The `docker-container` driver relies on the default config file location
for buildkit when writing the configuration file. When run in a rootless
version of docker (dind), the default location is different.
Instead of trying to figure out where the appropriate default location
is, this just writes the files to the same location and sets the
`--config` parameter explicitly. This flag is placed first so a
user-specified config option in `--buildkitd-flags` will take precedence
over the implicit config parameter.
This also fixes the `--config` option with the rootless image.
Previously, the config directory was being copied in a way that rendered
`/etc` unreadable and the configuration file wasn't readable either. It
also wasn't copied to the correct place. Now, `--config` is used to
specify the directory, `/etc` isn't included in the copied archive (so
the permissions aren't overwritten), and the directory is set as world
readable to be readable from the rootless buildkit process`.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Adds a new HostGatewayIP entry in the Driver interface so we can
move Features and HostGatewayIP handling with cache to the very
specific driver (docker).
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Fixes the race condition where two boots are executed simultaneously
across multiple processes.
We initially check to see if the container exists, but if during
container creation we get a name conflict, we don't treat this error as
a hard failure, and instead move immediately into waiting for the node
to boot.
Signed-off-by: Justin Chadwell <me@jedevc.com>
This native implementation uses GRPC level waiting, instead of starting
a busy loop. We also a manual max backoff of one second to improve
responsiveness.
Signed-off-by: Justin Chadwell <me@jedevc.com>
There is no reason why one can't make a docker tarball or
load to Docker instance from remote driver.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Replace rules are not inherited by consumers of buildx as a module, and as
such would default to use the v0.26.2 version. Removing the replace rules
also removes various (indirect) dependencies (although brings in some new
packages from k8s itself).
The "azure" and "gcp" authentication packages in k8s.io/go-client are now
no longer functional, so removing those imports.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Buildx currently returns the Docker Engine version for the docker driver
and it can be confusing. This is because BuildKit before 0.11 version does
not support the Info API that returns the BuildKit version.
This change resolves the BuildKit version from the Docker engine one.
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Previously, we would explicitly error if all TLS parameters were not
available. However, it is a perfectly valid use case to connect to a
buildkit server that only provides TLS in one direction to verify the
server (which is possible today with buildctl).
To support this use case, we only need to error if only one of key or
cert is set, and the other is not - if both are unspecified, the client
will not present a certificate to the server.
Signed-off-by: Justin Chadwell <me@jedevc.com>
The error handling for the cast to client.TracerDelegate was incorrect,
and previously, a client would unconditionally append an opt.
This results in the scenario that while the ClientOpt was not nil, the
tracer delegate in the ClientOpt was, which isn't an error case
explicitly handled by buildkit.
Signed-off-by: Justin Chadwell <me@jedevc.com>
This moves the detection of the docker daemon's security options into
the driver from the factory, handling them in a similar way to how we do
cgroups.
Because of recent changes that modify error detection in driver
creation, this attempt to contact the docker daemon during builder
creation meant that a docker-container builder could not be created
without access to the docker socket. This patch resolves this, by
defering the Info call to the driver, when the container is actually
created.
Signed-off-by: Justin Chadwell <me@jedevc.com>
