-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kaniko should exit immediately on multi-stage builds if --cache-copy-layers=true
#2065
Comments
Sad, we use this feature. I emulate
|
@baznikin Can you explain more? It looks like you want to copy a bunch of files, but exclude the On a separate note, when you say "we use this feature" can you say more about like how long you've been using this & at what scale? The reason is that I & others have experienced very severe bugs related to allowing Also, leaving aside the are-we-actually-getting-correct-builds issue aside, keep in mind that we're talking about caching here, so there's no reason you can't just stop using |
@dradetsky what I believe @baznikin is saying is that because That said, I agree with you that the correctness aspect is more important than any performance gain. |
@pharaujo is right, it is because of lack of Full Dockerfile was like this, it is actually 3 stage build. Repository is monorepo used to build 2 different images. Final stage used to make thinner image. Because of disabled COPY caching there were significant rebuild every time. However I do not see such behavior now, with
|
@pharaujo @baznikin It sounds like the real issue is that Kaniko doesn't actually support the @baznikin FWIW, while I hate to say "well just don't do that" when someone says what he wants to do with his computer on his project, it's worth pointing out that while nodejs in containers does tend to create massive As I implied above, the people who make container tooling tend to be golang people, and in golang land, the normal thing to do is compile your code into one (or maybe a few) binaries, and then do something like
In this case, it makes no sense to cache the copy layer, since all it does is cause you to store the binary you're going to copy to your runtime image twice. It's not like it's any faster to copy the file from the last cache layer of the build image than from the copy layer of the runtime image. So basically, it makes sense that they didn't put a ton of effort into making copy layer caching work correctly. Obviouisly, for container tooling which is meant to be language-agnostic, this is a mistake, and copy layer caching does make sense for people developing for nodejs. But on the other hand, if as a nodejs developer you have the opportunity to make your build process look more like the typical golang build process (by using a bundler), this may lead to better results with less effort. |
I should have made this more clear above, but: I don't actually know whether Kaniko supports Even better would be to contribute a (broken) integration test which asserts that kaniko does handle |
Nevermind, the meaning of the In light of that, the command |
Dockerfile COPY syntax doesn't support such globbing, it is mentioned as
bash-style reference; Bash supports such globs and does exactly what I need
- copy only package.json files while keeping directory structure. I use it
to cache `yarn install` results (i.e. if no packages.json changed - do not
re-run `yarn install).
вс, 16 окт. 2022 г. в 03:53, dmr ***@***.***>:
… Nevermind, the meaning of the ** syntax I was referring to is
dockerignore syntax, not copy syntax. I got confused.
In light of that, the command COPY monorepo/**/package.json ./ makes no
sense; it's like saying "find every package.json file under monorepo or
its subdirs, and then copy them all to ./ (whereupon they will overwrite
one another in turn, and the final file obtained will depend on how fs
subdir recursion is implemented). However, if you add
monorepo/**/package.json to your dockerignore, then just COPY monorepo ./
should do what you want. I think. Something like that.
—
Reply to this email directly, view it on GitHub
<#2065 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABHROZVKFCUD6EUNTSPULNTWDM7XBANCNFSM5UQ4UIIA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I'm not sure I understand/agree, but either way if kaniko's |
Hi @dradetsky thank you very much for this. You did.
Thank you so much for this explanation, really. It makes a lot of sense now. Just a follow up: we agree that this is a bug, and you gave a good theory as to why fixing it has not been seen as a priority. However, I was wondering: is it hard to fix? do you have any idea what is the cause of the bug? maybe it's actually fixable fairly easily? |
The issue is that all subsequent Dockerfile commands are not cached after |
This is a Feature Request, I guess, but you don't have a template for that.
As I understand it, Kaniko does not properly support caching copy layers in multi-stage, and supporting this is not a priority. For example, #1244 has been open since May 2020, and in
v1.2.0
, Kaniko actually dropped support for caching copy layers, although it later added it back.I'm not suggesting that supporting this should be a priority. However, given the severity of the issues that can result from this, I think it would be a really, really good idea to just add a startup check where if
opts.CacheCopyLayers
is truewe immediately exit & print "Kaniko does not support caching copy layers in multi-stage builds" or something.
In my own case, we had tons of developers coming to us saying "I pushed new code, the new code got built, but it's still running the old code. What's going on?" My boss thought that Kaniko must just be a broken, immature project & told me to migrate us to buildkit ASAP. Fortunately, I figured out what was going on, which was good because buildkit had all sorts of other issues for our setup. I'd much rather be using Kaniko with
--cache-copy-layers=false
.I realize that for a lot of potential users, caching copy layers isn't something that even makes sense in the first place, and they'll probably just leave it off if they notice it in the first place. However, some users who know that in their particular case they have a lot of expensive COPY operations (say, they get Dockerfiles from node.js developers who don't do any kind of bundling of their backend apps) will see that there's an flag
--cache-copy-layers
and assume it just works as advertised. They won't ask themselves if it works in combination with multi-stage builds because those are just a Dockerfile best practice; mentally they will equate "works with multi-stage builds" with "works with Dockerfiles." They'll roll it out and nobody will notice any issues until weeks later, and it'll take even longer to make the connection. This is extremely poor developer UX.Anyway, it's too late to save me & my organization from this pain, but maybe we can save others.
I'd contribute a PR, but
But I might if this is favorably received & I'm not too busy at work
The text was updated successfully, but these errors were encountered: