From b3df7ec55b1e9551f35a4ea77b0425d926fb8a96 Mon Sep 17 00:00:00 2001
From: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
Date: Thu, 26 Jan 2023 17:58:10 +0100
Subject: [PATCH] Update 0034-build-docker-with-kaniko.md

---
 docs/adrs/0034-build-docker-with-kaniko.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/adrs/0034-build-docker-with-kaniko.md b/docs/adrs/0034-build-docker-with-kaniko.md
index e262b81..bac5bea 100644
--- a/docs/adrs/0034-build-docker-with-kaniko.md
+++ b/docs/adrs/0034-build-docker-with-kaniko.md
@@ -1,6 +1,6 @@
 # ADR 0034: Build container-action Dockerfiles with Kaniko
 
-**Date**: 2023-01-09
+**Date**: 2023-01-26
 
 **Status**: In Progress
 
@@ -19,6 +19,15 @@ Whether using dind/docker-in-docker sidecar or Kaniko, in this ADR I will refer
 - **Feature parity with Docker:** Any 'Dockerfile' that can be built with vanilla Docker should also be possible to build using a Kaniko build container
 - **Ease of Use:** The customer should be able to build and push Docker images with minimal configuration
 
+## Limitations
+
+### User provided registry
+The user needs to provide a a remote registry (like ghcr.io or dockerhub) and credentials, for the Kaniko builder container to push to and k8s to pull from later. This is the user's responsiblity so that our solution remains lightweight and generic.
+- Alternatively, a user-managed local Docker Registry within the k8s cluster can of course be used instead
+
+### Kaniko feature limit
+Anything Kaniko can't do we'll be by definition unable to help with. Potential incompatibilities / inconsistencies between Docker and Kaniko will naturally be inherited by our solution.
+
 ## Interface
 The user will set `containerMode:kubernetes`, because this is a change to the behaviour of our k8s hooks
 
@@ -50,9 +59,6 @@ As an example, a cluster local docker registry could be a long running pod expos
 The Kaniko builder pod would push to `my-local-registry.default.svc.cluster.local:12345/foohandle`. (`ACTIONS_RUNNER_CONTAINER_HOOKS_K8S_REGISTRY_HOST_PUSH`)
 This URL cannot be resolved by the kubelet to pull the image, so we need a secondary URL to pull it - in this case, using the NodePort, this URL is localhost:NODEPORT/foohandle. (`ACTIONS_RUNNER_CONTAINER_HOOKS_K8S_REGISTRY_HOST_PULL)
 
-## Limitations
-- The user needs to provide a local Docker Registry within the k8s cluster or config for a remote registry (like ghcr or dockerhub)
-- Potential incompatibilities / inconsistencies between Docker and Kaniko, none is known at this time
 
 ## Consequences
 - Users build container-actions with a local Dockerfile in their k8s cluster without a privileged docker builder container