Skip to content

Commit

Permalink
Add flag to allow setting --ignore-var-run to false (#191)
Browse files Browse the repository at this point in the history 
* add include-var-run option to set ignore-var-run flag

* fix boolean flag name

* flip include-var-run to ignore-var-run
  • Loading branch information
@zahradtj
zahradtj authored Mar 28, 2024
1 parent 34c1b6d commit a506d17
Show file tree
Hide file tree
Showing 5 changed files with 283 additions and 101 deletions.
69 changes: 35 additions & 34 deletions DOCS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,40 +241,41 @@ steps:
The following parameters are used to configure the image:

| Name | Description | Required | Default | Environment Variables |
| ---------------------- | ----------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | ----------------------------------------------------------------- |
| `auto_tag` | enables automatic tagging of images (tag or sha, and `latest`) | `false` | `false` | `PARAMETER_AUTO_TAG`<br>`KANIKO_AUTO_TAG` |
| `build_args` | variables passed to image at build-time | `false` | `N/A` | `PARAMETER_BUILD_ARGS`<br>`KANIKO_BUILD_ARGS` |
| `cache` | enable caching of image layers | `false` | `false` | `PARAMETER_CACHE`<br>`KANIKO_CACHE` |
| `cache_repo` | specific repo to enable caching for | `false` | `N/A` | `PARAMETER_CACHE_REPO`<br>`KANIKO_CACHE_REPO` |
| `compression` | compression to use (`gzip` or `zstd` - kaniko uses `gzip` if not defined) | `false` | `N/A` | `PARAMETER_COMPRESSION`<br>`KANIKO_COMPRESSION` |
| `compression_level` | compression level to use (1 - 9, inclusive) | `false` | `N/A` | `PARAMETER_COMPRESSION_LEVEL`<br>`KANIKO_COMPRESSION_LEVEL` |
| `context` | path to context for building the image | `true` | `.` | `PARAMETER_CONTEXT`<br>`KANIKO_CONTEXT` |
| `dockerfile` | path to the file for building the image | `true` | `Dockerfile` | `PARAMETER_DOCKERFILE`<br>`KANIKO_DOCKERFILE` |
| `dry_run` | enable building the image without publishing | `false` | `false` | `PARAMETER_DRY_RUN`<br>`KANIKO_DRY_RUN` |
| `event` | event generated for build | `true` | **set by Vela** | `PARAMETER_EVENT`<br>`KANIKO_EVENT`<br>`VELA_BUILD_EVENT` |
| `force_build_metadata` | enable force adding metadata layers to build image | `false` | `false` | `PARAMETER_FORCE_BUILD_METADATA`<br>`KANIKO_FORCE_BUILD_METADATA` |
| `repo_topics_filter` | regex expression to filter out repository topics | `false` | `empty slice` | `PARAMETER_REPO_TOPICS_FILTER`<br>`KANIKO_REPO_TOPICS_FILTER` |
| `labels` | unique labels to add to the image | `false` | `N/A` | `PARAMETER_LABELS`<br>`KANIKO_LABELS` |
| `log_level` | set the log level for the plugin | `true` | `info` | `PARAMETER_LOG_LEVEL`<br>`KANIKO_LOG_LEVEL` |
| `mirror` | name of the mirror registry to use | `false` | `N/A` | `PARAMETER_MIRROR`<br>`KANIKO_MIRROR` |
| `password` | password for communication with the registry | `true` | `N/A` | `PARAMETER_PASSWORD`<br>`KANIKO_PASSWORD`<br>`DOCKER_PASSWORD` |
| `push_retry` | number of retries for pushing an image to a remote destination | `false` | `0` | `PARAMETER_PUSH_RETRY`<br>`KANIKO_PUSH_RETRY` |
| `registry` | name of the registry for the repository | `true` | `index.docker.io` | `PARAMETER_REGISTRY`<br>`KANIKO_REGISTRY` |
| `repo` | name of the repository for the image | `true` | `N/A` | `PARAMETER_REPO`<br>`KANIKO_REPO` |
| `sha` | SHA-1 hash generated for commit | `true` | **set by Vela** | `PARAMETER_SHA`<br>`KANIKO_SHA`<br>`VELA_BUILD_COMMIT` |
| `use_new_run` | use experimental run implementation for detecting changes without requiring file system snapshots | `false` | `false` | `PARAMETER_USE_NEW_RUN`<br>`KANIKO_USE_NEW_RUN` |
| `single_snapshot` | takes a single snapshot of the filesystem at the end of the build, so only one layer will be appended to the base image | `false` | `false` | `PARAMETER_SINGLE_SNAPSHOT`<br>`KANIKO_SINGLE_SNAPSHOT` |
| `snapshot_mode` | control how to snapshot the filesystem. - options: `full`, `redo`, or `time` | `false` | `N/A` | `PARAMETER_SNAPSHOT_MODE`<br>`KANIKO_SNAPSHOT_MODE` |
| `tag` | tag generated for build | `false` | **set by Vela** | `PARAMETER_TAG`<br>`KANIKO_TAG`<br>`VELA_BUILD_TAG` |
| `tags` | unique tags of the image | `true` | `latest` | `PARAMETER_TAGS`<br>`KANIKO_TAGS` |
| `tar_path` | save the image as a tarball at path | `false` | `N/A` | `PARAMETER_TAR_PATH`<br>`KANIKO_TAR_PATH` |
| `target` | set the target build stage for the image | `false` | `N/A` | `PARAMETER_TARGET`<br>`KANIKO_TARGET` |
| `username` | user name for communication with the registry | `true` | `N/A` | `PARAMETER_USERNAME`<br>`KANIKO_USERNAME`<br>`DOCKER_USERNAME` |
| `custom_platform` | set the custom platform for the image | `false` | `N/A` | `PARAMETER_CUSTOM_PLATFORM`<br>`KANIKO_CUSTOM_PLATFORM` |
| `insecure_registries` | insecure docker registries to push or pull to/from | `false` | `empty slice` | `PARAMETER_INSECURE_REGISTRIES`<br>`KANIKO_INSECURE_REGISTRIES` |
| `insecure_pull` | enable pulling from any insecure registry | `false` | `false` | `PARAMETER_INSECURE_PULL`<br>`KANIKO_INSECURE_PULL` |
