Complete remote driver

This patch completes the work started in creating a remote driver: - Renames the env driver to the remote driver (an alternative suggestion that should be more user-friendly) - Adds support for TLS to encrypt connections with buildkitd - Fixes outstanding review comments - Reworks the buildx create command endpoint construction to be clearer and include better support for this new driver. Signed-off-by: Justin Chadwell <me@jedevc.com>
2025-07-10 05:27:07 +08:00 · 2022-04-25 11:28:40 +01:00
parent 3dc83e5dd8
commit d7e4affe98
12 changed files with 246 additions and 126 deletions
--- a/driver/docker-container/factory.go
+++ b/driver/docker-container/factory.go
@ -29,7 +29,7 @@ func (*factory) Usage() string {
 	return "docker-container"
 }

-func (*factory) Priority(ctx context.Context, api dockerclient.APIClient) int {
+func (*factory) Priority(ctx context.Context, endpoint string, api dockerclient.APIClient) int {
 	if api == nil {
 		return priorityUnsupported
 	}
--- a/driver/docker/factory.go
+++ b/driver/docker/factory.go
@ -26,7 +26,7 @@ func (*factory) Usage() string {
 	return "docker"
 }

-func (*factory) Priority(ctx context.Context, api dockerclient.APIClient) int {
+func (*factory) Priority(ctx context.Context, endpoint string, api dockerclient.APIClient) int {
 	if api == nil {
 		return priorityUnsupported
 	}
--- a/driver/env/factory.go
+++ b/driver/env/factory.go
@ -1,52 +0,0 @@
-package env
-
-import (
-	"context"
-
-	"github.com/docker/buildx/driver"
-	dockerclient "github.com/docker/docker/client"
-	"github.com/pkg/errors"
-)
-
-const prioritySupported = 50
-const priorityUnsupported = 90
-
-func init() {
-	driver.Register(&factory{})
-}
-
-type factory struct {
-}
-
-func (*factory) Name() string {
-	return "env"
-}
-
-func (*factory) Usage() string {
-	return "env"
-}
-
-func (*factory) Priority(ctx context.Context, api dockerclient.APIClient) int {
-	if api == nil {
-		return priorityUnsupported
-	}
-
-	return prioritySupported
-}
-
-func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver, error) {
-	if len(cfg.Files) > 0 {
-		return nil, errors.Errorf("setting config file is not supported for remote driver")
-	}
-
-	return &Driver{
-		factory:      f,
-		InitConfig:   cfg,
-		BuldkitdAddr: cfg.BuldkitdAddr,
-		BuildkitAPI:  cfg.BuildkitAPI,
-	}, nil
-}
-
-func (f *factory) AllowsInstances() bool {
-	return true
-}
--- a/driver/kubernetes/factory.go
+++ b/driver/kubernetes/factory.go
@ -34,7 +34,7 @@ func (*factory) Usage() string {
 	return DriverName
 }

-func (*factory) Priority(ctx context.Context, api dockerclient.APIClient) int {
+func (*factory) Priority(ctx context.Context, endpoint string, api dockerclient.APIClient) int {
 	if api == nil {
 		return priorityUnsupported
 	}
--- a/driver/manager.go
+++ b/driver/manager.go
@ -11,7 +11,6 @@ import (

 	dockerclient "github.com/docker/docker/client"
 	"github.com/moby/buildkit/client"
-	buildkitclient "github.com/moby/buildkit/client"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
@ -19,7 +18,7 @@ import (
 type Factory interface {
 	Name() string
 	Usage() string
-	Priority(context.Context, dockerclient.APIClient) int
+	Priority(ctx context.Context, endpoint string, api dockerclient.APIClient) int
 	New(ctx context.Context, cfg InitConfig) (Driver, error)
 	AllowsInstances() bool
 }
@ -51,13 +50,11 @@ func (k KubeClientConfigInCluster) Namespace() (string, bool, error) {
 type InitConfig struct {
 	// This object needs updates to be generic for different drivers
 	Name             string
+	EndpointAddr     string
 	DockerAPI        dockerclient.APIClient
 	KubeClientConfig KubeClientConfig
-	BuldkitdAddr     string
-	BuildkitAPI      *buildkitclient.Client
 	BuildkitFlags    []string
 	Files            map[string][]byte
-	Driver           string
 	DriverOpts       map[string]string
 	Auth             Auth
 	Platforms        []specs.Platform
@ -74,7 +71,7 @@ func Register(f Factory) {
 	drivers[f.Name()] = f
 }

