docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-05-20 10:27:46 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #2275 from crazy-max/buildkitd-flags-network-mode

Browse Source 
driver: docs to set buildkitd network mode and add tests
This commit is contained in:
Tõnis Tiigi 2024-02-23 13:20:20 -08:00 committed by GitHub
commit fd11d93381
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 115 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/reference/buildx_create.md
View File

@ -90,6 +90,22 @@ configuration file specified by [`--buildkitd-config`](#buildkitd-config). See
--buildkitd-flags '--debug --debugaddr 0.0.0.0:6666' --buildkitd-flags '--debug --debugaddr 0.0.0.0:6666'
``` ```
#### BuildKit daemon network mode
You can specify the network mode for the BuildKit daemon with either the
configuration file specified by [`--buildkitd-config`](#buildkitd-config) using the
`worker.oci.networkMode` option or `--oci-worker-net` flag here. The default
value is `auto` and can be one of `bridge`, `cni`, `host`:
```text
--buildkitd-flags '--oci-worker-net bridge'
```
> **Note**
>
> Network mode "bridge" is supported since BuildKit v0.13 and will become the
> default in next v0.14.
### <a name="driver"></a> Set the builder driver to use (--driver) ### <a name="driver"></a> Set the builder driver to use (--driver)
```text ```text

2
go.mod
View File

@ -24,7 +24,7 @@ require (
github.com/google/uuid v1.5.0 github.com/google/uuid v1.5.0
github.com/hashicorp/go-cty-funcs v0.0.0-20230405223818-a090f58aa992 github.com/hashicorp/go-cty-funcs v0.0.0-20230405223818-a090f58aa992
github.com/hashicorp/hcl/v2 v2.19.1 github.com/hashicorp/hcl/v2 v2.19.1
github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126 // master (v0.13.0-dev) github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2 // master (v0.13.0-dev)
github.com/moby/sys/mountinfo v0.7.1 github.com/moby/sys/mountinfo v0.7.1
github.com/moby/sys/signal v0.7.0 github.com/moby/sys/signal v0.7.0
github.com/morikuni/aec v1.0.0 github.com/morikuni/aec v1.0.0

4
go.sum
View File

@ -320,8 +320,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126 h1:aXdgP8jLyDnKEOXis4Aydp4VlXYpg2loUJarhygTOuU= github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2 h1:e3FYb+yyx1SM1w4Mjn8L9WP5h/6u23P/xCAPZXx4m2Y=
github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126/go.mod h1:XaLDo1L55QqXS/04FE91+mAbwjkr0vZu9g6zZlzvXL8= github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2/go.mod h1:XaLDo1L55QqXS/04FE91+mAbwjkr0vZu9g6zZlzvXL8=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=

54
tests/build.go
View File

@ -5,6 +5,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
"net"
"os" "os"
"path" "path"
"path/filepath" "path/filepath"
@ -15,6 +16,7 @@ import (
"github.com/containerd/containerd/platforms" "github.com/containerd/containerd/platforms"
"github.com/containerd/continuity/fs/fstest" "github.com/containerd/continuity/fs/fstest"
"github.com/creack/pty" "github.com/creack/pty"
"github.com/moby/buildkit/util/appdefaults"
"github.com/moby/buildkit/util/contentutil" "github.com/moby/buildkit/util/contentutil"
"github.com/moby/buildkit/util/testutil" "github.com/moby/buildkit/util/testutil"
"github.com/moby/buildkit/util/testutil/integration" "github.com/moby/buildkit/util/testutil/integration"
@ -48,6 +50,7 @@ var buildTests = []func(t *testing.T, sb integration.Sandbox){
testBuildOCIExportNotSupported, testBuildOCIExportNotSupported,
testBuildMultiPlatformNotSupported, testBuildMultiPlatformNotSupported,
testDockerHostGateway, testDockerHostGateway,
testBuildNetworkModeBridge,
} }
func testBuild(t *testing.T, sb integration.Sandbox) { func testBuild(t *testing.T, sb integration.Sandbox) {
@ -432,3 +435,54 @@ RUN ping -c 1 buildx.host-gateway-ip.local
require.NoError(t, err, string(out)) require.NoError(t, err, string(out))
} }
} }
func testBuildNetworkModeBridge(t *testing.T, sb integration.Sandbox) {
if sb.Name() != "docker" {
t.Skip("skipping test for non-docker workers")
}
var builderName string
t.Cleanup(func() {
if builderName == "" {
return
}
out, err := rmCmd(sb, withArgs(builderName))
require.NoError(t, err, out)
})
// TODO: use stable buildkit image when v0.13.0 released
out, err := createCmd(sb, withArgs("--driver", "docker-container", "--buildkitd-flags=--oci-worker-net=bridge --allow-insecure-entitlement=network.host", "--driver-opt", "image=moby/buildkit:master"))
require.NoError(t, err, out)
builderName = strings.TrimSpace(out)
dockerfile := []byte(`
FROM busybox AS build
RUN ip a show eth0 | awk '/inet / {split($2, a, "/"); print a[1]}' > /ip-bridge.txt
RUN --network=host ip a show eth0 | awk '/inet / {split($2, a, "/"); print a[1]}' > /ip-host.txt
FROM scratch
COPY --from=build /ip*.txt /`)
dir := tmpdir(t, fstest.CreateFile("Dockerfile", dockerfile, 0600))
cmd := buildxCmd(sb, withArgs("build", "--allow=network.host", fmt.Sprintf("--output=type=local,dest=%s", dir), dir))
cmd.Env = append(cmd.Env, "BUILDX_BUILDER="+builderName)
outb, err := cmd.CombinedOutput()
require.NoError(t, err, string(outb))
dt, err := os.ReadFile(filepath.Join(dir, "ip-bridge.txt"))
require.NoError(t, err)
ipBridge := net.ParseIP(strings.TrimSpace(string(dt)))
require.NotNil(t, ipBridge)
_, subnet, err := net.ParseCIDR(appdefaults.BridgeSubnet)
require.NoError(t, err)
require.True(t, subnet.Contains(ipBridge))
dt, err = os.ReadFile(filepath.Join(dir, "ip-host.txt"))
require.NoError(t, err)
ip := net.ParseIP(strings.TrimSpace(string(dt)))
require.NotNil(t, ip)
require.NotEqual(t, ip, ipBridge)
}