| `insecure_push` | enable pushing to any insecure registry | `false` | `false` | `PARAMETER_INSECURE_PUSH`<br>`KANIKO_INSECURE_PUSH` |
| Name | Description | Required | Default | Environment Variables |
|------------------------|-------------------------------------------------------------------------------------------------------------------------| -------- |-------------------|---------------------------------------------------------------------------------|
| `auto_tag` | enables automatic tagging of images (tag or sha, and `latest`) | `false` | `false` | `PARAMETER_AUTO_TAG`<br>`KANIKO_AUTO_TAG` |
| `build_args` | variables passed to image at build-time | `false` | `N/A` | `PARAMETER_BUILD_ARGS`<br>`KANIKO_BUILD_ARGS` |
| `cache` | enable caching of image layers | `false` | `false` | `PARAMETER_CACHE`<br>`KANIKO_CACHE` |
| `cache_repo` | specific repo to enable caching for | `false` | `N/A` | `PARAMETER_CACHE_REPO`<br>`KANIKO_CACHE_REPO` |
| `compression` | compression to use (`gzip` or `zstd` - kaniko uses `gzip` if not defined) | `false` | `N/A` | `PARAMETER_COMPRESSION`<br>`KANIKO_COMPRESSION` |
| `compression_level` | compression level to use (1 - 9, inclusive) | `false` | `N/A` | `PARAMETER_COMPRESSION_LEVEL`<br>`KANIKO_COMPRESSION_LEVEL` |
| `context` | path to context for building the image | `true` | `.` | `PARAMETER_CONTEXT`<br>`KANIKO_CONTEXT` |
| `dockerfile` | path to the file for building the image | `true` | `Dockerfile` | `PARAMETER_DOCKERFILE`<br>`KANIKO_DOCKERFILE` |
| `dry_run` | enable building the image without publishing | `false` | `false` | `PARAMETER_DRY_RUN`<br>`KANIKO_DRY_RUN` |
| `event` | event generated for build | `true` | **set by Vela** | `PARAMETER_EVENT`<br>`KANIKO_EVENT`<br>`VELA_BUILD_EVENT` |
| `force_build_metadata` | enable force adding metadata layers to build image | `false` | `false` | `PARAMETER_FORCE_BUILD_METADATA`<br>`KANIKO_FORCE_BUILD_METADATA` |
| `repo_topics_filter` | regex expression to filter out repository topics | `false` | `empty slice` | `PARAMETER_REPO_TOPICS_FILTER`<br>`KANIKO_REPO_TOPICS_FILTER` |
| `ignore_var_run` | sets `--ignore-var-run` kaniko flag to control whether /var/run is included in image snapshot | `false` | `true` | `PARAMETER_IGNORE_VAR_RUN`<br>`KANIKO_IGNORE_VAR_RUN`<br>`VELA_IGNORE_VAR_RUN` |
| `labels` | unique labels to add to the image | `false` | `N/A` | `PARAMETER_LABELS`<br>`KANIKO_LABELS` |
| `log_level` | set the log level for the plugin | `true` | `info` | `PARAMETER_LOG_LEVEL`<br>`KANIKO_LOG_LEVEL` |
| `mirror` | name of the mirror registry to use | `false` | `N/A` | `PARAMETER_MIRROR`<br>`KANIKO_MIRROR` |
| `password` | password for communication with the registry | `true` | `N/A` | `PARAMETER_PASSWORD`<br>`KANIKO_PASSWORD`<br>`DOCKER_PASSWORD` |
| `push_retry` | number of retries for pushing an image to a remote destination | `false` | `0` | `PARAMETER_PUSH_RETRY`<br>`KANIKO_PUSH_RETRY` |
| `registry` | name of the registry for the repository | `true` | `index.docker.io` | `PARAMETER_REGISTRY`<br>`KANIKO_REGISTRY` |
| `repo` | name of the repository for the image | `true` | `N/A` | `PARAMETER_REPO`<br>`KANIKO_REPO` |
| `sha` | SHA-1 hash generated for commit | `true` | **set by Vela** | `PARAMETER_SHA`<br>`KANIKO_SHA`<br>`VELA_BUILD_COMMIT` |
| `use_new_run` | use experimental run implementation for detecting changes without requiring file system snapshots | `false` | `false` | `PARAMETER_USE_NEW_RUN`<br>`KANIKO_USE_NEW_RUN` |
| `single_snapshot` | takes a single snapshot of the filesystem at the end of the build, so only one layer will be appended to the base image | `false` | `false` | `PARAMETER_SINGLE_SNAPSHOT`<br>`KANIKO_SINGLE_SNAPSHOT` |
| `snapshot_mode` | control how to snapshot the filesystem. - options: `full`, `redo`, or `time` | `false` | `N/A` | `PARAMETER_SNAPSHOT_MODE`<br>`KANIKO_SNAPSHOT_MODE` |
| `tag` | tag generated for build | `false` | **set by Vela** | `PARAMETER_TAG`<br>`KANIKO_TAG`<br>`VELA_BUILD_TAG` |
| `tags` | unique tags of the image | `true` | `latest` | `PARAMETER_TAGS`<br>`KANIKO_TAGS` |
| `tar_path` | save the image as a tarball at path | `false` | `N/A` | `PARAMETER_TAR_PATH`<br>`KANIKO_TAR_PATH` |
| `target` | set the target build stage for the image | `false` | `N/A` | `PARAMETER_TARGET`<br>`KANIKO_TARGET` |
| `username` | user name for communication with the registry | `true` | `N/A` | `PARAMETER_USERNAME`<br>`KANIKO_USERNAME`<br>`DOCKER_USERNAME` |
| `custom_platform` | set the custom platform for the image | `false` | `N/A` | `PARAMETER_CUSTOM_PLATFORM`<br>`KANIKO_CUSTOM_PLATFORM` |
| `insecure_registries` | insecure docker registries to push or pull to/from | `false` | `empty slice` | `PARAMETER_INSECURE_REGISTRIES`<br>`KANIKO_INSECURE_REGISTRIES` |
| `insecure_pull` | enable pulling from any insecure registry | `false` | `false` | `PARAMETER_INSECURE_PULL`<br>`KANIKO_INSECURE_PULL` |
| `insecure_push` | enable pushing to any insecure registry | `false` | `false` | `PARAMETER_INSECURE_PUSH`<br>`KANIKO_INSECURE_PUSH` |