-func GetDefaultFactory(ctx context.Context, c dockerclient.APIClient, instanceRequired bool) (Factory, error) {
+func GetDefaultFactory(ctx context.Context, ep string, c dockerclient.APIClient, instanceRequired bool) (Factory, error) {
 	if len(drivers) == 0 {
 		return nil, errors.Errorf("no drivers available")
 	}
@ -87,7 +84,7 @@ func GetDefaultFactory(ctx context.Context, c dockerclient.APIClient, instanceRe
 		if instanceRequired && !f.AllowsInstances() {
 			continue
 		}
-		dd = append(dd, p{f: f, priority: f.Priority(ctx, c)})
+		dd = append(dd, p{f: f, priority: f.Priority(ctx, ep, c)})
 	}
 	sort.Slice(dd, func(i, j int) bool {
 		return dd[i].priority < dd[j].priority
@ -107,16 +104,14 @@ func GetFactory(name string, instanceRequired bool) Factory {
 	return nil
 }

-func GetDriver(ctx context.Context, name string, f Factory, api dockerclient.APIClient, buldkitdAddr string, buildkitAPI *buildkitclient.Client, auth Auth, kcc KubeClientConfig, flags []string, files map[string][]byte, do map[string]string, platforms []specs.Platform, contextPathHash string, driver string) (Driver, error) {
+func GetDriver(ctx context.Context, name string, f Factory, endpointAddr string, api dockerclient.APIClient, auth Auth, kcc KubeClientConfig, flags []string, files map[string][]byte, do map[string]string, platforms []specs.Platform, contextPathHash string) (Driver, error) {
 	ic := InitConfig{
+		EndpointAddr:     endpointAddr,
 		DockerAPI:        api,
 		KubeClientConfig: kcc,
 		Name:             name,
-		BuldkitdAddr:     buldkitdAddr,
-		BuildkitAPI:      buildkitAPI,
 		BuildkitFlags:    flags,
 		DriverOpts:       do,
-		Driver:           driver,
 		Auth:             auth,
 		Platforms:        platforms,
 		ContextPathHash:  contextPathHash,
@ -124,7 +119,7 @@ func GetDriver(ctx context.Context, name string, f Factory, api dockerclient.API
 	}
 	if f == nil {
 		var err error
-		f, err = GetDefaultFactory(ctx, api, false)
+		f, err = GetDefaultFactory(ctx, endpointAddr, api, false)
 		if err != nil {
 			return nil, err
 		}
--- a/driver/remote/driver.go
+++ b/driver/remote/driver.go
@ -1,21 +1,25 @@
-package env
+package remote

 import (
 	"context"
-	"fmt"

 	"github.com/docker/buildx/driver"
 	"github.com/docker/buildx/util/progress"
 	"github.com/moby/buildkit/client"
-	buildkitclient "github.com/moby/buildkit/client"
 	"github.com/pkg/errors"
 )

 type Driver struct {
 	factory driver.Factory
 	driver.InitConfig
-	BuldkitdAddr string
-	BuildkitAPI  *buildkitclient.Client
+	*tlsOpts
+}
+
+type tlsOpts struct {
+	serverName string
+	caCert     string
+	cert       string
+	key        string
 }

 func (d *Driver) Bootstrap(ctx context.Context, l progress.Logger) error {
@ -23,11 +27,7 @@ func (d *Driver) Bootstrap(ctx context.Context, l progress.Logger) error {
 }

 func (d *Driver) Info(ctx context.Context) (*driver.Info, error) {
-	if d.BuldkitdAddr == "" && d.Driver == "env" {
-		return nil, errors.Errorf("buldkitd addr must not be empty")
-	}
-
-	c, err := client.New(ctx, d.BuldkitdAddr)
+	c, err := d.Client(ctx)
 	if err != nil {
 		return nil, errors.Wrapf(driver.ErrNotConnecting, err.Error())
 	}
@ -42,19 +42,29 @@ func (d *Driver) Info(ctx context.Context) (*driver.Info, error) {
 }

 func (d *Driver) Stop(ctx context.Context, force bool) error {
-	return fmt.Errorf("stop command is not implemented for this driver")
+	return nil
 }

