QEMU usermode emulation is robust enough for running `apk add --no-cache
git xz`, so can we can safely remove the pre-built git stage.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Currently moby/buildkit image misses fuse dependency (fusermount) so currently
stargz support doesn't work on that image. This commit fixes this issue.
Signed-off-by: ktock <ktokunaga.mail@gmail.com>
Current stargz snapshotter pkg doesn't contain registry configuration and the
client of that pkg needs to pass it to that pkg. So this commit includes changes
of propagating buildkitd's registry configuration to stargz snapshotter.
But this is a partial integration of registry logic between buildkitd and stargz
snapshotter because buildkitd's session-based authentication logic is still not
applied to stargz snapshotter. This means private images that require
`~/.docker/config.json` creds can't be lazily pulled yet.
Signed-off-by: ktock <ktokunaga.mail@gmail.com>
This is the shim used by the containerd Runtime V1 on Linux,
which was the default under containerd 1.2 and earlier.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This is the shim used by the containerd Runtime V2 on Linux, per the
default setting of `io.containerd.runc.v2`.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
* Existing releases v0.3.0...v0.7.1 use newuidmap dynamically linked with musl
* #1405 attempted to link newuidmap statically with glibc, but it was actually dynamically linked by accident and was never used as the external base.
Switching from musl (Alpine) to glibc (Debian) is just because we don't have `cross.sh` for Alpine.
We could fix the script to link the binary statically, but statically linked binary doesn't work on Alpine because of "Cannot determine your user name." error.
* This commit reverts #1405 for newuidmap, and build the stage with `--platform=$TARGETPLATFORM`.
In future we should port over `cross.sh` to Alpine and use `--platform=$BUILDPLATFORM`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages .
By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install.
This results in smaller downloads and installation of packages .
Refer to blog at [Ubuntu Blog](https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends) .
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
While real overlayfs is available only in Ubuntu and Debian kernels,
fuse-overlayfs is universally available for kernel >= 4.18.
For dockerized deployment, `--device /dev/fuse` needs to be added to
`docker run` flags.
Kubernetes deployment needs a custom device plugin that enables
`/dev/fuse`, e.g. https://github.com/honkiko/k8s-hostdev-plugin
Instead of a device plugin, the device can be also enabled by setting
`securityContext.privileged` to `true`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Tonis Tiigi
Akihiro Suda
ktock
Cory Bennett
Paul "TBBle" Hampson
Sam Whited
Pratik Raj