diff --git a/docs/reference/buildx_create.md b/docs/reference/buildx_create.md index 4b92923db51..136a340668e 100644 --- a/docs/reference/buildx_create.md +++ b/docs/reference/buildx_create.md @@ -90,6 +90,22 @@ configuration file specified by [`--buildkitd-config`](#buildkitd-config). See --buildkitd-flags '--debug --debugaddr 0.0.0.0:6666' ``` +#### BuildKit daemon network mode + +You can specify the network mode for the BuildKit daemon with either the +configuration file specified by [`--buildkitd-config`](#buildkitd-config) using the +`worker.oci.networkMode` option or `--oci-worker-net` flag here. The default +value is `auto` and can be one of `bridge`, `cni`, `host`: + +```text +--buildkitd-flags '--oci-worker-net bridge' +``` + +> **Note** +> +> Network mode "bridge" is supported since BuildKit v0.13 and will become the +> default in next v0.14. + ### Set the builder driver to use (--driver) ```text diff --git a/go.mod b/go.mod index f666eb5b689..b71467ce8ef 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/google/uuid v1.5.0 github.com/hashicorp/go-cty-funcs v0.0.0-20230405223818-a090f58aa992 github.com/hashicorp/hcl/v2 v2.19.1 - github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126 // master (v0.13.0-dev) + github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2 // master (v0.13.0-dev) github.com/moby/sys/mountinfo v0.7.1 github.com/moby/sys/signal v0.7.0 github.com/morikuni/aec v1.0.0 diff --git a/go.sum b/go.sum index c0492d3e30c..39d17a8a58c 100644 --- a/go.sum +++ b/go.sum @@ -320,8 +320,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126 h1:aXdgP8jLyDnKEOXis4Aydp4VlXYpg2loUJarhygTOuU= -github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126/go.mod h1:XaLDo1L55QqXS/04FE91+mAbwjkr0vZu9g6zZlzvXL8= +github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2 h1:e3FYb+yyx1SM1w4Mjn8L9WP5h/6u23P/xCAPZXx4m2Y= +github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2/go.mod h1:XaLDo1L55QqXS/04FE91+mAbwjkr0vZu9g6zZlzvXL8= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= diff --git a/tests/build.go b/tests/build.go index ee3cc7a7741..bff441add6a 100644 --- a/tests/build.go +++ b/tests/build.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io" + "net" "os" "path" "path/filepath" @@ -15,6 +16,7 @@ import ( "github.com/containerd/containerd/platforms" "github.com/containerd/continuity/fs/fstest" "github.com/creack/pty" + "github.com/moby/buildkit/util/appdefaults" "github.com/moby/buildkit/util/contentutil" "github.com/moby/buildkit/util/testutil" "github.com/moby/buildkit/util/testutil/integration" @@ -48,6 +50,7 @@ var buildTests = []func(t *testing.T, sb integration.Sandbox){ testBuildOCIExportNotSupported, testBuildMultiPlatformNotSupported, testDockerHostGateway, + testBuildNetworkModeBridge, } func testBuild(t *testing.T, sb integration.Sandbox) { @@ -432,3 +435,54 @@ RUN ping -c 1 buildx.host-gateway-ip.local require.NoError(t, err, string(out)) } } + +func testBuildNetworkModeBridge(t *testing.T, sb integration.Sandbox) { + if sb.Name() != "docker" { + t.Skip("skipping test for non-docker workers") + } + + var builderName string + t.Cleanup(func() { + if builderName == "" { + return + } + out, err := rmCmd(sb, withArgs(builderName)) + require.NoError(t, err, out) + }) + + // TODO: use stable buildkit image when v0.13.0 released + out, err := createCmd(sb, withArgs("--driver", "docker-container", "--buildkitd-flags=--oci-worker-net=bridge --allow-insecure-entitlement=network.host", "--driver-opt", "image=moby/buildkit:master")) + require.NoError(t, err, out) + builderName = strings.TrimSpace(out) + + dockerfile := []byte(` +FROM busybox AS build +RUN ip a show eth0 | awk '/inet / {split($2, a, "/"); print a[1]}' > /ip-bridge.txt +RUN --network=host ip a show eth0 | awk '/inet / {split($2, a, "/"); print a[1]}' > /ip-host.txt +FROM scratch +COPY --from=build /ip*.txt /`) + dir := tmpdir(t, fstest.CreateFile("Dockerfile", dockerfile, 0600)) + + cmd := buildxCmd(sb, withArgs("build", "--allow=network.host", fmt.Sprintf("--output=type=local,dest=%s", dir), dir)) + cmd.Env = append(cmd.Env, "BUILDX_BUILDER="+builderName) + outb, err := cmd.CombinedOutput() + require.NoError(t, err, string(outb)) + + dt, err := os.ReadFile(filepath.Join(dir, "ip-bridge.txt")) + require.NoError(t, err) + + ipBridge := net.ParseIP(strings.TrimSpace(string(dt))) + require.NotNil(t, ipBridge) + + _, subnet, err := net.ParseCIDR(appdefaults.BridgeSubnet) + require.NoError(t, err) + require.True(t, subnet.Contains(ipBridge)) + + dt, err = os.ReadFile(filepath.Join(dir, "ip-host.txt")) + require.NoError(t, err) + + ip := net.ParseIP(strings.TrimSpace(string(dt))) + require.NotNil(t, ip) + + require.NotEqual(t, ip, ipBridge) +} diff --git a/tests/inspect.go b/tests/inspect.go index c7c4df096be..9e9995a3b13 100644 --- a/tests/inspect.go +++ b/tests/inspect.go @@ -17,6 +17,7 @@ func inspectCmd(sb integration.Sandbox, opts ...cmdOpt) (string, error) { var inspectTests = []func(t *testing.T, sb integration.Sandbox){ testInspect, + testInspectBuildkitdFlags, } func testInspect(t *testing.T, sb integration.Sandbox) { @@ -47,3 +48,33 @@ func testInspect(t *testing.T, sb integration.Sandbox) { require.Empty(t, hostGatewayIP, "host-gateway-ip worker label should not be set with non-docker driver") } } + +func testInspectBuildkitdFlags(t *testing.T, sb integration.Sandbox) { + if sb.Name() != "docker-container" { + t.Skip("only testing for docker-container driver") + } + + var builderName string + t.Cleanup(func() { + if builderName == "" { + return + } + out, err := rmCmd(sb, withArgs(builderName)) + require.NoError(t, err, out) + }) + + out, err := createCmd(sb, withArgs("--driver", "docker-container", "--buildkitd-flags=--oci-worker-net=bridge")) + require.NoError(t, err, out) + builderName = strings.TrimSpace(out) + + out, err = inspectCmd(sb, withArgs(builderName)) + require.NoError(t, err, out) + + for _, line := range strings.Split(out, "\n") { + if v, ok := strings.CutPrefix(line, "BuildKit daemon flags:"); ok { + require.Contains(t, v, "--oci-worker-net=bridge") + return + } + } + require.Fail(t, "--oci-worker-net=bridge not found in inspect output") +} diff --git a/tests/integration.go b/tests/integration.go index 239e9b4f74e..335b757c3d9 100644 --- a/tests/integration.go +++ b/tests/integration.go @@ -47,8 +47,10 @@ func buildxCmd(sb integration.Sandbox, opts ...cmdOpt) *exec.Cmd { } if builder := sb.Address(); builder != "" { - cmd.Args = append(cmd.Args, "--builder="+builder) - cmd.Env = append(cmd.Env, "BUILDX_CONFIG=/tmp/buildx-"+builder) + cmd.Env = append(cmd.Env, + "BUILDX_CONFIG=/tmp/buildx-"+builder, + "BUILDX_BUILDER="+builder, + ) } if context := sb.DockerAddress(); context != "" { cmd.Env = append(cmd.Env, "DOCKER_CONTEXT="+context) diff --git a/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults.go b/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults.go new file mode 100644 index 00000000000..d4b6258caa2 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/appdefaults/appdefaults.go @@ -0,0 +1,6 @@ +package appdefaults + +const ( + BridgeName = "buildkit0" + BridgeSubnet = "10.10.0.0/16" +) diff --git a/vendor/modules.txt b/vendor/modules.txt index e5ab1c5bda6..c6aad70306f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -509,7 +509,7 @@ github.com/mitchellh/mapstructure # github.com/mitchellh/reflectwalk v1.0.2 ## explicit github.com/mitchellh/reflectwalk -# github.com/moby/buildkit v0.13.0-rc1.0.20240221065707-db304eb93126 +# github.com/moby/buildkit v0.13.0-rc1.0.20240222164755-8e3fe35738c2 ## explicit; go 1.21 github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/types