31
tests/inspect.go
View File

@ -17,6 +17,7 @@ func inspectCmd(sb integration.Sandbox, opts ...cmdOpt) (string, error) {
var inspectTests = []func(t *testing.T, sb integration.Sandbox){ var inspectTests = []func(t *testing.T, sb integration.Sandbox){
testInspect, testInspect,
testInspectBuildkitdFlags,
} }
func testInspect(t *testing.T, sb integration.Sandbox) { func testInspect(t *testing.T, sb integration.Sandbox) {
@ -47,3 +48,33 @@ func testInspect(t *testing.T, sb integration.Sandbox) {
require.Empty(t, hostGatewayIP, "host-gateway-ip worker label should not be set with non-docker driver") require.Empty(t, hostGatewayIP, "host-gateway-ip worker label should not be set with non-docker driver")
} }
} }
func testInspectBuildkitdFlags(t *testing.T, sb integration.Sandbox) {
if sb.Name() != "docker-container" {
t.Skip("only testing for docker-container driver")
}
var builderName string
t.Cleanup(func() {
if builderName == "" {
return
}
out, err := rmCmd(sb, withArgs(builderName))
require.NoError(t, err, out)
})
out, err := createCmd(sb, withArgs("--driver", "docker-container", "--buildkitd-flags=--oci-worker-net=bridge"))
require.NoError(t, err, out)
builderName = strings.TrimSpace(out)
out, err = inspectCmd(sb, withArgs(builderName))
require.NoError(t, err, out)
for _, line := range strings.Split(out, "\n") {
if v, ok := strings.CutPrefix(line, "BuildKit daemon flags:"); ok {
require.Contains(t, v, "--oci-worker-net=bridge")
return
}
}
require.Fail(t, "--oci-worker-net=bridge not found in inspect output")
}

6
tests/integration.go
View File

@ -47,8 +47,10 @@ func buildxCmd(sb integration.Sandbox, opts ...cmdOpt) *exec.Cmd {
} }
if builder := sb.Address(); builder != "" { if builder := sb.Address(); builder != "" {
cmd.Args = append(cmd.Args, "--builder="+builder) cmd.Env = append(cmd.Env,
cmd.Env = append(cmd.Env, "BUILDX_CONFIG=/tmp/buildx-"+builder) "BUILDX_CONFIG=/tmp/buildx-"+builder,
"BUILDX_BUILDER="+builder,
)
} }
if context := sb.DockerAddress(); context != "" { if context := sb.DockerAddress(); context != "" {
cmd.Env = append(cmd.Env, "DOCKER_CONTEXT="+context) cmd.Env = append(cmd.Env, "DOCKER_CONTEXT="+context)

6
vendor/github.com/moby/buildkit/util/appdefaults/appdefaults.go generated vendored Normal file
View File

@ -0,0 +1,6 @@
package appdefaults
const (
BridgeName = "buildkit0"
BridgeSubnet = "10.10.0.0/16"
)

2
vendor/modules.txt vendored
View File

@ -509,7 +509,7 @@ github.com/mitchellh/mapstructure
# github.com/mitchellh/reflectwalk v1.0.2 # github.com/mitchellh/reflectwalk v1.0.2
## explicit ## explicit
github.com/mitchellh/reflectwalk github.com/mitchellh/reflectwalk
# github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126 # github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2
## explicit; go 1.21 ## explicit; go 1.21
github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/services/control
github.com/moby/buildkit/api/types github.com/moby/buildkit/api/types