62 lines
2.5 KiB
Markdown
62 lines
2.5 KiB
Markdown
# Container Images
|
|
|
|
This directory contains all images used by tests.
|
|
|
|
Note that all these images must be pushed to the testing project hosted on
|
|
[Google Container Registry][gcr]. This will happen automatically as part of
|
|
continuous integration. This will speed up loading as images will not need to be
|
|
built from scratch for each test run.
|
|
|
|
Image tooling is accessible via `make`, specifically via `tools/images.mk`.
|
|
|
|
## Why make?
|
|
|
|
Make is used because it can bootstrap the `default` image, which contains
|
|
`bazel` and all other parts of the toolchain.
|
|
|
|
## Listing images
|
|
|
|
To list all images, use `make list-all-images` from the top-level directory.
|
|
|
|
## Loading and referencing images
|
|
|
|
To build a specific image, use `make load-<image>` from the top-level directory.
|
|
This will ensure that an image `gvisor.dev/images/<image>:latest` is available.
|
|
|
|
Images should always be referred to via the `gvisor.dev/images` canonical path.
|
|
This tag exists only locally, but serves to decouple tests from the underlying
|
|
image infrastructure.
|
|
|
|
The continuous integration system can either take fine-grained dependencies on
|
|
single images via individual `load` targets, or pull all images via a single
|
|
`load-all-images` invocation.
|
|
|
|
## Adding new images
|
|
|
|
To add a new image, create a new directory under `images` containing a
|
|
Dockerfile and any other files that the image requires. You may choose to add to
|
|
an existing subdirectory if applicable, or create a new one.
|
|
|
|
All images will be tagged and memoized using a hash of the directory contents.
|
|
As a result, every image should be made completely reproducible if possible.
|
|
This means using fixed tags and fixed versions whenever feasible.
|
|
|
|
Notes that images should also be made architecture-independent if possible. The
|
|
build scripts will handling loading the appropriate architecture onto the
|
|
machine and tagging it with the single canonical tag.
|
|
|
|
Add a `load-<image>` dependency in the Makefile if the image is required for a
|
|
particular set of tests. This target will pull the tag from the image repository
|
|
if available.
|
|
|
|
## Building and pushing images
|
|
|
|
All images can be built manually by running `build-<image>` and pushed using
|
|
`push-<image>`. Note that you can also use `build-all-images` and
|
|
`push-all-images`. Note that pushing will require appropriate permissions in the
|
|
project.
|
|
|
|
The continuous integration system can either take fine-grained dependencies on
|
|
individual `push` targets, or ensure all images are up-to-date with a single
|
|
`push-all-images` invocation.
|