actions/runner-container-hooks
1
0
Fork 0
mirror of https://github.com/actions/runner-container-hooks.git synced 2025-12-17 18:26:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 0034-build-docker-with-kaniko.md

Browse Source
This commit is contained in:
Ferenc Hammerl
2023-01-26 17:58:10 +01:00
committed by GitHub
parent 16276a2a22
commit b3df7ec55b
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/adrs/0034-build-docker-with-kaniko.md
View File

@@ -1,6 +1,6 @@
# ADR 0034: Build container-action Dockerfiles with Kaniko
**Date**: 2023-01-09
**Date**: 2023-01-26
**Status**: In Progress
@@ -19,6 +19,15 @@ Whether using dind/docker-in-docker sidecar or Kaniko, in this ADR I will refer
- **Feature parity with Docker:** Any 'Dockerfile' that can be built with vanilla Docker should also be possible to build using a Kaniko build container
- **Ease of Use:** The customer should be able to build and push Docker images with minimal configuration
## Limitations
### User provided registry
The user needs to provide a a remote registry (like ghcr.io or dockerhub) and credentials, for the Kaniko builder container to push to and k8s to pull from later. This is the user's responsiblity so that our solution remains lightweight and generic.
- Alternatively, a user-managed local Docker Registry within the k8s cluster can of course be used instead
### Kaniko feature limit
Anything Kaniko can't do we'll be by definition unable to help with. Potential incompatibilities / inconsistencies between Docker and Kaniko will naturally be inherited by our solution.
## Interface
The user will set `containerMode:kubernetes`, because this is a change to the behaviour of our k8s hooks
@@ -50,9 +59,6 @@ As an example, a cluster local docker registry could be a long running pod expos
The Kaniko builder pod would push to `my-local-registry.default.svc.cluster.local:12345/foohandle`. (`ACTIONS_RUNNER_CONTAINER_HOOKS_K8S_REGISTRY_HOST_PUSH`)
This URL cannot be resolved by the kubelet to pull the image, so we need a secondary URL to pull it - in this case, using the NodePort, this URL is localhost:NODEPORT/foohandle. (`ACTIONS_RUNNER_CONTAINER_HOOKS_K8S_REGISTRY_HOST_PULL)
## Limitations
- The user needs to provide a local Docker Registry within the k8s cluster or config for a remote registry (like ghcr or dockerhub)
- Potential incompatibilities / inconsistencies between Docker and Kaniko, none is known at this time
## Consequences
- Users build container-actions with a local Dockerfile in their k8s cluster without a privileged docker builder container