work on Windows,
always returning -1.
For now, treat -1 as "Probably root", and let the failures happen later.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
The same function used to support Unix sockets automatically supports
Named Pipes on Windows.
This makes the default configuration option for the daemon address work
correctly on Windows.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Added a command-line flag (tlsdir) to buildctl that allowed for specifying a directory that contains a ca.pem, cert.pem, and key.pem. This command-line flag acts an alias of --tlscacert, --tlscert, and --tlskey. --tlsdir cannot be used at the same time as those flags, and will cause an error if done. The pkg/errors package has been added to cmd/buildctl/common/common.go to allow for the creation of this error message.
Signed-off-by: Jeffrey Huang <jeffreyhuang23@gmail.com>
To support switching the OCI worker binary via buildkitd and without modifying the Dockerfile, an optional command-line flag was added to main_oci_worker.go that allowed for input the name of an OCI worker binary (ex. crun). This OCI worker binary would then replace the current buildkit-runc with a symbolic link to that binary. The above was done using the os/exec package's Command func.
Signed-off-by: Jeffrey Huang <jeffreyhuang23@gmail.com>
Previously, `fileop`s where not included in the set of possible op types
that were treated in the `dot` formatting in `buildctl debug dump-llb`
when using the `--dot` flag.
This commit add support for such fileop, allowing one to see basic
properties associated with the op.
Signed-off-by: Ciro S. Costa <cscosta@pivotal.io>
This patch allows downstream code to pass a DNSConfig that is
then used by executor/oci.GetResolvConf.
This would allow the BuildKit-based builder in Docker to honor
the docker daemon's DNS configuration, thus fixing a feature gap
with the legacy builder.
Signed-off-by: Tibor Vass <tibor@docker.com>
It is enhancement which allows to unpack image into containerd
snapshotter storage by `--output type=image,<.>=<.>,unpack=true`.
In order to support this feature, we needs to extend the Snapshotter
witwh `Name() string` function. Because we needs to set gc label for
snapshotter which need snapshotter name.
fix: #908
Signed-off-by: Wei Fu <fuweid89@gmail.com>
platforms can still be added but some warning message
will be emitted if the platform cannot pass the validity
check.
Signed-off-by: Dave Chen <dave.chen@arm.com>
Akihiro Suda
Tonis Tiigi
Paul "TBBle" Hampson
Wei Fu
Jeffrey Huang
Nikhil Pandeti
Sam Whited
Michael Crosby
Ciro S. Costa
Tibor Vass
Akihiro Suda
Dave Chen
Akihiro Suda
Kunal Kushwaha
Tibor Vass