Experimental BuildKit support #37151
Conversation
| var _ snapshot.SnapshotterBase = &snapshotter{} | ||
|
|
||
| // NewSnapshotter creates a new snapshotter | ||
| func NewSnapshotter(opt Opt) (snapshot.SnapshotterBase, error) { |
There was a problem hiding this comment.
Can we split this to a separate package that wraps Moby graphdriver as a containerd snapshotter?
cc @dmcgowan
There was a problem hiding this comment.
Currently, the issue is that containerd mounts are stateless while some graphdrives can't produce stateless mounts. @dmcgowan has a plan for that for Moby integration that is somewhat similar to the buildkit/snapshot.Mountable abstraction.
| @@ -0,0 +1,179 @@ | |||
| package containerimage | |||
There was a problem hiding this comment.
Can we dedupe writer.go with https://github.com/moby/buildkit/blob/master/exporter/containerimage/writer.go via some util pkg?
There was a problem hiding this comment.
The reason I couldn't use it directly was that buildkit uses the blobsum-diffid pairs here while Moby doesn't yet have an understanding of managing layer blobs. But with a careful refactor, some parts of it can definitely be shared.
| BuilderV1 BuilderVersion = "1" | ||
| // BuilderBuildKit is builder based on moby/buildkit project | ||
| BuilderBuildKit = "2" | ||
| ) |
There was a problem hiding this comment.
Nit: can we just use strings rather than numbers? e.g. legacy and buildkit
There was a problem hiding this comment.
@AkihiroSuda I don't like the word legacy (which is what it was initially). With all the respect I have for buildkit, with time everything becomes legacy and eventually you'll have to differentiate between legacy legacy and legacy. This problem is solved with versions, so I believe it's a better tradeoff this way. Happy to hear your concerns though.
api/types/client.go
Outdated
| @@ -181,8 +181,20 @@ type ImageBuildOptions struct { | |||
| Target string | |||
| SessionID string | |||
| Platform string | |||
| Version BuilderVersion | |||
| BuildID string | |||
There was a problem hiding this comment.
On high level, definitely Design LGTM 😻
In this PR it seems it's not possible to choose a different frontend yet right ? if yes, is it something we plan to allow before going out of experimental ?
I see the gateway.v0 frontend is there so it seems it's already possible to use custom images as frontend (which is awesome 💓) but I'm not sure how to specify it from the API standpoint.
Also, should we open a PR in docker/cli to discuss the cli design in parallel ; and also easily have a docker binary built to make manual testing easier (without having to clone and build the cli)
Custom Dockerfile implementations can be used with a Dockerfile directive moby/buildkit#384 but generic frontends (or raw LLB) is not currently enabled in HTTP API. As this would be a new feature, it probably makes sense to do discuss/PR that separately. It may definitely happen in experimental is maintainers agree.
There's still some cleanup stuff that needs to happen there. You can expect a PR early next week. |
Codecov Report
@@ Coverage Diff @@
## master #37151 +/- ##
=========================================
Coverage ? 35.33%
=========================================
Files ? 609
Lines ? 45000
Branches ? 0
=========================================
Hits ? 15901
Misses ? 26947
Partials ? 2152 |
|
Design LGTM |
tonistiigi
force-pushed
the
experimental-buildkit
branch
from
3a6c7d4 to
71b7cd5
Compare
tonistiigi
force-pushed
the
experimental-buildkit
branch
2 times, most recently
from
4937e74 to
b00dc69
Compare
| @@ -131,7 +135,7 @@ github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b65068 | |||
| golang.org/x/crypto 1a580b3eff7814fc9b40602fd35256c63b50f491 | |||
| golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb | |||
| github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad | |||
| github.com/hashicorp/go-immutable-radix 8e8ed81f8f0bf1bdd829593fdd5c29922c1ea990 | |||
| github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git | |||
There was a problem hiding this comment.
Is this something we can upstream? I didn't see a pull request; https://github.com/hashicorp/go-immutable-radix/pulls (looks like its this change; tonistiigi/go-immutable-radix@826af9c)
There was a problem hiding this comment.
Not sure if they are interested and the project isn't very active. I can make a proper fork if needed (although we use this project for swarmkit as well). There is no functionality divergence, just an extra method that is only used by buildkit.
There was a problem hiding this comment.
We could try if they accept the PR, then we'd be set (unless we think we'll be adding more features and a fork would help)
There was a problem hiding this comment.
Ok, I'll make sure to do that and replace if it gets merged
vendor.conf
Outdated
| @@ -31,6 +31,10 @@ github.com/moby/buildkit 43e758232a0ac7d50c6a11413186e16684fc1e4f | |||
| github.com/tonistiigi/fsutil dc68c74458923f357474a9178bd198aa3ed11a5f | |||
| github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 | |||
| github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 | |||
| github.com/google/shlex 6f45313302b9c56850fc17f99e40caebce98c716 | |||
| github.com/opentracing-contrib/go-stdlib b1a47cfbdd7543e70e9ef3e73d0802ad306cc1cc | |||
| github.com/BurntSushi/locker a6e239ea1c69bff1cfdb20c4b73dadf52f784b6a | |||
There was a problem hiding this comment.
This is using UNLICENSE; looks like that could have some implications (but IANAL); https://softwareengineering.stackexchange.com/a/147120, docopt/docopt.rs#1
|
It's really unfortunate to have all these unrelated CI issues. |
|
@AkihiroSuda yes, regression was on docker CLI. |
|
CI for powerpc and s390x are known to have issues /cc @andrewhsu @seemethere. |
|
This has broken master on Windows: |
|
@jhowardmsft Thanks. Sorry about that. Windows CI was green :( |
|
@tiborvass Yes, the CI servers have (and need) git installed :/ |
| @@ -8,10 +8,12 @@ import ( | |||
| "github.com/docker/docker/api/types" | |||
| "github.com/docker/docker/api/types/backend" | |||
| "github.com/docker/docker/builder" | |||
| buildkit "github.com/docker/docker/builder/builder-next" | |||
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This PR adds experimental support for using moby/buildkit as a backend for
docker build. #32925 #34227The support is only enabled in the experimental daemon, and user needs to opt-in in docker/cli to start using it.
Docker CLI branch with BuildKit support enabled is in https://github.com/tonistiigi/docker-cli/tree/experimental-buildkit
In the API,
versionfield allows switching between different build backends.This enables lots of new capabilities, including parallel build steps and requests, skipping unused stages, efficient incremental builds, build context file detection, remote cache support, graceful cancellation, build cache issues, etc. It also enables using experimental Dockerfile features without requiring to update Moby by using the BuildKit frontend images.
The technical side of this integration is a temporary (and somewhat limited) solution as BuildKit is based on containerd storage and that has not been integrated into Moby yet. The current solution provides adapters to some components to provide compatibility between things like containerd snapshots and Moby layerstore/storage drivers or image store. When containerd storage support lands in Moby, all these adapters should be removed entirely, and BuildKit can use containerd directly. This temporary solution allows us to get feedback before we feel comfortable to move it out of experimental.
The tests will not currently use BuildKit in the PR as it requires opt-in and a new CLI binary. We have run the tests manually. Some of them need to be reworked for output change or a side-effect removal. We will continue addressing some of the test results that we are still investigating.
Known issues (some of them will not make it into 18.06 release):
system dfandsystem prunework)pulling schema1 images during buildautomatic path detection in dockerfile doesn't detect unused symlinks--pull(currently existing images in image store always take precedence)--iidfileis not enabled in CLI--cache-from.@tiborvass @AkihiroSuda
depends on #36895