c60613475c
This change moves all Docker images to a standard location, and abstracts the build process so that they can be maintained in an automated fashion. This also allows the images to be architecture-independent. All images will now be referred to by the test framework via the canonical `gvisor.dev/images/<name>`, where `<name>` is a function of the path within the source tree. In a subsequent change, continuous integration will be added so that the images will always be correct and available locally. In the end, using `bazel` for Docker containers is simply not possible. Given that we already have the need to use `make` with the base container (for Docker), we extend this approach to get more flexibility. This change also adds a self-documenting and powerful Makefile that is intended to replace the collection of scripts in scripts. Canonical (self-documenting) targets can be added here for targets that understand which images need to be loaded and/or built. PiperOrigin-RevId: 308322438 |
||
---|---|---|
.. | ||
basic | ||
default | ||
iptables | ||
packetdrill | ||
packetimpact | ||
runtimes | ||
BUILD | ||
Makefile | ||
README.md |
README.md
Container Images
This directory contains all images used by tests.
Note that all these images must be pushed to the testing project hosted on [Google Container Registry][gcr]. This will happen automatically as part of continuous integration. This will speed up loading as images will not need to be built from scratch for each test run.
Image tooling is accessible via make
, specifically via tools/images.mk
.
Why make?
Make is used because it can bootstrap the default
image, which contains
bazel
and all other parts of the toolchain.
Listing images
To list all images, use make list-all-images
from the top-level directory.
Loading and referencing images
To build a specific image, use make load-<image>
from the top-level directory.
This will ensure that an image gvisor.dev/images/<image>:latest
is available.
Images should always be referred to via the gvisor.dev/images
canonical path.
This tag exists only locally, but serves to decouple tests from the underlying
image infrastructure.
The continuous integration system can either take fine-grained dependencies on
single images via individual load
targets, or pull all images via a single
load-all-images
invocation.
Adding new images
To add a new image, create a new directory under images
containing a
Dockerfile and any other files that the image requires. You may choose to add to
an existing subdirectory if applicable, or create a new one.
All images will be tagged and memoized using a hash of the directory contents. As a result, every image should be made completely reproducible if possible. This means using fixed tags and fixed versions whenever feasible.
Notes that images should also be made architecture-independent if possible. The build scripts will handling loading the appropriate architecture onto the machine and tagging it with the single canonical tag.
Add a load-<image>
dependency in the Makefile if the image is required for a
particular set of tests. This target will pull the tag from the image repository
if available.
Building and pushing images
All images can be built manually by running build-<image>
and pushed using
push-<image>
. Note that you can also use build-all-images
and
push-all-images
. Note that pushing will require appropriate permissions in the
project.
The continuous integration system can either take fine-grained dependencies on
individual push
targets, or ensure all images are up-to-date with a single
push-all-images
invocation.