## Template

Expand Down
2 changes: 2 additions & 0 deletions cmd/vela-kaniko/build.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ type Build struct {
TarPath string
// https://github.com/GoogleContainerTools/kaniko#flag---single-snapshot
SingleSnapshot bool
// https://github.com/GoogleContainerTools/kaniko#flag---ignore-var-run
IgnoreVarRun bool
}

// SnapshotModeValues represents the available options for setting a snapshot mode.
Expand Down
8 changes: 8 additions & 0 deletions cmd/vela-kaniko/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,13 @@ func main() {
Name: "build.single_snapshot",
Usage: "takes a single snapshot of the filesystem at the end of the build, so only one layer will be appended to the base image",
},
&cli.BoolFlag{
EnvVars: []string{"PARAMETER_IGNORE_VAR_RUN", "KANIKO_IGNORE_VAR_RUN", "VELA_IGNORE_VAR_RUN"},
FilePath: "/vela/parameters/kaniko/ignore_var_run,/vela/secrets/kaniko/ignore_var_run",
Name: "build.ignore_var_run",
Usage: "By default Kaniko ignores /var/run when taking image snapshot. Include this parameter to preserve /var/run/* in destination image.",
Value: true,
},

// Image Flags

Expand Down Expand Up @@ -344,6 +351,7 @@ func run(c *cli.Context) error {
UseNewRun: c.Bool("build.use_new_run"),
TarPath: c.String("build.tar_path"),
SingleSnapshot: c.Bool("build.single_snapshot"),
IgnoreVarRun: c.Bool("build.ignore_var_run"),
},
// image configuration
Image: &Image{
Expand Down
6 changes: 4 additions & 2 deletions cmd/vela-kaniko/plugin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ import (
"fmt"
"os/exec"
"regexp"

"github.com/spf13/afero"
"strconv"

"github.com/sirupsen/logrus"
"github.com/spf13/afero"
)

var (
Expand Down Expand Up @@ -63,6 +63,8 @@ func (p *Plugin) Command() *exec.Cmd {
flags = append(flags, "--single-snapshot")
}

flags = append(flags, fmt.Sprintf("--ignore-var-run=%s", strconv.FormatBool(p.Build.IgnoreVarRun)))

// iterate through all image build args
for _, arg := range p.Image.Args {
// add flag for build args from provided image build arg
Expand Down
Loading

0 comments on commit a506d17

Please sign in to comment.