 func (d *Driver) Rm(ctx context.Context, force, rmVolume, rmDaemon bool) error {
-	return fmt.Errorf("rm command is not implemented for this driver")
+	return nil
 }

 func (d *Driver) Client(ctx context.Context) (*client.Client, error) {
-	return client.New(ctx, d.BuldkitdAddr, client.WithSessionDialer(d.BuildkitAPI.Dialer()))
+	opts := []client.ClientOpt{}
+	if d.tlsOpts != nil {
+		opts = append(opts, client.WithCredentials(d.tlsOpts.serverName, d.tlsOpts.caCert, d.tlsOpts.cert, d.tlsOpts.key))
+	}
+
+	return client.New(ctx, d.InitConfig.EndpointAddr, opts...)
 }

 func (d *Driver) Features() map[driver.Feature]bool {
-	return map[driver.Feature]bool{}
+	return map[driver.Feature]bool{
+		driver.OCIExporter:    true,
+		driver.DockerExporter: false,
+		driver.CacheExport:    true,
+		driver.MultiPlatform:  true,
+	}
 }

 func (d *Driver) Factory() driver.Factory {
--- a/driver/remote/factory.go
+++ b/driver/remote/factory.go
@ -0,0 +1,115 @@
+package remote
+
+import (
+	"context"
+	"net/url"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"github.com/docker/buildx/driver"
+	dockerclient "github.com/docker/docker/client"
+	"github.com/pkg/errors"
+)
+
+const prioritySupported = 20
+const priorityUnsupported = 90
+
+var schemeRegexp = regexp.MustCompile("^(tcp|unix)://")
+
+func init() {
+	driver.Register(&factory{})
+}
+
+type factory struct {
+}
+
+func (*factory) Name() string {
+	return "remote"
+}
+
+func (*factory) Usage() string {
+	return "remote"
+}
+
+func (*factory) Priority(ctx context.Context, endpoint string, api dockerclient.APIClient) int {
+	if schemeRegexp.MatchString(endpoint) {
+		return prioritySupported
+	}
+	return priorityUnsupported
+}
+
+func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver, error) {
+	if len(cfg.Files) > 0 {
+		return nil, errors.Errorf("setting config file is not supported for remote driver")
+	}
+	if len(cfg.BuildkitFlags) > 0 {
+		return nil, errors.Errorf("setting buildkit flags is not supported for remote driver")
+	}
+
+	d := &Driver{
+		factory:    f,
+		InitConfig: cfg,
+	}
+
+	tls := &tlsOpts{}
+	tlsEnabled := false
+	for k, v := range cfg.DriverOpts {
+		switch k {
+		case "servername":
+			tls.serverName = v
+			tlsEnabled = true
+		case "cacert":
+			if !filepath.IsAbs(v) {
+				return nil, errors.Errorf("non-absolute path '%s' provided for %s", v, k)
+			}
+			tls.caCert = v
+			tlsEnabled = true
+		case "cert":
+			if !filepath.IsAbs(v) {
+				return nil, errors.Errorf("non-absolute path '%s' provided for %s", v, k)
+			}
+			tls.cert = v
+			tlsEnabled = true
+		case "key":
+			if !filepath.IsAbs(v) {
+				return nil, errors.Errorf("non-absolute path '%s' provided for %s", v, k)
+			}
+			tls.key = v
+			tlsEnabled = true
+		default:
+			return nil, errors.Errorf("invalid driver option %s for remote driver", k)
+		}
+	}
+
+	if tlsEnabled {
+		if tls.serverName == "" {
+			// guess servername as hostname of target address
+			uri, err := url.Parse(cfg.EndpointAddr)
+			if err != nil {
+				return nil, err
+			}
+			tls.serverName = uri.Hostname()
+		}
+		missing := []string{}
+		if tls.caCert == "" {
+			missing = append(missing, "cacert")
+		}
+		if tls.cert == "" {
+			missing = append(missing, "cert")
+		}
+		if tls.key == "" {
+			missing = append(missing, "key")
+		}
+		if len(missing) > 0 {
+			return nil, errors.Errorf("tls enabled, but missing keys %s", strings.Join(missing, ", "))
+		}
+		d.tlsOpts = tls
+	}
+
+	return d, nil
+}
+
+func (f *factory) AllowsInstances() bool {
+	return true
+}